HBO Max stopped working
-
@stephenw10 I don't have any VPN apart from the one for work as im working from home. I only use the work VPN on my work laptop and nothing else. Ive been using Cloudfare DNS through Pi-Holes standard offering for a couple of years. When I turned off my Pi-Hole and re-configured the pfSense software, I went back to using my ISP's DNS servers. As far as I know, my fiber router is not IPv6 capable and my ISP doesn't provide IPv6 at all, because I tried to get an IPv6 address a few years ago and they told me they didn't support it (back then at least).
-
@steveits Sorry for the confusion in my post...When I say i'm using Tor, I meant I host a Tor Relay service which is running on a Raspberry Pi. I am not using Tor on my PC's nor on the router. I just thought that it wasn't outside the realm of possibility that something somewhere had detected that I was a "Tor Relay" and had therefore blocked my IP address.
I am going to try forcing my ISO to give me a new IP address (it's a dynamic address, not a fixed IP address), which they tell me will happen if I turn off my fiber modem for 24 hrs. At the moment, that's my next step.
-
Scrap that: Just realised that my IP cannot be blocked, because if I plug my laptop into the fiber box on the same ethernet port as the pfsense router was plugged into, then HBO Max works fine. That, more than anything points to it being a problem with the pfsense configuration in some way.
And regarding the pfsense; as I said, i've done a fresh installation with default everything. The only thing I have configured is hostname/domain name, and im using my ISP's DNS servers.
-
I would definitely check to make sure your ISP isn't passing an IPv6 address to pfSense. Because that is something that would be different between just using the ISP router directly and using pfSense.
Are you sure you are using the ISPs DNS servers in both cases?
-
@stephenw10 I disabled all IPv6 traffic in System|Advanced|Networking (just the one tick box), disconnected my stationary PC, reconnected to the network and launched Firefox and browsed to HBO's website. I still get the "oops something went wrong" message. Im definitely using my ISP's DNS servers. The router shows them in the Dashboard (127.0.0.1 first), and i've also tried setting those ISP provided DNS servers manually on my stationary PC's Wired ethernet settings and tried 8.8.8.8, 9.9.9.9 and 1.1.1.1. I flush the DNS cache in-between tries just to make sure, but still getting the same error.
-
@finite9 said in HBO Max stopped working:
The router shows them in the Dashboard (127.0.0.1 first)
That doesn't mean they are being used, pfSense will use Unbound to resolve directly by default and clients behind it will use use that.
However if you've set DNS servers on the clients directly that would have worked.Is the upstream device a modem or a router? If it's a modem then the client connected to it directly could have pulled a different public IP than pfSense because of the different MAC address. You could try spoofing the MAC address on the pfSense WAN interface if that's the case.
-
@finite9
Some more testing :
When you connect your laptop directly to your fibre box, 'nslookup' or 'ping' to the "HBO Max" URL that's being used : you get an IPv4.
Run ipconfig /all on your laptop - keep the results.
Also : visit http://checkip.dyndns.org and take note of your WAN IPv4.Now, connect your laptop to the pfSense LAN.
Flush the laptops local DNS cache (windows : execute ipconfig /flushdns )
Do the 'ping' or 'nslookup' (better) again.Do you get the same IPv4 ?
Run ipconfig /all on your laptop - compare with what you had before.
Check http://checkip.dyndns.org again, and see that your WAN IPv4 is the same as above.
-
@gertjan hi, thanks...getting somewhere...
[https://paste.centos.org/view/48723c71](link url)
my laptop public ip is differnt when on ethernet to fiber modem compared to through pfsense, which is to be expected, but pinging play.hbomax.com gives completely different IP address. Not sure why. Ive not got any other DNS service apart from what the ISP is providing.
-
@finite9 if you check a site like https://www.iplocation.net/ are your two IPs in different areas?
Re HBO, it’d not be surprising for it to connect to different IPs, there are many reasons for that.
-
@finite9 Do have any filter lists active on pfSense like "pfBlockerNG"?
My experience with some other streaming services and the message " something went wrong" was, that some web address was blocked by a filter on pfSense. Once white-listed everything works fine.
