Jump to content
Not connected, Your IP: 34.237.51.159

Recommended Posts

Today (and yesterday), I tried to use Netflix while connected to AirVPN. I was trying to connect to the netflix.com website on Firefox browser.

 

The servers that I have tried to use that are blocked: Naos, Pollux, Zosma, Alkaid, Pavonis.

​Miaplacidus.

​Zosma.

Rasalas.

​Azha.

​Albireo.

​Dschubba.

​Metallah

 

Picture of error message: http://imgur.com/pOnEZgr

Share this post


Link to post

connected to Auva I did some tests.  Previously netflix was working on both roku and apple tv.  not sure when it quit working but it has on both devices.

 

my setup is pfsense and I am redirecting all DNS requests to Air DNS so netflix's DNS requests to google DNS will be blocked.  I even changed mssfix until the witch web site said "no openvpn detected", which took an mssfix value of 1340 with TCP tunnel.  still not working.

Share this post


Link to post

List of servers that I have tested that have been blocked by Netflix.

Alkaid.

Pavonis.

​Miaplacidus.

​Zosma.

Rasalas.

​Azha.

​Albireo.

​Dschubba.

​Metallah.

 

Share this post


Link to post

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

Share this post


Link to post

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

 

AS2906, AS55095, should be good candidates to start with.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I disconnected from AirVPN in order to watch Netflix last night in sheer desperation. I assumed that I would be able to reconnect but have failed t do so so far. Can anyone please help? I am on IOS and have no programming ability nor do I understand the language being used.

Share this post


Link to post

 

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

 

AS2906, AS55095, should be good candidates to start with.

 

allowing AS2906 outside the VPN tunnel got netflix to work.  I didn't need to allow AS55095.

Share this post


Link to post

That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to.

 

I hate having to allow so much outside the VPN.  I guess this has gotten too complicated for Air to re-route?

Share this post


Link to post

There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.

So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPs

per each Air user (in case of rerouting).

 

As long as you route only netblocks from the AS there is little to no risk, imho.

This is a service that is tied to your identity in any case (for payment, etc).


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.

So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPs

per each Air user (in case of rerouting).

 

As long as you route only netblocks from the AS there is little to no risk, imho.

This is a service that is tied to your identity in any case (for payment, etc).

 

if that's how they are determining who to block then it is useless for Air to do anything.  too bad.  of course the netflix account is tied to identity but my main reason for having a VPN is keep my ISP from knowing everything I do.

Share this post


Link to post

 

 

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized.

 

AS2906, AS55095, should be good candidates to start with.

 

allowing AS2906 outside the VPN tunnel got netflix to work.  I didn't need to allow AS55095.

 

Are you adding static routes for each network in that ASN or is there a fancier trick?

 

Thanks!

Share this post


Link to post

Are you adding static routes for each network in that ASN or is there a fancier trick?

 

Thanks!

 

 

There aren't too many networks in AS2906, but in any case in order to get parsed CIDR results for it - we will query the radb:

 

whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' |sort -n
 

 

Then the results can be fed to your iptables/AirVPN client/Windows firewall/router/etc.

 

Actually they announce smaller /24 blocks when their /17 and /18 cover them perfectly, so

I managed to narrow down the list for you by simply removing the redundant /24s:

 

 

whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' | grep -v "/24" | sort -n
 

 

 

23.246.0.0/18

37.77.184.0/21

45.57.0.0/17

64.120.128.0/17

66.197.128.0/17

69.53.224.0/19

108.175.32.0/20

185.9.188.0/22

192.173.64.0/18

198.45.48.0/20

208.75.76.0/22

 

That would be all.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

ok, for the less technically skilled...

I just enter the IPs in the last post to my eddie client's outsideVPN list and it's done?

Share this post


Link to post

I would love to confirm this worked for me but it did not.   Hopefully I'm just doing something wrong.

 

I added the list above to:

AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnel

Is that the correct way to add them?)

 

However I'm getting the "proxy detected" error in Netflix.

