amazon prime does not work with pfsense (openvpn)
-
@gcu_greyarea Hi, my vpn provider does not share the DNS servers. They asked to use google dns instead.. which I am already using
-
@DMZ-008 said in amazon prime does not work with pfsense (openvpn):
They asked to use google dns instead.. which I am already using
And you need to make sure the google servers are actually queried via the vpn connection - or your going to get different CDN locations for the vpn region and your location.. Went into great detail on this in my previous post.
-
@bcruze Hi, I agree. This is a pfsense / openvpn configuration issue rather than a vpn provider issue. Something seems to be leaking from pfsense/ openvpn which the dns leak tests are not able to detect but amazon is.
-
@johnpoz Hi..In DNS Resolver, network interface selected are LAN and local host. The outward interface = VPN_WAN. The DNS traffic is going through the VPN tunnel.
-
@gcu_greyarea Hi..I am using server hostname.
sorry..how do I check the destination ip the tunnel is using.
-
If the dns traffic is going through the vpn, and the actual traffic is going through the vpn.. And your being blocked by the streamer.. How do you think it could be a pfsense issue.
But your streamer complains that your using a vpn - how and the hell do you think this has something to do with pfsense?
-
@johnpoz I tried to both ways (dns traffic through tunnel and w/o) ..the end result is the same. I seek opinion from the forum on what pfsense configuration has worked for others.
-
There is no magic here... If all your traffic both dns and actual traffic is going through the vpn.. And the streamer says your using a VPN... Then what do you think you could do on pfsense to circumvent that?
Pfsense is a router/firewall distro... Not sure why the community should help you use the tool to circumvent some streamers geoip restriction policy in the first place to be honest.
Contact your vpn service - since they seem to be in the circumvention business.
Here simple google finds this.
Amazon Prime Video streams great on select US servers. These change occasionally, so we recommend hitting up ExpressVPN’s 24-hour live chat support to ask which servers currently work with Prime Video
As previous stated this is always going to be a wack-a-mole game..
-
@DMZ-008 said in amazon prime does not work with pfsense (openvpn):
sorry..how do I check the destination ip the tunnel is using.
Have a look at the state table. "Show states" on the pfsense Dashboard.
You can then filter by Interface or search for IP Adresses/Ports.
You can see that there are no DNS Requests on the WAN interface, but going through the VPN Tunnel instead (Port 853)
-
Well when I go home in two days I think I will have it working..the android Sony TV is the final test
I read a command used by another provider and it works when I remote into my Mac and use the chrome browser
Read this page : https://openvpn.net/community-resources/pushing-dhcp-options-to-clients/
For the record it has Never worked in chrome before making this change to dns in the advanced configuration window
EDIT.
it still does not work. Amazon Prime and Netflix both detect a VPN. so frustrating and makes NO sense
-
What if we could just allow the amazon server to bypass the vpn, like we could do with selected clients?
I have 1 laptop and 2 tablets that bypasses my vpn. I created a firewall rule to bypass the traffic on those devices though the WAN gateway and made a alias list of those devices.
Is there a way to do that with Prime?
I used packet capture on my device and looks like these are the ip's used by prime, did an arin search and found the net range, which is huge.(54.176.0.0-54.191.255.255) -
@edwardnizz you can check out this video https://www.youtube.com/watch?v=cX1_f-KRJhY
-
I just got my pfSense/NordVPN client setup. I'm routing ALL DNS traffic over the VPN, which I think solves the DNS leak issue. Only selected/tagged/aliased (VPN_HOST) LAN hosts have other TCP4+UDP4 traffic routed through the VPN.
I have verified that no host can access even https://amazon.com until it become a VPN_HOST.
In other words, if the DNS used is somehow whack (sorry I'm missing the lexicon to describe) compared to the WAN IP, amazon is confused.
-
It has nothing to do with Pfsense. It is the server you are connected with ExpressVPN. Go ask ExpressVPN which is a working server connection.
