How can I block a certain website using url filter capability of my router even if I'm connected to a VPN?
In another attempt to reach the goal that I had in the following question, how can I block a certain website using hosts file even if I’m connected to a VPN?
I tried to enable url filter capability of my ASUS Wireless Router:
But that also does only work when I’m not connected to a VPN. What can I do about it?
Short answer: That's impossible
Long answer: The purpose of VPN is to create an end-to-end connection in which the contents of the connection is encrypted and inaccessible to the outside world, hence a virtually private connection. Now you want to defeat the very purpose of this type of networking and peek inside the VPN? Well, you can't; at least you need a supercomputer instead of router, with the ability to break the encryption. You can only filter the connection at its endpoints, i.e. either before the request goes through VPN or after it comes out of it.
If you are connected to a VPN outside of your network and you want to filter out websites, you need to place your router in the middle:
Your computer - Your router - VPN Server
Otherwise your router will only see data garbage and will not be able to filter out anything.
To understand what a VPN does, look at the following:
Without a VPN a normal connection looks like this (simplified)
You (your computer) requests content from www.website.com
Your router forwards a request from your internal IP to www.website.com
www.website.com sends the requested data back to your router
Your router sends the data to your internal IP
If you would want to block websites, your router would be able to block www.website.com because the router is able to deny or allow connections to www.website.com because the router is able to see where the connection is coming from and where it is supposed to go.
With a VPN however:
Your computer connects to the VPN and encrypts the whole connection
Your computer send an encrypted request to the VPN Server
Your router forwards a request from your internal IP to the VPN Server. The router does not know where you really want to go as the router can only see the VPN-Server in the initial request
If you would want to block certain websites you would need the router in the same network as otherwise the router would only see encrypted data.