Routing Netflix Traffic Over US-based VPN
Been muckin around with this one for a few days, unsure the best way to achieve this, need some advice.
I have a US-based OpenVPN service configured on my PF box, hoping to get US Netflix working on any devices that access Netflix in the house, by policy.
What works: Policy routing traffic from a specific host through the US VPN, whilst staticly pushing DNS through DHCP, 18.104.22.168/22.214.171.124.
What I'd like to happen: Any device that browses to Netflix on the network will automagically route through the the US link.
What I've tried so far: Policy route for traffic destined for 126.96.36.199/7, 188.8.131.52/8, and 184.108.40.206, as well as, domain overrides to point to 220.127.116.11, so DNS queries will be answered through the US VPN (to get US servers).
Domains I added: literally everything I could see in Wireshark; netflix.com, netflximg.net, nflxext.com, many others.
So what I think is going wrong here is that not every domain Netflix uses is querying through the US link, possibly even an akamai issue.
I can get to the US Netflix page but cannot play videos.
Is this even achievable? I know it's probably overkill but it's a 'cool-to-have'.
There are so many content servers and providers out there that using various IP addresses and ranges that it is just not do-able to try to flag them all. You would need to know the IP ranges of the providers likely to be contacted from the US VPN and add them as well. Of course, those IP addresses can change so you end up having to route those providers entire subnet range and pray those don't change. Don't forget that outages or routing changes could impact routes so that, now, you are using a different set of CDNs. Don't forget, that if your Internet VPN reconnects and you end up on a different server, it could be getting routed differently which could direct you to other CDNs. It would be a giant case of wack-a-mole.
Honestly, your best bet would be to designate a central device (media player of some sort) in the house as the "US Netflix" device and save yourself some grey hairs. Since you have physical control over the source device, you can route it however you want.
Now…if you are really high-speed, if you can somehow force the Netflix to use a specific set of source ports (with the Netflix app on mobile devices...maybe possible, running it from a web browser...who knows) then you could set a set of ports that only Netflix can use and then route any traffic using those source ports out the VPN. Note that this idea, on a technical level, works. I have a similar setup where an application I use is forced to use a certain range of source ports and can then route based on the machine the application runs on and the source port.
That said, that there is a lot of technical hurdles to jump through.
Thanks for your reply - I'm thinkin its probably too much effort, interesting method though.
Thanks for this!