Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netflix vpn block -> how to "fix"?

    Scheduled Pinned Locked Moved General pfSense Questions
    20 Posts 12 Posters 19.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      FuriousRage
      last edited by

      Hi, i am using a swedish vpn service, watching on the swedish netflix. And i live in sweden.
      But now i cannot watch swedish netflix.

      So i tried setting up an alias with this

      And the rule is

      Also added a floating one:

      I managed to watch a half movie after applying these stuff.

      Anyone know other ways to exclude netflix.se/.com from vpn so i can view it, but still have vpn on?
      Altho, now after screenshotting it all, it seems i could re-start the movie, but im not sure it will still function any day, any time.

      1 Reply Last reply Reply Quote 0
      • B Offline
        bijiont
        last edited by

        I am watching this thread because I am having a similar issue.

        Seems like Netflix just hit my area with the proxy as it was working normally just a couple days ago. Oddly enough mine only stops my mobile phones, computers work fine.

        I tried your suggested fix on my side to push all Netflix traffic to my normal gateway but no joy. Still detects a proxy somehow.

        1 Reply Last reply Reply Quote 0
        • F Offline
          FuriousRage
          last edited by

          The wierd thing, when it stops working, i just need to go in aliases, add some crap and save, then remove it, then apply. and the netflix avoid vpn again.. for a short while. Seems like its something wrong with pfSense alias/firewall stuff in this aspect..

          1 Reply Last reply Reply Quote 0
          • F Offline
            FuriousRage
            last edited by

            I added myip.nu to the exclution list, and i clearly get my own ip showing every time i reload that page, it never fails. meh stupid netflix and buggy detection.

            EDIT: After sitting with netflix "support" chat, and tried different stuff. It seems there is buggy on the pfSense side.
            I am gonna try lookup all the ips associated with the netflix urls and add them too in the alias to see if it makes any change.

            EDITx2: After adding around 25 IP's associated with netflix, i got it working again. Now lets see if its a 100% working list or not.

            EDITx3: Nope, one episode and it stopped working. definaly some bug in aliases on pfSense.

            1 Reply Last reply Reply Quote 0
            • F Offline
              FuriousRage
              last edited by

              Anyone with ANY ideas.. what can i do.. to prove my current problem is probably is a pfSense/Aliases bug?

              1 Reply Last reply Reply Quote 0
              • GertjanG Online
                Gertjan
                last edited by

                The 'problem' becomes world wide : Google it up : as soon as you enter the relation Netflix + VPN => you will have a no go…

                I'm using pfSEnse (and not any VPN neither local, nor remte) - and can access netflix just fine.

                So, if this is a bug, it is probably even not related to pfsense using VPN : Netflix just doesn't like 'VPN' anymore ....

                Your issue is probably : how to bypass (your) VPN if you are using Netflix ..... probably possible if you have whitelisted ALL netflix IP's (IPv4 - IPv6) and I guess they have far more then "25"  IP's .....

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • F Offline
                  FuriousRage
                  last edited by

                  Using chrome, i have checked what ever url that loads on netflux, and looked up all associated Ip's to them, and added the ip's in addition to the domain names. first time i add new ones, it works, but then the shit block works again.. how the f** can i exclude netflix from vpn? GAWD, i wish i could sue them.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    mhertzfeld
                    last edited by

                    I think you would be better off by setting up an Alias with all the hosts you want to watch Netflix on and sending all their traffic through the WAN with everything else going through VPN.

                    After digging around for a week and trying a number of different solutions that is what I did.  Lucky for me I only watch netflix on my two Rokus, so the configuration was pretty painless.

                    IMO i would not feel comfortable about having a host sending traffic out through both WAN and VPN because of leaks (IP Address, DNS, ect).  For me it is all or nothing.

                    If you still want all your hosts traffic going through the VPN there are some good discussions about the Netflix VPN block this on the AirVPN forum.  I believe they are using a SmartDNS to get this working.  Best read up on what a SmartDNS is before you start using.

                    https://airvpn.org/topic/16897-netflix-content-not-showing-despite-being-connected-to-correct-country-vpn/

                    https://airvpn.org/topic/16873-any-us-servers-have-netflix/

                    1 Reply Last reply Reply Quote 0
                    • F Offline
                      FuriousRage
                      last edited by

                      I have "unblocked" this list from netflix. and for swedish usage. It SEEMS to work full time right now.

                      www.netflix.com
                      netflix.com
                      assets.nflxext.com
                      scdn.nflximg.net
                      secure.netflix.com
                      www2-ext-s.nflximg.net
                      www.gstatic.com
                      www.netflix.se
                      netflix.se
                      54.228.203.38
                      46.51.174.104
                      54.247.109.168
                      46.137.156.171
                      54.228.199.17
                      176.34.97.10
                      46.51.170.157
                      54.247.124.77
                      75.101.139.66
                      107.20.154.246
                      54.204.2.219
                      50.19.210.42
                      23.21.190.124
                      107.20.151.133
                      23.23.191.68
                      107.20.177.34
                      54.204.43.31
                      54.225.192.83
                      54.243.253.96
                      174.129.2.58
                      138.91.252.81
                      95.101.96.230
                      92.123.204.117
                      95.101.96.230
                      5.178.46.153
                      5.178.46.136

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        cmb
                        last edited by

                        What you're attempting is a mis-use of hostnames in aliases. Those hostnames resolve to something different very often, so clients will frequently get a different IP than what the firewall got when it updated its aliases. Hostnames like that cannot be reliably used in aliases. They'll be kept up to date properly for what it receives at the time it resolves them, and upon each update when the TTL expires, but no way to ensure that's the IP the clients get in between.

