BBC iPlayer VPN blocking
-
Hi all,
I've recently set up my pFsense and have successfully routed all web traffic in my home over OpenVPN. I'm based in the UK, and use a UK server, so everything works as if the pfsense box is not there…. except now for BBC iPlayer.
As the BBC have taken the initiative (no doubt with some coercion from GCHQ) to block all IP's relating to VPN providers, whether UK based or not, what I want is the following:
To continue to tunnel ALL network traffic over VPN, unless it contains "www.bbc.co.uk/iplayer*"
That will mean that all android / iphone apps (which somehow still work over VPN) will be unaffected, but any PC accessing iPlayer will do so outside of the VPN tunnel.Is this possible (and HOW?) / advisable, or will it somehow void all the security gained by using a VPN in the first place?
Many thanks,
Tom. -
You could create an alias for www.bbc.co.uk, which will populate the alias with all those IP addresses and keep them automatically updated.
Then put a rule above your VPN rule that routes traffic to that destination to the proper gateway or default.
It won't be specific to the /iplayer URL but it should fix your problem.
-
Thanks, I will give that a try.
-
Note that you also have to pass any other sites that are referred by that site. It's pretty much a rabbit hole.
-
apologies for dragging up an old thread but I'm trying to do exactly the same here. My VPN is up and running fine but even after I've added in a firewall rule to bypass it for a www.bbc.co.uk alias it still uses the VPN.
Have attached screen of my rules and NAT if anyone can see anything obvious… ?
-
Did either of you get this to work?
-
Needs network logs to be sure, but my guess would be that the BBC Alias is probably working for the iPlayer website site itself, but the video content traffic uses an ISP Cache or generic Internet Cache that doesn't contain the bbc.co.uk url.
When accessing iPlayer via my VirginMedia broadband connection, the video content comes from a VM Cache.
Something like this using TCPDUMP on the LAN.
15:24:14.551998 IP pwood-PC.wood.12375 > host-82-20-175-219.not-set-yet.virginmedia.net.http: Flags [.], ack 1682578, win 65522, length 0
15:24:14.552064 IP host-82-20-175-219.not-set-yet.virginmedia.net.http > pwood-PC.wood.12375: Flags [.], seq 1682578:1684026, ack 1126, win 2776, length 1448
15:24:14.552312 IP host-82-20-175-219.not-set-yet.virginmedia.net.http > pwood-PC.wood.12375: Flags [.], seq 1684026:1685474, ack 1126, win 2776, length 1448
15:24:14.552324 IP host-82-20-175-219.not-set-yet.virginmedia.net.http > pwood-PC.wood.12375: Flags [.], seq 1685474:1686922, ack 1126, win 2776, length 1448
15:24:14.552505 IP pwood-PC.wood.12375 > host-82-20-175-219.not-set-yet.virginmedia.net.http: Flags [.], ack 1686922, win 65522, length 0
15:24:14.552574 IP host-82-20-175-219.not-set-yet.virginmedia.net.http > pwood-PC.wood.12375: Flags [.], seq 1686922:1688370, ack 1126, win 2 -
Did either of you get this to work?
yes i did. I've setup an alias for BBC as per the below screenshots…
It seems to work fine for me - i can leave all IPs on my network connecting via VPN but only BBC sites get routed to bypass the VPN.
I just need to work out/find the IP address range for Netflix now!
HTH
EDIT: just to confirm this works on both iPlayer website on my PC and also on iPlayer app on Samsung TVs. It also unblocks entire BBC website
