User of AirVPN 46 Posted ... Today (and yesterday), I tried to use Netflix while connected to AirVPN. I was trying to connect to the netflix.com website on Firefox browser. The servers that I have tried to use that are blocked: Naos, Pollux, Zosma, Alkaid, Pavonis.Miaplacidus.Zosma.Rasalas.Azha.Albireo.Dschubba.Metallah Picture of error message: http://imgur.com/pOnEZgr 1 myfreeac reacted to this Quote Share this post Link to post
sckirklan 2 Posted ... Add Auva to that list. 1 User of AirVPN reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... connected to Auva I did some tests. Previously netflix was working on both roku and apple tv. not sure when it quit working but it has on both devices. my setup is pfsense and I am redirecting all DNS requests to Air DNS so netflix's DNS requests to google DNS will be blocked. I even changed mssfix until the witch web site said "no openvpn detected", which took an mssfix value of 1340 with TCP tunnel. still not working. Quote Share this post Link to post
My VPN 1 Posted ... List of servers that I have tested that have been blocked by Netflix.Alkaid.Pavonis.Miaplacidus.Zosma.Rasalas.Azha.Albireo.Dschubba.Metallah. 1 User of AirVPN reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help. they seem to do a real good job of being decentralized. Quote Share this post Link to post
zhang888 1066 Posted ... if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help. they seem to do a real good job of being decentralized. AS2906, AS55095, should be good candidates to start with. 1 go558a83nk reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
mharawira 0 Posted ... I disconnected from AirVPN in order to watch Netflix last night in sheer desperation. I assumed that I would be able to reconnect but have failed t do so so far. Can anyone please help? I am on IOS and have no programming ability nor do I understand the language being used. Quote Share this post Link to post
go558a83nk 362 Posted ... if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help. they seem to do a real good job of being decentralized. AS2906, AS55095, should be good candidates to start with. allowing AS2906 outside the VPN tunnel got netflix to work. I didn't need to allow AS55095. 1 Thalium reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to. I hate having to allow so much outside the VPN. I guess this has gotten too complicated for Air to re-route? 1 User of AirVPN reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPsper each Air user (in case of rerouting). As long as you route only netblocks from the AS there is little to no risk, imho.This is a service that is tied to your identity in any case (for payment, etc). Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPsper each Air user (in case of rerouting). As long as you route only netblocks from the AS there is little to no risk, imho.This is a service that is tied to your identity in any case (for payment, etc). if that's how they are determining who to block then it is useless for Air to do anything. too bad. of course the netflix account is tied to identity but my main reason for having a VPN is keep my ISP from knowing everything I do. 1 Thalium reacted to this Quote Share this post Link to post
sckirklan 2 Posted ... if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help. they seem to do a real good job of being decentralized. AS2906, AS55095, should be good candidates to start with. allowing AS2906 outside the VPN tunnel got netflix to work. I didn't need to allow AS55095. Are you adding static routes for each network in that ASN or is there a fancier trick? Thanks! Quote Share this post Link to post
zhang888 1066 Posted ... Are you adding static routes for each network in that ASN or is there a fancier trick? Thanks! There aren't too many networks in AS2906, but in any case in order to get parsed CIDR results for it - we will query the radb: whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' |sort -n Then the results can be fed to your iptables/AirVPN client/Windows firewall/router/etc. Actually they announce smaller /24 blocks when their /17 and /18 cover them perfectly, soI managed to narrow down the list for you by simply removing the redundant /24s: whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' | grep -v "/24" | sort -n 23.246.0.0/1837.77.184.0/2145.57.0.0/1764.120.128.0/1766.197.128.0/1769.53.224.0/19108.175.32.0/20185.9.188.0/22192.173.64.0/18198.45.48.0/20208.75.76.0/22 That would be all. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