                        1 Reply Last reply Reply Quote 0
                        • ? This user is from outside of this forum
                          Guest
                          last edited by

                          Hi, i am using a swedish vpn service, watching on the swedish netflix. And i live in sweden.
                          But now i cannot watch swedish netflix.

                          Netflix is offering different services in different countries world wide and based on this they don´t want
                          that their customers are bypassing this by using VPNs. If now your VPN ISP or service is using a Proxy
                          server outside of the territory of Sweden you will be not able to watch netflix since the 14, March 2016!

                          Since this date they are really sniffing for proxies and VPN connections and block them all and everywhere.

                          Seems like Netflix just hit my area with the proxy as it was working normally just a couple days ago. Oddly enough mine only stops my mobile phones, computers work fine.

                          I tried your suggested fix on my side to push all Netflix traffic to my normal gateway but no joy. Still detects a proxy somehow.

                          Mobile ISPs offers their private clients and customers a service that is behind their own private network
                          between the Internet and yours, their customers. So you will be often not able to build VPNs based on this
                          networks between you and the Internet, for sure the service they are offering you is faster and more secure
                          for you and especially them self then. But if there is any kind of proxy in this game Netflix will also detect them
                          now as a proxy and block the service!

                          Anyone with ANY ideas.. what can i do.. to prove my current problem is probably is a pfSense/Aliases bug?

                          Netflix statement from the 14, March 2016
                          Evolving Proxy Detection as a Global Service

                          This statement will perhaps be clearing up much more then I would be able to do based on my lower english
                          language skills, but it is very clear and simple, with VPN or Porxy Server no Netflix.

                          1 Reply Last reply Reply Quote 0
                          • KOMK Offline
                            KOM
                            last edited by

                            Still detects a proxy somehow.

                            In squid's config, make sure you check Disable Via Header and set X-Forwarded Header Mode to Delete.

                            1 Reply Last reply Reply Quote 0
                            • F Offline
                              FuriousRage
                              last edited by

                              After adding this list, i have the past 2 days, never been vpn-blocked by netflix, and it seems to work so far
                              (I am using swedish netflix, using other countries vpn i dont care of)

                              www.netflix.com
                              netflix.com
                              assets.nflxext.com
                              scdn.nflximg.net
                              secure.netflix.com
                              www2-ext-s.nflximg.net
                              so-s.nflximg.net
                              www.gstatic.com
                              www.netflix.se
                              netflix.se
                              54.228.203.38
                              46.51.174.104
                              54.247.109.168
                              46.137.156.171
                              54.228.199.17
                              176.34.97.10
                              46.51.170.157
                              54.247.124.77
                              75.101.139.66
                              107.20.154.246
                              54.204.2.219
                              50.19.210.42
                              23.21.190.124
                              107.20.151.133
                              23.23.191.68
                              107.20.177.34
                              54.204.43.31
                              54.225.192.83
                              54.243.253.96
                              174.129.2.58
                              138.91.252.81
                              95.101.96.230
                              92.123.204.117
                              95.101.96.230
                              5.178.46.153
                              5.178.46.136
                              127.0.0.3
                              212.247.20.24
                              212.247.20.16
                              www.eu-west-1.prodaa.netflix.com
                              e8542.dscg.akamaiedge.net

                              After adding this to firewall Aliases and excluded that alias from vpn usage, i have loaded many movies on netflix withouth the vpn block message.

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                nattygreg
                                last edited by

                                NETFLIX issue solved using PFSENSE

                                Disclaimer this is to bypass only Netflix traffic from the VPN all other traffic goes through the VPN

                                to prevent dns leak use PiA DNS all other dns I tried showed a multitude of other dns's that belong to them.

                                1. create an alias in pfsense called netflix or anything you want. Import all the netflix ip you can find or pm me and I'll post a list of the ones I have.

                                2. Go to firewall >>>rules>>>LAN  and edit the default Lan to any rule and change the gateway to your vpn

                                3. Still under LAN create a new rule  ACTION>>Pass  INTERFACE>> LAN  ADDRESS FAMILY>>IPV4  PROTOCOL>>TCP  SOURCE>> LanNet  DESINATION>>Netflix (this is the alias and all netflix ip's you have) DESTINATION PORT RANGE>> ANY  DESTINATION OS>> ANY scroll down to gateway and select WAN save it.

