Using PIA with netflix
-
I searched and searched with this but it seems like no one has able to use route all traffic to PIA but watching netflix use normal route to ISP provider?
I was thinking a cisco router cheap like 1841 model Modem –-- Cisco router --- Pfsense --- LAN. Is it even worth it just to watch netflix?
-
I have this working - but its not straightforward as the IP's needed may differ for you depending on the country that you are accessing from AND you'll need an understanding of subnetting.
Firsty, create a LAN rule to pass any traffic from any source to a destination alias called Netfix or something similar, you also need to enable the advanced options and under Gateway select your WAN / ISP gateway.
You need to move this rule above any others which may push traffic to your VPN.
Now, the kinda hard bit - you need to get a list of IP addresses that Netflix uses for your country and configure them under the Alias we reference above (you might actually have to do this before you create the rule) so that when you try to use Netflix, traffic is sent over the WAN link to the IP addresses listed and not over your VPN.
I found the easiest way to do this was to use a program like TCPLogview on Windows and then open the Netflix app - TCPLogview would then list all the IP addresses that Netflix tries to access, i would then use something like https://www.ultratools.com/tools/ipWhoisLookup to lookup the IP address and find out its subnet mask then add this to the Alias list with the proper subnet mask.
In MY CASE i found i needed, the following IP's:-
52.84.0.0 /12
52.208.0.0 /13
54.64.0.0 /11
54.144.0.0 /10
54.192.0.0 /12
54.216.0.0 /14
54.220.0.0 /15
54.224.0.0 /11
52.0.0.0 /10THIS IS NOT COMPLETE, and will require more to be added, but i noticed Netfix was using a lot of addresses within the 52 and 54 address space and this will cover the majority of lookups.
-
Took me 3 years to got my CCNP R&S I have understanding of subnetting works.
So you would run TCPLogview on a Windows machine and this will list all Netflix IP's?
52.0.0.0/10 & 54.0.0.0/10 will cover
52.0.0.0 - 52.63.255.255.255 & 54.0.0.0 - 54.63.255.255
nnnnnnnn.sshhhhhh.hhhhhhhh.hhhhhhhh
Did you try adding those prefix instead of smaller subnets?
-
Took me 3 years to got my CCNP R&S I have understanding of subnetting works.
Cool - sorry - my post was aimed at anyone who comes here looking for an (easy) answer - there isnt one - and this is the only way i could get it to work.
So you would run TCPLogview on a Windows machine and this will list all Netflix IP's?
No, it will only list IP's that, more than likely, are currently resolved by DNS for particular Netflix domains, it wont give you everything, BUT i did notice a trend of 52 and 54 addresses that were being accessed and went from there as you can use ultratools.com to find the subnets for the IP's listed and stick them in the Alias. They DO change from run to run, but the majority seemed to be within the 52 and 54 ranges above and since adding these to the Alias (several weeks ago), i have not had to add any more.
52.0.0.0/10 & 54.0.0.0/10 will cover
52.0.0.0 - 52.63.255.255.255 & 54.0.0.0 - 54.63.255.255
nnnnnnnn.sshhhhhh.hhhhhhhh.hhhhhhhh
Did you try adding those prefix instead of smaller subnets?
It will but there are subnets owned by companies OTHER than Amazon / Netflix within that range that i didnt want to route via the VPN which i why i used https://www.ultratools.com/tools/ipWhoisLookup to find which subnets were owned specifically by Amazon / Netflix in that /10 and subnetted it from there.
There ARE other IP's but these seem to be the main ones that Netflix is using IN MY CASE. I cant stress that enough - i have no idea if connections from your location will resolve to the same subnets. This is why you need to use something like TCPLogview to A) Confirm this and B) get the rest of the IP's that you need.
As i said above, there is no easy answer here - no correct set of IP's and my range could change tomorrow - but i'll be able to find out what they resolve to by using the method above. I've seen lists of ranges with Netflix IP's off the internet that were useless and missing ranges so your only real method is to find them yourself.
It might take you an hour of loading and closing the Netflix app, clearing TCPLogview and rechecking and adjusting the alias list but it works.