Routing via VPN by "service" instead of host ip

  • I recently emigrated from the UK to the USA and my wife is really missing iPlayer. I've setup a pfsense firewall at a parent's house in the UK running an openvpn server and have pfsense running virtualized via at&t gigabit LAN in the US. There is an always on Linux box available behind the UK pfsense if required but I doubt it will be.

    My question is, how do I route iPlayer traffic from every device in the house via the (is it called site to site?) VPN whilst other services on the same devices remain Stateside?

    I presume this would be achieved somehow through DNS but my Google Fu is only finding me options to route based on host IP. Even then though, on my android TV box is still want Netflix to exit in the US and iPlayer and a few other UK TV catch-up services.

  • I am not familiar with iPlayer, but you would need to research what ports, protocols, IPs, etc iPlayer uses and then policy route traffic accordingly based on what you find.

  • Netgate Administrator

    Mmm, it's difficult to impossible to do that. Like Netflix or other services iplayer uses a large number of changing IPs as the destination so routing traffic by destination becomes difficult.
    The only way I have solved this (for my own relatives who are in the US) is to run the OpenVPN client directly on the playback device, an ipad in that case, and just start it when required to use the iplayer.
    However if you can find a list of iplayer IPs you could create an alias of those and route that way.
    Perhaps use the geo-ip list for the UK from pfBlocker would suffice. It will no doubt catch other traffic though.


  • You can route all BBC traffic via the VPN... AS2818 and AS31459 are their ranges.

    Everything else will go to Akamai’s CDN, that may be geo-fenced, but would obviously make life significantly more difficult if it were.