Netflix and Hulu won't stream, Prime video will.
-
mine has worked like this for years with multiple vpn tunnels going
firewall > rules > lan >
!services > DHCP server :
-
I tried to copy that idea, but I got this error;
What does the static mapping part do? I basically have the same setup in the Firewall rules, except I'm using an Alias rather than the specific device.
-
Static mapping allows you to specify the dns server
Lower your dhcp pool, or change the tv to its own individual address, then remove it from the alias
-
OK, I tried all that.
I excluded the TV from DHCP pool, then did everything else as you suggested, even used Google (8.8.8.8) in the DNS field. The only thing different is I don't have a host name, as the device doesn't seem to have a host name of it's own.
But in any event, no change. I can stream Prime, can't stream Netflix or Hulu.
Edit: Just stumbled onto another bit of weirdness. My wife was able to get Hulu working on her phone, which is running through the VPN, so I suspended all the VPN bypass rules for now, and Hulu will now stream, through the VPN on all the TVs in the house.
Very perplexing now.
-
So I understand : why would specifying another DNS server to device work in this case ?
Unbound will do what 8.8.8.8 does : resolving - it just takes one more step,Netflix, to name an example, doesn't care that you obtained their IP from DNS server A or B ....
It's know that Netflix uses a 'database' with IP's to where it doesn't stream. Most VPN - if not all - are on that list.
I never used this myself, but I understood that one need to "policy route" so that some devices do not use the outgoing VPN route.
-
It didn’t sound like it was resolving dns, I’ve seen smart tv do this before. Your right he could have something changed in his resolver Setup...
This is very unusual
I created the host name myself just so you know
-
You made sure your not pulling routes from your vpn right? Your not going to want the default to go out your vpn, your going to want to policy route stuff you want to go out the vpn.
-
As best as I understand this, I've barred the Client from pulling routes, so nothing should get "sucked in" as it were.
-
In most cases Netflix is not going to work through the VPN. I would assume the same for Hulu.
You need to setup policy based routing so that the traffic for the devices you are viewing netflix on are using the WAN gateway. When you setup your firewall rule make sure it's above the rule sending the traffic to the VPN gateway.
Once you get that working you could work on separating the netflix traffic from the other smart tv traffic with netflix going to the wan and all the other going to the vpn but that's going to be a little complicated, and probably not worth the effort.
Also, a lot of these smart devices have a dns address hard coded into them. For example, I've tried forwarding DNS traffic from my roku to the forwarder in pfsense and it did not work. I don't recall the exact error but it was related to the connection.
-
I've already done that, I covered it in my first post. I have an Alias and Rules to send the TV's over WAN, bypassing the VPN.
It would make some sense for these devices to have DNS addresses coded in, otherwise how would they connect, especially over random consumer setups which they can't predict? I don't see how that would be a problem though, considering these devices work just fine on my consumer router, and even worked for a day with my setup on pfsense, so whatever DNS address it's using, it's fine. The problem isn't the television AND the Firestick, that would be a coincidence, and like Dr. House, I don't believe in coincidences.
-
For what it's worth, I think I've completely ruled out the VPN. If I disable all the firewall rules, I have the same issues with Netflix and Hulu not streaming. I look at the traffic graph and it just looks like it's not even trying. But Prime works fine, the internet at large works fine, I streamed videos from YouTube all day today (through VPN) though I just tested it and it'll stream YouTube just fine without the VPN rules active.
-
When you stream does it stop because it’s detecting a proxy?
Can you view the Netflix initial screen and tap your account when you open it?
Your gonna have to post some screen shots of your config other wise we are all just pointing and guessing / working blindly
-
When I run it through the VPN, yes. When I bypass the VPN, no.
Nobody has asked for screenshots yet, so what do you want to see?
This?
This?
That?
Thus?
Other?
-
Maybe post some pics of your unbound settings.
Are you doing DNS redirecting? From your posts it doesn't sound like you are but I know some of the guides for setting up VPN client include the steps for redirecting DNS and sending the requests over the VPN.
-
I'm not sure what an unbound setting is, so I'm going to have to assume it's set to default, or I just don't understand what you mean.
Basically, everything is default, other than what the NordVPN guide said to do, plus some extra steps for setting up the alias/Rules to allow specific devices to bypass the VPN.
I haven't had a chance to get any further into personalizing my pfsense setup, and do stuff like add packages, or shape traffic, or monitor or anything, because I'm still trying to get through the metaphorical front door. The setting up of the VPN was the first "unique" thing I've tried, and I'm think I've got that part working, but something else, besides the VPN is giving me issues.
Edit:
I'll take my best stab at it, based on the NordVPN guide, this stuff?
-
The resolver screen shot is what I was looking for, you got it. Can you post your Port Forward screen as well to see if you are doing any redirecting?
For troubleshooting I would recommend reverting the settings in the resolver back to their defaults. Or at a minimum I would set the outgoing network interface to WAN.
As an alternative to using the VPN for your DNS traffic you could do DNS over TLS to cloudflare or quad9. That should keep your ISP from snooping on your DNS queries and you would still be able to resolve DNS if your VPN went offline for some reason.
-
-
That helps but what I was asking for is under firewall\nat\port forward.
-
Oh I haven't done anything in there, it's empty.
OK, so I'm gonna try the troubleshooting bit you mentioned. I'll try setting outbound to WAN
-
OK then, it's working. Changing that to WAN works.
Does this mean the VPN is now being fully bypassed by everything? Or do the rules/aliases still count?