                                4. Move this rule above the default LAN to any rule

                                5. Go to SYSTEM>>ROUTING>>STATIC ROUTES click on add and add this new route to your system

                                NETWORK>>Netflix or (whatever you named the alias) GATEWAY>> WAN_DHCP-192.168.1.1 INTERFACE>>>WAN      DESCRIPTION>>>netflix bypass or whatever description you like.

                                6. After all your devices contact netflix and is working place the Lan rule you created below the the default lan to any rule so that it does not leak your isp public ip assigned to you.

                                1 Reply Last reply Reply Quote 1
                                • K Offline
                                  knight26
                                  last edited by

                                  Could this issue with the VPN be blocking my access to the Netflix DVD website? I have an alias setup with a pretty comprehensive list of Netflix ip's that have worked for months to route the streaming traffic around my VPN but I get 502 Bad Gateway error every time I go to the DVD website.  I've added that ip to the white list as well but it hasn't changed anything.

                                  Hardware:
                                  GIGABYTE GA-B85M-DS3H-A LGA 1150 Intel M-ATX MB
                                  Intel Pentium i3-4130T dual core cpu
                                  Intel Pro 1000 dual port server adapter
                                  Crucial 8Gb RAM
                                  Mushkin 60gb SSD

                                  1 Reply Last reply Reply Quote 0
                                  • E Offline
                                    ezrah
                                    last edited by

                                    @nattygreg:

                                    NETFLIX issue solved using PFSENSE

                                    Disclaimer this is to bypass only Netflix traffic from the VPN all other traffic goes through the VPN

                                    to prevent dns leak use PiA DNS all other dns I tried showed a multitude of other dns's that belong to them.

                                    1. create an alias in pfsense called netflix or anything you want. Import all the netflix ip you can find or pm me and I'll post a list of the ones I have.

                                    2. Go to firewall >>>rules>>>LAN  and edit the default Lan to any rule and change the gateway to your vpn

                                    3. Still under LAN create a new rule  ACTION>>Pass  INTERFACE>> LAN  ADDRESS FAMILY>>IPV4  PROTOCOL>>TCP  SOURCE>> LanNet  DESINATION>>Netflix (this is the alias and all netflix ip's you have) DESTINATION PORT RANGE>> ANY  DESTINATION OS>> ANY scroll down to gateway and select WAN save it.

                                    4. Move this rule above the default LAN to any rule

                                    5. Go to SYSTEM>>ROUTING>>STATIC ROUTES click on add and add this new route to your system

                                    NETWORK>>Netflix or (whatever you named the alias) GATEWAY>> WAN_DHCP-192.168.1.1 INTERFACE>>>WAN      DESCRIPTION>>>netflix bypass or whatever description you like.

                                    6. After all your devices contact netflix and is working place the Lan rule you created below the the default lan to any rule so that it does not leak your isp public ip assigned to you.

                                    Any update on this matter? I did some nslookups on all the addresses found in the chrome console on netflix.com and added those IP's to the aliasses, about 10 to 15 and did every step but i cant get it to work.

                                    Also I dont quite know if it uses the Interface for the vpn because my vpn client already ran before I added and enabled the VPN interface…

                                    So if anyone could share some more info on the how to, a bit more detailed or with some screenshots, would be very much appreciated.

                                    1 Reply Last reply Reply Quote 0
                                    • N Offline
                                      nattygreg
                                      last edited by

                                      Amids what is written below, there is two solutions since I have run into road blocks myself with Netflix finding my proxy
                                      1. is to find a vpn service that uses smartdns or other combaton
                                      2. is route your devices via ip address that you want to access Netflix outside your VPN, I know it defeats the purpose but until netflix cave in or we find a better solution that is what I have so far.
                                      3. There is hope though but time consuming watch netflix without the vpn for a week, different titles and checking the ips for all kind of different titles, then load them into alias then create a LAN rule any any destination alias and gateway your isp or wan, so what you're telling your firewall is any destination to Netflix only, then and only then you use my wan interface.
                                      go to routing and do the same bring up alias as the network and set it to go through your wan interface.

                                      ps in the firewall rule set this rule above your vpn rule else it will not work

                                      J 1 Reply Last reply Reply Quote 0
                                      • KOMK Offline
                                        KOM
                                        last edited by

                                        This is wayyyy too much hassle just to pay for the privilege of watching TV.  If Netflix doesn't have the content you want and they're cracking down on VPNs, then the obvious solution is to cancel your subscription and go back to torrents.  I don't blame Netflix for this.  The greedy content licensing people are holding on to their old model of business for as long as they can, with their carved-up territories and artificial boundaries.

                                        1 Reply Last reply Reply Quote 0
                                        • J Offline
                                          johnevans @nattygreg
                                          last edited by

                                          @nattygreg I tried 9 VPNs to access American Netflix. Only 2 of them was working, mentioned below are the names:

                                          1. PureVPN - It was working perfect
                                          2. ExpressVPN - Some IPs got blocked
                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ Offline
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            Don't neco threads from 3 years ago. Any VPN you use is going to be a whack-a-mole game.. Thread Locked.

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.