Tried on Zosmas, Gorgonea, Agena & Rasalas.

Share this post


Link to post

I would love to confirm this worked for me but it did not.   Hopefully I'm just doing something wrong.

 

I added the list above to:

AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnel

Is that the correct way to add them?)

 

However I'm getting the "proxy detected" error in Netflix.

Tried on Zosmas, Gorgonea, Agena & Rasalas.

 

when you add the routes to go outside the tunnel be sure to disconnect, exit out of Eddie properly.  then restart it and use like normal.  it should work assuming zhang was correct about the overlapping ranges (he probably was).

Share this post


Link to post

Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.

I tried both with Network Lock Active (which is how I normally connect) and disabled.  Same results for both.

 

Is there any other setting that can interfere with this?

Any logs I can post/review?

 

 read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:

http://witch.valdikss.org.ru/

 

When I go to the site it does detect OpenVPN:

First seen    = 2016/06/13 17:55:58
Last update   = 2016/06/13 17:55:58
Total flows   = 1
Detected OS   = Windows 7 or 8
HTTP software = Chrome 51.x or newer (ID seems legit)
MTU           = 1392
Network link  = OpenVPN UDP bs128 SHA1 lzo
Language      = English
Distance      = 9
PTR           = 83.154.21.46.in-addr.arpa

PTR test      = Probably home user
Fingerprint and OS match. No proxy detected (this test does not include headers detection).
OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled.

Share this post


Link to post

 

Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.

I tried both with Network Lock Active (which is how I normally connect) and disabled.  Same results for both.

 

Is there any other setting that can interfere with this?

Any logs I can post/review?

 

 read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:

http://witch.valdikss.org.ru/

 

When I go to the site it does detect OpenVPN:

First seen    = 2016/06/13 17:55:58
Last update   = 2016/06/13 17:55:58
Total flows   = 1
Detected OS   = Windows 7 or 8
HTTP software = Chrome 51.x or newer (ID seems legit)
MTU           = 1392
Network link  = OpenVPN UDP bs128 SHA1 lzo
Language      = English
Distance      = 9
PTR           = 83.154.21.46.in-addr.arpa

PTR test      = Probably home user
Fingerprint and OS match. No proxy detected (this test does not include headers detection).
OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled.

 

whatever witch says doesn't matter if the routes to netflix are going outside the VPN tunnel.  what netflix would see is your regular ISP connection.

 

do a route trace to an IP address in the ranges meant to go outside the VPN tunnel to make sure they are indeed...

Share this post


Link to post

I see what the problem is.  I got my data for AS2906 from http://bgp.he.net/AS2906#_prefixes
 
It seems to have a lot more prefixes than the whois method zhang presented.  So, it could be that you just haven't routed all the ranges yet.

 

From HE

 

 

