Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Netflix Traffic Over US-based VPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mscaff
      last edited by

      Hi All,

      Been muckin around with this one for a few days, unsure the best way to achieve this, need some advice.

      I have a US-based OpenVPN service configured on my PF box, hoping to get US Netflix working on any devices that access Netflix in the house, by policy.

      What works: Policy routing traffic from a specific host through the US VPN, whilst staticly pushing DNS through DHCP, 8.8.8.8/8.8.4.4.

      What I'd like to happen: Any device that browses to Netflix on the network will automagically route through the the US link.

      What I've tried so far: Policy route for traffic destined for 52.0.0.0/7, 54.0.0.0/8, and 8.8.8.8, as well as, domain overrides to point to 8.8.8.8, so DNS queries will be answered through the US VPN (to get US servers).

      Domains I added: literally everything I could see in Wireshark; netflix.com, netflximg.net, nflxext.com, many others.

      –------------------------------------------

      So what I think is going wrong here is that not every domain Netflix uses is querying through the US link, possibly even an akamai issue.

      I can get to the US Netflix page but cannot play videos.

      Is this even achievable? I know it's probably overkill but it's a 'cool-to-have'.

      Thanks guys!

      1 Reply Last reply Reply Quote 0
      • D
        datdamnmachine
        last edited by

        There are so many content servers and providers out there that using various IP addresses and ranges that it is just not do-able to try to flag them all.  You would need to know the IP ranges of the providers likely to be contacted from the US VPN and add them as well.  Of course, those IP addresses can change so you end up having to route those providers entire subnet range and pray those don't change.  Don't forget that outages or routing changes could impact routes so that, now, you are using a different set of CDNs.  Don't forget, that if your Internet VPN reconnects and you end up on a different server, it could be getting routed differently which could direct you to other CDNs.  It would be a giant case of wack-a-mole.

        Honestly, your best bet would be to designate a central device (media player of some sort) in the house as the "US Netflix" device and save yourself some grey hairs.  Since you have physical control over the source device, you can route it however you want.

        Now…if you are really high-speed, if you can somehow force the Netflix to use a specific set of source ports (with the Netflix app on mobile devices...maybe possible, running it from a web browser...who knows) then you could set a set of ports that only Netflix can use and then route any traffic using those source ports out the VPN.  Note that this idea, on a technical level, works.  I have a similar setup where an application I use is forced to use a certain range of source ports and can then route based on the machine the application runs on and the source port.

        That said, that there is a lot of technical hurdles to jump through.

        1 Reply Last reply Reply Quote 0
        • M
          mscaff
          last edited by

          Thanks for your reply - I'm thinkin its probably too much effort, interesting method though.
          Thanks for this!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.