st4r 1 Posted ... ok, for the less technically skilled...I just enter the IPs in the last post to my eddie client's outsideVPN list and it's done? Quote Share this post Link to post
zhang888 1066 Posted ... Yes. Thanks to @go558a83nk for confirming this workaround. 1 Thalium reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
MerlinRPM 0 Posted ... I would love to confirm this worked for me but it did not. Hopefully I'm just doing something wrong. I added the list above to:AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnelIs that the correct way to add them?) However I'm getting the "proxy detected" error in Netflix.Tried on Zosmas, Gorgonea, Agena & Rasalas. Quote Share this post Link to post
go558a83nk 362 Posted ... I would love to confirm this worked for me but it did not. Hopefully I'm just doing something wrong. I added the list above to:AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnelIs that the correct way to add them?) However I'm getting the "proxy detected" error in Netflix.Tried on Zosmas, Gorgonea, Agena & Rasalas. when you add the routes to go outside the tunnel be sure to disconnect, exit out of Eddie properly. then restart it and use like normal. it should work assuming zhang was correct about the overlapping ranges (he probably was). Quote Share this post Link to post
MerlinRPM 0 Posted ... Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.I tried both with Network Lock Active (which is how I normally connect) and disabled. Same results for both. Is there any other setting that can interfere with this?Any logs I can post/review? read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:http://witch.valdikss.org.ru/ When I go to the site it does detect OpenVPN: First seen = 2016/06/13 17:55:58 Last update = 2016/06/13 17:55:58 Total flows = 1 Detected OS = Windows 7 or 8 HTTP software = Chrome 51.x or newer (ID seems legit) MTU = 1392 Network link = OpenVPN UDP bs128 SHA1 lzo Language = English Distance = 9 PTR = 83.154.21.46.in-addr.arpa PTR test = Probably home user Fingerprint and OS match. No proxy detected (this test does not include headers detection). OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled. Quote Share this post Link to post
go558a83nk 362 Posted ... Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.I tried both with Network Lock Active (which is how I normally connect) and disabled. Same results for both. Is there any other setting that can interfere with this?Any logs I can post/review? read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:http://witch.valdikss.org.ru/ When I go to the site it does detect OpenVPN: First seen = 2016/06/13 17:55:58 Last update = 2016/06/13 17:55:58 Total flows = 1 Detected OS = Windows 7 or 8 HTTP software = Chrome 51.x or newer (ID seems legit) MTU = 1392 Network link = OpenVPN UDP bs128 SHA1 lzo Language = English Distance = 9 PTR = 83.154.21.46.in-addr.arpa PTR test = Probably home user Fingerprint and OS match. No proxy detected (this test does not include headers detection). OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled. whatever witch says doesn't matter if the routes to netflix are going outside the VPN tunnel. what netflix would see is your regular ISP connection. do a route trace to an IP address in the ranges meant to go outside the VPN tunnel to make sure they are indeed... Quote Share this post Link to post
go558a83nk 362 Posted ... I see what the problem is. I got my data for AS2906 from http://bgp.he.net/AS2906#_prefixes It seems to have a lot more prefixes than the whois method zhang presented. So, it could be that you just haven't routed all the ranges yet. From HE 