Hulu traffic
-
I currently am setup to have all my outbound NAT traffic going through the OpenVPN client to a VPN service provider. However I am having trouble using Hulu with the VPN.
I would like to direct pfSense to send all my hulu traffic out my WAN interface and have everything else still going over the VPN.
Any help would be gladly accepted.
-
You need to make an alias for the various Hulu domains and make a firewall rule on LAN to filter requests to those hosts through WAN.
1. Here is an overly comprehensive FQDN list gathered using the debugger in my browser. I haven't found the time to figure out which domain(s) actually does the checking or thoroughly checked function yet.
Put each on a separate line in an alias. Call it whatever you want, HuluBypassVPN for example.
www.hulu.com
secure.hulu.com
secure.huluim.com
mozart.hulu.com
static.huluim.com
tempo.hulu.com
tempo-fallback.hulu.com
assets.hulu.com
assets.huluim.com
play.hulu.com
s.hulu.com
t.hulu.com
p.hulu.com
pt.hulu.com
urlcheck.hulu.com
ib.hulu.com
ib1.huluim.com
ib2.huluim.com
ib3.huluim.com
ib4.huluim.com
ss-e-darwin.hulu.com
fa.hulu.com
t2.hulu.com
a.huluad.com
vortex.hulu.com
ibhuluimcom-a.akamaihd.net
assetshuluimcom-a.akamaihd.net
a248.e.akamai.net2. Add a rule to the Firewall in LAN.
Leave it set as pass.
Set protocol as any.
Leave source set as any.
Set destination as single host or alias and type in your alias name (in this example, HuluBypassVPN)
Set Gateway to WAN.
Save.
Move the new rule to the top of the list and hit the Apply button. All done.
I have my machines set to static DHCP addresses and have an alias for them which I have set as source in the firewall rule.
The only concern is that these domains sometimes come from different IPs and PFSense only refreshes them every 5 minutes. So, you may hit a snag on reloading the page or switching devices more often. Hulu generally doesn't use more than 2 IP's per domain however, so maybe refreshing the page will fix it. The interval pfSense updates FQDN IPs can be manually set under System > Advanced on the Firewall/NAT tab as well.
UPDATE: Hulu uses Akamai now for picture, beacons, and the ib* content. This makes it harder to use FQDN. Hulu is using every trick they can think to push evercookies based on your useragent, in your flash storage, DOM, etc. While this likely still works for apps on TV and devices, it is not recommended to use Hulu on your daily web browser. My personal recommendation is to get a streaming device like Firestick, Roku, etc and set it to a static IP and then direct the device to bypass the VPN entirely to stream your blocked content from Hulu, Amazon Video, Netflix, etc. It's simple that way.
-
Thanks for the tip! It appears this still works. Taking a slightly different approach worked for me, too.
I have a dual WAN setup at home and use load balancing (round robin). 99% of services work just fine with this. But I was struggling with the "not at your home location" error on Hulu. I got around it by forcing auth.hulu.com and home.hulu.com traffic out my primary internet circuit. All other Hulu traffic seems to load balance just fine.
If anything the suggestion above will work but you'll need to add the two new domains.