Routing via VPN by "service" instead of host ip

  • I recently emigrated from the UK to the USA and my wife is really missing iPlayer. I've setup a pfsense firewall at a parent's house in the UK running an openvpn server and have pfsense running virtualized via at&t gigabit LAN in the US. There is an always on Linux box available behind the UK pfsense if required but I doubt it will be.

    My question is, how do I route iPlayer traffic from every device in the house via the (is it called site to site?) VPN whilst other services on the same devices remain Stateside?

    I presume this would be achieved somehow through DNS but my Google Fu is only finding me options to route based on host IP. Even then though, on my android TV box is still want Netflix to exit in the US and iPlayer and a few other UK TV catch-up services.

  • I am not familiar with iPlayer, but you would need to research what ports, protocols, IPs, etc iPlayer uses and then policy route traffic accordingly based on what you find.

  • Netgate Administrator

    Mmm, it's difficult to impossible to do that. Like Netflix or other services iplayer uses a large number of changing IPs as the destination so routing traffic by destination becomes difficult.
    The only way I have solved this (for my own relatives who are in the US) is to run the OpenVPN client directly on the playback device, an ipad in that case, and just start it when required to use the iplayer.
    However if you can find a list of iplayer IPs you could create an alias of those and route that way.
    Perhaps use the geo-ip list for the UK from pfBlocker would suffice. It will no doubt catch other traffic though.


  • You can route all BBC traffic via the VPN... AS2818 and AS31459 are their ranges.

    Everything else will go to Akamai’s CDN, that may be geo-fenced, but would obviously make life significantly more difficult if it were.

  • I'm an ex-Brit living in Canada - have the same issue. I spent a lot of time playing around with this.

    It was easier to run a VM machine at home dedicated to the UK and have PF Sense route all it's requests via the VPN to the UK. After much testing, it was the only reliable solution. Then run a remote desktop session on the machine connected to the TV when you want UK TV.

    By the way - the offline BBC iPlayer app can run on the UK dedicated VM and download material, but if you make sure it stores the material in a place that other machines can access, you can run the offline BBC iPlayer app on other machines looking to that location for material and it works fine.



Log in to reply