23.246.0.0/1823.246.2.0/2423.246.3.0/2423.246.4.0/2423.246.5.0/2423.246.6.0/2423.246.7.0/2423.246.8.0/2423.246.9.0/2423.246.10.0/2423.246.11.0/2423.246.12.0/2423.246.13.0/2423.246.14.0/2423.246.15.0/2423.246.16.0/2423.246.17.0/2423.246.18.0/2423.246.20.0/2423.246.22.0/2423.246.23.0/2423.246.24.0/2423.246.25.0/2423.246.26.0/2423.246.27.0/2423.246.28.0/2223.246.28.0/2423.246.29.0/2423.246.30.0/2423.246.31.0/2423.246.32.0/2023.246.36.0/2423.246.37.0/2423.246.38.0/2423.246.39.0/2423.246.40.0/2423.246.41.0/2423.246.42.0/2423.246.44.0/2423.246.45.0/2423.246.46.0/2423.246.47.0/2423.246.48.0/2423.246.49.0/2423.246.50.0/2423.246.51.0/2423.246.54.0/2423.246.55.0/2423.246.56.0/2423.246.57.0/2423.246.58.0/2423.246.59.0/2423.246.62.0/2423.246.63.0/2437.77.184.0/2437.77.185.0/2437.77.186.0/2437.77.187.0/2437.77.188.0/2437.77.189.0/2437.77.190.0/2437.77.191.0/2445.57.0.0/1745.57.0.0/2445.57.1.0/2445.57.2.0/2445.57.3.0/2445.57.4.0/2445.57.5.0/2445.57.6.0/2445.57.12.0/2445.57.13.0/2464.120.128.0/1766.197.128.0/17108.175.32.0/24108.175.33.0/24108.175.34.0/24108.175.35.0/24108.175.38.0/24108.175.39.0/24108.175.40.0/24108.175.41.0/24108.175.42.0/24108.175.43.0/24108.175.44.0/24108.175.46.0/24108.175.47.0/24185.2.222.0/24185.2.223.0/24185.9.188.0/24192.173.64.0/20192.173.80.0/20192.173.96.0/20192.173.112.0/20198.38.96.0/24198.38.97.0/24198.38.98.0/24198.38.99.0/24198.38.102.0/23198.38.102.0/24198.38.108.0/24198.38.109.0/24198.38.110.0/24198.38.111.0/24198.38.112.0/24198.38.113.0/24198.38.114.0/24198.38.115.0/24198.38.116.0/24198.38.117.0/24198.38.118.0/24198.38.119.0/24198.38.120.0/24198.38.121.0/24198.38.122.0/24198.38.123.0/24198.38.124.0/24198.38.125.0/24198.45.48.0/23198.45.48.0/24198.45.49.0/24198.45.50.0/24198.45.52.0/24198.45.53.0/24198.45.54.0/24198.45.55.0/24198.45.56.0/24198.45.57.0/24198.45.61.0/24198.45.62.0/24198.45.63.0/24208.75.79.0/24 From radb 23.246.0.0/1823.246.15.0/2423.246.20.0/2423.246.28.0/2423.246.29.0/2423.246.30.0/2423.246.31.0/2437.77.184.0/2137.77.184.0/2337.77.186.0/2337.77.188.0/2345.57.0.0/1764.120.128.0/1766.197.128.0/1769.53.224.0/19108.175.32.0/20108.175.47.0/24185.2.220.0/22185.2.220.0/24185.2.221.0/24185.9.188.0/22192.173.64.0/18198.38.116.0/24198.38.117.0/24198.38.118.0/24198.38.119.0/24198.38.120.0/24198.38.121.0/24198.38.96.0/19198.45.48.0/20208.75.76.0/22208.75.76.0/24208.75.77.0/24208.75.78.0/24208.75.79.0/24 Quote Share this post Link to post
zhang888 1066 Posted ... I can't see any difference between HE and radb.There cannot be different since they are both BGP participants.You can ignore the /24s - I made sure they will be covered by the larger allocation in the example.The /18 allocation in the first example covers 23.246.0.0 - 23.246.63.255 and so with others. Seems like this still needs more testing from people with various Geo's. Maybe for some regionsit will be required to include AS55095 to the routing table as well. In any case a single person from each side is still not enough feedback, please report more tests! Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... I can't see any difference between HE and radb.There cannot be different since they are both BGP participants.You can ignore the /24s - I made sure they will be covered by the larger allocation in the example.The /18 allocation in the first example covers 23.246.0.0 - 23.246.63.255 and so with others. Seems like this still needs more testing from people with various Geo's. Maybe for some regionsit will be required to include AS55095 to the routing table as well. In any case a single person from each side is still not enough feedback, please report more tests! thanks for looking. it shouldn't make a difference but I'm using pfsense and not Eddie. Yes, hopefully others can help work this out. Quote Share this post Link to post
Thalium 4 Posted ... Just to add some information that might be of some use to someone.The other night I was bored enough to check my netflix access on every AirVPN server. I don't use a Pfsense box, just your average user, DNS leak protection, firewall rules (block all apart from added AirVPN servers) etc.It was suggested before that the restrictions may now be associated with netflix accounts. I think this may be the case.I was able to view netflix europe on every NL server with no issues. All servers micro-routing US Netflix or other were not playable. Working through all the servers I would check with http://witch.valdikss.org.ru/ every 3 servers or so or if a country, or region location change happened.There was no correlation between the results of 'W I T C H' and what I could or couldn't access.In the next few days I hope to find the time to setup a netflix account with a US address, US registered payment etc and will see if that changes things.As things stand EU netflix works no problem for me. The lack of content is a problem though 2 go558a83nk and sckirklan reacted to this Quote Share this post Link to post
Not connected, Your IP: 3.144.3.230
Online: 26227 users - 298571 Mbit/s total BW