Check you Firewall or pfBlocker logs, while trying to connect to HBO. -
@finite9 said in HBO Max stopped working:
my laptop public ip is differnt
Really ??? You have a "public ip" (NON RFC1918) on the NIC of your portable ?? That's extremely rare.
And close to impossible.
It would be possible if you've set up a pppoe type connection on your laptopn, and you hook up the LAN port bort (not wifi !) to the ISP modem Take note that a modem device is not like a router.
See it as cars and planes, both are used to move people, but the way the work is is very different (ok, I admit, a plane can be 'driven' ;) ).You should have a RDC1918, like 192.168.10.x on your laptop when you connect it to your ISP router, and another RFC1918, like (the default) 192.168.1.y when you connect your laptop to the LAN interface of pfSense.
The WAN interface of pfSense is most probably also a RFC1918 like 10.0.0.z
Only your ISP router (not modem) can have an "public ip", and that will be the one you see when you visit https://www.iplocation.net/ or http://checkip.dyndns.org
So, what is it ?
edit : btw : pfblockerng-devel can do many things, but it won't make your device's IP change.
pfblockerng-devel can not influence what is been done by DHCP (client). So, IP, gateway (dns) assignment will happen as always. -
@gertjan said in HBO Max stopped working:
Really ??? You have a "public ip" (NON RFC1918) on the NIC of your portable ?? That's extremely rare.
And close to impossible.Not if the ISP device is really a modem and not a router. That's exactly what will happen. And because the client has a different MAC it will pull a different IP as long as the ISP doesn't lock to the connection to a single MAC. Which it appears it does not.
So @finite9 it appears HBO is in fact blocking your IP and the test you did for that was invalid.
Try spoofing the MAC address on the pfSense WAN so it gets a different IP and see if that solves it.Steve
-
@gertjan I think you've misinterpreted my post, and I may have been guilty of using the wrong terminology. I meant that the IP address that my ISP assigns to my router, which is something like 82.45.122.23 for example. I used this terminology just to differentiate between the address my ISP gives me, and an internal LAN address like 192.168. My apologies if I used confusing terminology.
Btw, as I mentioned, I have re-installed pfsense from scratch with basically default values for everything. It is a completly unaltered default config apart from the name and domain name. I have not added or configured any packages, esp. not pfblocker.
-
@stephenw10 Yes, it is looking like HBO has done something. Literally every other thing on the Internet is working. Including Netflix, Disneyplus, Amazon Prime Video, and Apple TV streaming services--they are all working as expected. Until a few days ago HBO Max also worked as expected. HBO support passed the case to IT, and they replied that they were not blocking my IP. How they tested that, or if their checks were thourough, is anybody's guess.
I'll spoof the MAC and see what happens. thanks for the tip.
-
@stephenw10 said in HBO Max stopped working:
Not if the ISP device is really a modem and not a router.
I have no idea if the device is a modem or a router. It's a CTS HES-3106.
I remember when I first got it that I was able to connect to 192.168.1.1 on port 80 when I plugged a laptop straight into it, and I could login to the web gui interface. It looked...complicated... even for me. These days they must have locked that out in a fw upgrade because I just cannot access the web gui anymore.
-
The pfSense WAN gets a public IP directly though right? So even if it's a router it's bridging the connection to act as a modem only.
If the public IP the host got when you connected it directly to the ISP device was different to that which pfSense receives then it's almost certainly HBO blocking your IP. Spoofing the pfSense WAN MAC should resolve that by pulling a different public IP.Steve
-
@stephenw10 I spoofed the MAC, plugged in cable again, could see I got a new IP from my isp modem, HBO Max now works again. Def. looks like I was blocked, but they either could not see that or didn't look hard enough. Why they blocked me is completely unknown. Unless itäs because I was running a Tor Relay on a Raspberry Pi on my network?
-
Surprising if it isn't an exit node but....
The IP might be on a more general list though I'd expect more sites to be rejecting it if that were the case. You have no problem connecting here for example and we use a number of anti-spam lists. I'd have to guess it was flagged by HBO somehow. Too many clients? Logins from multiple locations? But that really is a guess. -
Does anyone have an IP list for HBO Max to whitelist in PfSense?