Sometimes the server you get connected is okey and sometimes not.
I had the same exact experience with ExpressVPN. it takes several days to get a good connection and the problem is always on their end. If you ask customer service they will tell you there is nothing wrong on their end which make it so confusing.
Trust me I had the same dilemma. just be patient and wait until those engineers fix it.
-
I seriously doubt this is a pfsense issue, I have this problem and my dns is always routed through cloudflare. I enable vpn and amazon blocks my firestick. I disable vpn and they allow it. My dns is exactly the same in both situations.
The issue is with the vpn providers servers being blocked
https://www.reddit.com/r/nordvpn/comments/bgkw0s/amazon_prime_has_started_blocking_nordvpn_servers/?utm_source=amp&utm_medium=&utm_content=comments_view_all
-
I think it might be possible that it has something to do with pfSense, as my current work-around is to restart the DNS Resolver service. That said, I believe the root issue is that I don't have my DNS configured correctly for what I'm trying to do.
What I'm trying to do is route all traffic (including DNS) from a specific host through a VPN. And I thought I'd like to route all network DNS traffic through the VPN as well (to plug DNS leaks), but now I can see that may cause some issues with some hosts. I followed followed this guide to get as far as I have.
The specific host (it's a Linux VM) is mostly working, but DNS is leaking:
ubuntu@ubuntu-18-04:~$ ./dnsleaktest.sh Your IP: 208.84.155.45 [United States of America AS46562 Total Server Solutions L.L.C.] You use 9 DNS servers: 24.93.50.4 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.5 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.7 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.9 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.12 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.14 [United States of America AS11427 Time Warner Cable Internet LLC] 24.93.50.15 [United States of America AS11427 Time Warner Cable Internet LLC] 24.175.34.39 [United States of America AS11427 Time Warner Cable Internet LLC] 103.86.96.100 [Australia AS36351 SoftLayer Technologies Inc.] Conclusion: DNS may be leaking.And not surprisingly, DNS is leaking for other non VPN LAN clients.
The key configuration points are:
- Services->DNS Resolver->General Settings->Outgoing Network Interfaces: [WAN, VPN_INT]
- Services->DNS Resolver->General Settings->DNS Query Forwarding: [Enable Forwarding Mode]
- System->General Setup->DNS Server Settings->DNS Servers: [VPN DNS1, VPN DNS2]
For item 1 above, I tried to configure without the WAN interface, but that basically shut down all DNS capabilities for clients not using the VPN.
When I look at Status->DNS Resolver, I see my VPN DNS server IP's, and additionally 2 DNS IP's that I assume are from my ISP; not sure how the ISP DNS servers get configured in, but maybe that's the problem?
Thanks!
-
If you want to forward only to specific NS, then turn off getting dns from ISP.
-
I think that is done by setting Services->DNS Resolver->General Settings->DNS Server Override:[OFF]. And then probably Services->DNS Resolver->General Settings->Outgoing Network Interfaces: [VPN_INT] (i.e. VPN only)
Doing that, I was able to get Amazon Prime to work (Roku app), but it seemed slow and wonky (thumbnails didn't display), but whatever I blindly selected did play. I quit the app, and started it again and it seemed okay. However, still on Roku, running the Sling TV and apps that depend on it (ESPN) do not work. Also, connecting to https://www.amazon.com from a PC did not work.
Put the DNS Server Override back on and all is normal. I'm stumped. Any other ideas?
-
I think I figured how to make this work: I configured the DHCP Static mapping for the Roku device to use googles DNS and all is well ... so far.
-
it didn't take long to find something that doesn't work ... I forgot to check if amazon works, and it does not.
That might be a good thing really, but still, I'd rather have it work and it's probably not the only web site that will be an issue.
I don't mind setting DHCP Static DNS settings for a few devices, but more than a few is ugly, and setting google DNS Servers for all clients defeats the purpose.
There must be another way.
