Routing Disney+/Netflix Over Non-VPN Interface
-
@jstride Do you mean by choosing a custom gateway? I only get the option to use "default" in the advanced outbound firewall rule settings. Apologies for the elementary question, but I did my best googling and RTFMing for outbound autorules and no luck. It doesn't help I've got a significant other really bothered we're not able to have our regular Netflix/Disney+ content.
-
@satisifed-stew have you got multiple gateways configured (not just the OPT2 interface)? You should see them in System> Routing > Gateways.
FYI in case you need Disney+ - this is what works for me:
-
@jstride I've got WAN and OVPNC gateways for both IP protocols. Thanks for the insight to the Disney+ rules, I'll make sure I have those as well
-
@jstride looking into it further, in the pfBlocker Alerts it's showing that it's allowing traffic from my devices out to an AWS server (which I assume is netflix, given the time of the logs are identical each time I visit Netflix), so I think I have the outbound connection setup properly.
-
So after some additional troubleshooting, I found my fat finger moment and got Netflix back up and working so that the content would stream from the website. However, it still appears to think I'm behind a VPN as not all of the content is still available. I did a PCAP and validated the content is coming through the LAN. I've applied the all of the ASNs @jstride/@TheNarc recommended, minus the Amazon ones, at the moment since @jstride mentioned he got his Netflix working without the AWS.
I would appreciate if someone could point me in a direction to do some additional research as my SO is still frustrated this isn't resolve and is close to ripping the appliance out of the wall
-
@satisifed-stew I used ntopng to look at which URLs my TV was accessing. TBH my wife gets annoyed that she can't see suits so I've set the TV to send everything out directly, not over the VPN for the time being.
I'll see if I get some time over the weekend to try and solve it...
-
@satisifed-stew You mention that this is an appliance; is it a dedicated streaming device? And if so, is there a reason that you wouldn't just want to take it off the VPN entirely? I try to create finer-grained rules for laptops or other more general purpose devices to try to keep as much traffic as possible going through the VPN, but for a dedicated streaming device I'd be inclined to just have it bypass the VPN for everything.
-
@satisifed-stew said in Routing Disney+/Netflix Over Non-VPN Interface:
So after some additional troubleshooting, I found my fat finger moment and got Netflix back up and working so that the content would stream from the website. However, it still appears to think I'm behind a VPN as not all of the content is still available.
Open the main page of the streamer in a PC type device, using a browser.
Activate the 'dev tools' of the browser, so it shows on the bottom part of your screen all the files and scripts it tries to load while accessing menus and content. (Firefiox : press Ctrl-Shift-K).
Take note of all the domain names show - the something dot extension - that pass by.
All these should be "white listed".
You'll see netflix.com and also domain names that are at first totally not related to netflix at all. All traffic generated should not be passed to the VPN as one of them make sit clear to 'Netflix' that you use 2 WAN IP's, and one is a VPN so .... -
@TheNarc Apologies for the delay. I meant the firewall is a dedicated device. I'm looking to stream from a collection of different devices (computers, TV, phone), which is why I'm trying to get the traffic rerouted, rather than having devices bypass the VPN for everything.
-
@satisifed-stew @TheNarc nearly 2 months later and I finally resolved the issue! Turns out I didn't have an outbound NAT rule for my network to go out through the WAN - since all traffic was going out through the VPN. Configured the rule, and now it works. Amazingly, I didn't have to sleep on the couch one night either while I worked on fixing it.
-
@satisifed-stew Great news! Glad you got it working, and sorry for sort of dropping off this thread. I'm a pretty casual forum user myself though and didn't have other ideas at the time. Thanks for following up for anyone who may have the same issue.
