Reddit Verify Your Age

Any links to online stores should be assumed to be affiliates. The company or PR agency provides all or most review samples. They have no control over my content, and I provide my honest opinion.

With the rollout of the Online Safety Act in the UK, it is now necessary to provide identification to websites when viewing certain types of material.

The intention is to prevent children from accessing harmful material, but the system is so poorly thought-out that it is easy to bypass with a VPN, and its broad reach means a lot of relatively normal content gets filtered out.

Recently, my partner complained that she was unable to access the True Crime subreddit due to this restriction. I could have set up a VPN on her phone and tablet to bypass this, but I doubt she would ever use it, as it would be too much of a hassle for her.

Table of Contents

VPN Reviews

The following are all a few years old, but they should still be relevant.

UniFi UCG Max with Granular Control over VPN with Policy-Based Routing

I have the superb UniFi UCG Max for my home router, and it offers plenty of VPN options, including the ability to route traffic through third-party VPNs.

Additionally, your policy-based routing options enable you to use the VPN for specific devices or websites.  

I am currently using Surfshark for my VPN, which makes it very easy to set up router VPN connections. You set it up on the Surfshark website, then download the configuration file and import it into Unifi. That’s basically it.

At first, I used the simplest solution: I set my partner’s devices to use Surfshark routing through Ireland, the closest country that doesn’t implement the Online Safety Act.

It did a great job of unblocking the subreddit she wanted, but, as all her traffic was routed through Surfshark, when she accessed things like Google, she consistently hit bot challenges.

I then tried to route traffic based on domains only, so anytime we accessed Reddit, it would go through Surfshark. But, it just wouldn’t work. I thought that it was a Reddit subdomain like redditmedia.com or redditstatic.com that was causing the issue, but these didn’t work either.

External DNS, like AdGuard Home and PiHole, Breaks Domain-Based Policy Routing

Eventually, I realised it was because I use AdGuard Home for my DNS.

Since traffic reaches AdGuard first, it ultimately bypasses the domain-based policy routing.

Using the Unifi UCG Max as the DNS server resolves the problem, but I don’t like the ad-blocking options with Unifi.

Eventually, after some Googling (ChatGPT was useless for this), I found that you can tell AdGuard to route certain requests through a different DNS.

Aguard Domain Based Routing

So, in the case of Reddit, it is a simple link you need to add to the upstream DNS servers:

[/reddit.com/]192.168.0.1 (or whatever the IP address of your gateway is)

So, when a device requests Reddit, the DNS request goes through the Unifi and the policy-based routing works.

While I don’t use PiHole at home, it is possible to do the same with this, albeit slightly more complicated.

The guides below should help you set up everything.

Setting up the VPN Configuration File in Surfshark

Surefshark 1
Surfshark 2

With Surfshark, the process is simple:

  1. Go to Manual set-up – I prefer WireGuard
  2. Select I don’t have a key pair (assuming you haven’t done this before)
  3. Name your connection
  4. Click generate keypair. You can then copy the public and private key, but this is not needed if you download the conf file.
  5. Choos location
  6. This then opens the configuration file data, and you can download the file

Setting up VPN in Unifi

Unifi VPN

For the initial setup of the VPN in Unifi, you need to:

  1. Go to Settings > VPN > VPN Client
  2. Create VPN
  3. Leave Wire Guard selected and name the VPN
  4. Upload the file
  5. Click Apply Changes

One caveat with the configuration files is that if you upload two different Surfshark files, you will get a warning that the subnet with the other VPN overlaps

Unifi Policy-Based Routing for specific Domains to VPN interface with AdGuard Home DNS

For Aguard, this is quite simple:

  • Log in to AdGuard
  • Go to Settings > DNS Settings
  • Then, in Upstream DNS servers, add domains you want to route through the VPN using:
  • [/domain.com/] IP  address of Unifi gateway, so for me that would be:
[/reddit.com/]192.168.0.1

Unifi  Policy-Based Routing for specific Domains to VPN interface with PiHole Home DNS

A caveat for this guide is that I don’t normally use PiHole. I installed it on Proxmox using Helper Scripts. I used ChatGPT to assist me, and it works, but there may be a more effective solution.

This is slightly more complicated, but still easy. With the Helper Script installation on Proxmox, there is no sudo to create files/directories

Do this (no sudo needed):

  1. Create the dnsmasq include directory
mkdir -p /etc/dnsmasq.d
  1. Create the custom routing file
cat > /etc/dnsmasq.d/99-reddit-override.conf <<'EOF'
server=/reddit.com/192.168.0.1
server=/redd.it/192.168.0.1
server=/redditmedia.com/192.168.0.1
server=/redditstatic.com/192.168.0.1
EOF

(If you prefer nano: nano /etc/dnsmasq.d/99-reddit-override.conf, paste the lines, save.)

Notes:

  • Pi-hole/FTL reads all *.conf files in /etc/dnsmasq.d — this is the correct place for per-domain upstream rules (server=/domain/UPSTREAM).
  • If you installed Pi-hole via Docker, run these commands inside the container (or map the directory as a volume).
  • This approach affects all clients using your Pi-hole. If you want this only for specific devices, say and I’ll show a per-client method.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *