PIA on pfsense Netflix detects proxy



  • Hi,

    I’ve tried every possible way to allow Netflix servers by setting up rules, messing with pfblocker, aliases... nothing works. Netflix still detects a proxy.
    I can’t assign the device a static ip that won’t pass through the vpn else any other activity won’t be secured.

    I would really appreciate if someone gives me a step by step that I could follow.

    Thanks,
    Alex


  • LAYER 8 Global Moderator

    @asphalt3 said in PIA on pfsense Netflix detects proxy:

    I can’t assign the device a static ip that won’t pass through the vpn else any other activity won’t be secured.

    huh? You understand you can policy route based upon the destination right.. So lookup the IP blocks that are used by netflix.. Prob going to be a lot.. This can normally be done via the ASN for them... Create an alias containing these IP... And then route traffic going there out your normal wan.

    To do policy routing you have to make sure you do not pull routes from your vpn service - or by default everything is going out the vpn.

    Here 2 second google on the IPs netflix IP ranges
    https://ipinfo.io/AS2906

    Keep in mind that is just 1 ASN, they own more than that ;)



  • I'm pretty sure that Netflix has people monitoring every VPN provider on Earth, and they have their IP ranges all blocked or flagged. My kids can't even login to their Minecraft account if I go though my VPN provider.


  • LAYER 8 Global Moderator

    Yeah its going to be whack a mole game for sure.. They do not like geo circumvention... I could see them at some point using the devices wifi interface to help determine location of the device.. If the device has one - which is most of them ;)

    I don't actually use the wifi in my tv for example - but bet you they could listen for for info in passive mode even if not connected or enabled for use.

    For all I know they are already doing this ;)



  • @johnpoz thanks for your reply. I’m a complete noob in pfsense so I might be wrong about that static ip thing. I haven’t read more in-depth about it.

    I did create 2 aliases through pfblocker ipv4. 1 for Netflix and 1 for Amazon. Then firewall rules lan gateway Wan but still no luck.



  • I'm not sure how you think pfBlocker is going to do anything for you. It's a geoblocker and DNSBL.

    If you want to use Netflix from some other country, you are going to have to find a VPN that they haven't blacklisted yet.



  • @KOM I just follow blindly what people suggest on reddit. I don’t know the purpose of pfblocker. It worked for some people that commented but didn’t work for me.



  • Those people are morons. All pfBlocker does is block LAN traffic to bad domains on its blacklist, and block inbound traffic to your port forwards from countries or ASNs you specify. It doesn't hide you or mask you in any way whatsoever.

    https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html



  • @KOM understood. In my case I don’t care if I’m not hidden from amazon/Netflix. In fact I just want to have access to it while being protected on other applications (YouTube, email, etc)


  • LAYER 8 Global Moderator

    @asphalt3 said in PIA on pfsense Netflix detects proxy:

    protected on other applications

    Protected from what exactly? Your isp knowing your going to freaking youtube or your email - both of which are inside https tunnels?

    I just follow blindly what people suggest on reddit

    So I take you also just blindly signed up for a vpn service because someone told you should.. Without understanding any of it ;)

    Here is what I suggest.. you save yourself some money, have a faster internet.. And not cause yourself grief by trying to route your traffic through some company preying on the innocents that think they "need" them to be secure..

    All a vpn does is secure/hide your non secure traffic from your isp. And can be used to circumvent geo restrictions, hide that your doing p2p from your isp.. While sure it might mask your IP from some website... Why should you care?? You think the website is going to attack you? You think they are going to look up your address or something from your IP from your isp? They would need a court order...

    Seems you have jumped on the I need a vpn bandwagon without any understanding - someone said you should...



  • @johnpoz My goal is to prevent my ISP from knowing what sites I visit. At least make it hard for them. First thing I did was buying a router from Bestbuy simply not to use theirs. Then I learned about pfsense so I bought a cheap i5 desktop to run it. Now the bestbuy router is an Access point. Since I have 1gbs cable and using a local server from PIA it doesn’t slow me down that much.
    I don’t care if my isp sees me using Netflix or amazon products. I just want them to know as little as possible about websites I visit with the current VPN settings.



  • Unless you need to run your VPN 24/7, I wouldn't do it at the router level. I prefer to do it at the desktop, where it's fast & simple to get connected when I want to be, and then disconnect when I want to be. Goofing around with policy routing is more of a hassle.


  • LAYER 8 Netgate

    @asphalt3 said in PIA on pfsense Netflix detects proxy:

    I don’t care if my isp sees me using Netflix or amazon products. I just want them to know as little as possible about websites I visit with the current VPN settings.

    So now your VPN provider gathers all of that information instead.



  • Has anybody heard of PRIVACY/SECURITY? geolocation is just an excuse to remove anonymity. More controls by big tech to have it their way.

    No data recording/logs vpn services DO EXIST and have been proven.

    @asphalt3 I believe that most, if not all the main vpn providers ips are blocked by netflix.

    My daughter uses netflix, I don't. I set up my dhcp server to assign a specific ip address to her devices mac and created a rule to bypass netflix traffic from that ip to my non vpn interface.


  • LAYER 8 Global Moderator

    @jefftet said in PIA on pfsense Netflix detects proxy:

    Has anybody heard of PRIVACY/SECURITY? geolocation is just an excuse to remove anonymity.

    Not sure what you think privacy and security have to do with a vpn service - it provides neither of those functions ;) While it might hide your destination from your isp. It doesn't protect your privacy.. Tracking where you go - the ip is very small tiny bit of information.

    Security through obscurity, is not security.. You hiding your actual IP doesn't stop your machine from getting infected by exploit X.. So their use as "security" provider is exaggerated at best.. While could protect you from a hostile local network - home users thinking they need to spend $ more for such limited security benefits are more marketing hype, and mob think than actually functionality or requirement. But where they use to shine and why the vast majority of uses want them is so they can watch service x from a country they are not suppose to be able to watch service X from ;)

    As to geolocation being an "excuse" to remove anonymity.. It more likely has more to do with the makers of the said media wanting licensing fees for specific regions to access it. Pretty sure netflix would love to make their whole library available to all of their users.. This would get them more users ;) Them being forced to block country X from watching show Y has more to do with the content of some media, and the copyright and licensing in different regions and countries.

    Nothing new - dvds have region settings on them, because copy/version of movie A is meant and licensed to be viewed in only specific regions, etc.





  • @johnpoz thanks for your insight! But my thread isnt a question of security or how to be completely anonymous but rather me trying to hide (some )websites from my ISP. I dont want them to know too much about me. Im fine if the know that I am using netflix f*ck it.
    Assigning a static IP example for my phone isnt a good idea as all the traffic wont be hidden.
    The help I am asking in this tread is how to create a rule in the firewall.

    I am not advanced enough to know the technicalities. Simply want to allow Amazon and netflix traffic through WAN.

    I'm stuck at creating aliases for each of them. I dont know how to add this source for amazon:
    https://ip-ranges.amazonaws.com/ip-ranges.json

    and this one for Netflix:
    as2906

    thanks!





  • @asphalt3 said in PIA on pfsense Netflix detects proxy:

    Since I have 1gbs cable and using a local server from PIA it doesn’t slow me down that much.

    Then what is this all about Slow Speeds ?



  • without screens shots its impossible to see what you have configured.

    i have a few vpn tunnels, and alias's setup to travel over them by static local IP addresses

    my dhcp addresses and smart tv are set to work over the wan. and it DOES work. netflix and amazon prime stream just fine..

    post screen shots and we can assist
    here is a working example tunnel.jpeg

    you can see im editing it from the lan tab. i have a static mapping for the device macmini) then i changed the tunnel to Air. you can change that to your wan address and it would send the traffic over the wan



  • @Gertjan thanks will do

    The slow speeds started from the new build



  • @bcruze that is what I have right now. I’ve asigned a static ip to a device and made a rule for it to pass through WAN.

    But that is not what I’m looking for...

    Because now the whole device doesn’t pass through the vpn.



  • Good luck I’ve tried to getting this to work for years On pfsense
    All TVs use wan in this house..

    Not blaming pfsense Netflix is really trying to stop this



  • Damn that’s encouraging