23.246.0.0/18

23.246.2.0/24

23.246.3.0/24

23.246.4.0/24

23.246.5.0/24

23.246.6.0/24

23.246.7.0/24

23.246.8.0/24

23.246.9.0/24

23.246.10.0/24

23.246.11.0/24

23.246.12.0/24

23.246.13.0/24

23.246.14.0/24

23.246.15.0/24

23.246.16.0/24

23.246.17.0/24

23.246.18.0/24

23.246.20.0/24

23.246.22.0/24

23.246.23.0/24

23.246.24.0/24

23.246.25.0/24

23.246.26.0/24

23.246.27.0/24

23.246.28.0/22

23.246.28.0/24

23.246.29.0/24

23.246.30.0/24

23.246.31.0/24

23.246.32.0/20

23.246.36.0/24

23.246.37.0/24

23.246.38.0/24

23.246.39.0/24

23.246.40.0/24

23.246.41.0/24

23.246.42.0/24

23.246.44.0/24

23.246.45.0/24

23.246.46.0/24

23.246.47.0/24

23.246.48.0/24

23.246.49.0/24

23.246.50.0/24

23.246.51.0/24

23.246.54.0/24

23.246.55.0/24

23.246.56.0/24

23.246.57.0/24

23.246.58.0/24

23.246.59.0/24

23.246.62.0/24

23.246.63.0/24

37.77.184.0/24

37.77.185.0/24

37.77.186.0/24

37.77.187.0/24

37.77.188.0/24
37.77.189.0/24

37.77.190.0/24

37.77.191.0/24

45.57.0.0/17

45.57.0.0/24

45.57.1.0/24

45.57.2.0/24

45.57.3.0/24

45.57.4.0/24

45.57.5.0/24

45.57.6.0/24

45.57.12.0/24

45.57.13.0/24

64.120.128.0/17

66.197.128.0/17

108.175.32.0/24

108.175.33.0/24

108.175.34.0/24

108.175.35.0/24

108.175.38.0/24

108.175.39.0/24

108.175.40.0/24

108.175.41.0/24

108.175.42.0/24

108.175.43.0/24

108.175.44.0/24

108.175.46.0/24

108.175.47.0/24

185.2.222.0/24
185.2.223.0/24

185.9.188.0/24

192.173.64.0/20

192.173.80.0/20

192.173.96.0/20

192.173.112.0/20

198.38.96.0/24

198.38.97.0/24

198.38.98.0/24

198.38.99.0/24

198.38.102.0/23

198.38.102.0/24

198.38.108.0/24

198.38.109.0/24

198.38.110.0/24

198.38.111.0/24

198.38.112.0/24

198.38.113.0/24

198.38.114.0/24

198.38.115.0/24

198.38.116.0/24

198.38.117.0/24

198.38.118.0/24

198.38.119.0/24

198.38.120.0/24

198.38.121.0/24

198.38.122.0/24

198.38.123.0/24

198.38.124.0/24

198.38.125.0/24

198.45.48.0/23

198.45.48.0/24

198.45.49.0/24

198.45.50.0/24

198.45.52.0/24

198.45.53.0/24

198.45.54.0/24

198.45.55.0/24

198.45.56.0/24

198.45.57.0/24

198.45.61.0/24

198.45.62.0/24

198.45.63.0/24

208.75.79.0/24

 

From radb

 

23.246.0.0/18
23.246.15.0/24
23.246.20.0/24
23.246.28.0/24
23.246.29.0/24
23.246.30.0/24
23.246.31.0/24
37.77.184.0/21
37.77.184.0/23
37.77.186.0/23
37.77.188.0/23
45.57.0.0/17
64.120.128.0/17
66.197.128.0/17
69.53.224.0/19
108.175.32.0/20
108.175.47.0/24
185.2.220.0/22
185.2.220.0/24
185.2.221.0/24
185.9.188.0/22
192.173.64.0/18
198.38.116.0/24
198.38.117.0/24
198.38.118.0/24
198.38.119.0/24
198.38.120.0/24
198.38.121.0/24
198.38.96.0/19
198.45.48.0/20
208.75.76.0/22
208.75.76.0/24
208.75.77.0/24
208.75.78.0/24
208.75.79.0/24

Share this post


Link to post

I can't see any difference between HE and radb.

There cannot be different since they are both BGP participants.

You can ignore the /24s - I made sure they will be covered by the larger allocation in the example.

The /18 allocation in the first example covers 23.246.0.0 - 23.246.63.255 and so with others.

 

Seems like this still needs more testing from people with various Geo's. Maybe for some regions

it will be required to include AS55095 to the routing table as well.

 

In any case a single person from each side is still not enough feedback, please report more tests!


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I can't see any difference between HE and radb.

There cannot be different since they are both BGP participants.

You can ignore the /24s - I made sure they will be covered by the larger allocation in the example.

The /18 allocation in the first example covers 23.246.0.0 - 23.246.63.255 and so with others.

 

Seems like this still needs more testing from people with various Geo's. Maybe for some regions

it will be required to include AS55095 to the routing table as well.

 

In any case a single person from each side is still not enough feedback, please report more tests!

 

thanks for looking.

 

it shouldn't make a difference but I'm using pfsense and not Eddie.  Yes, hopefully others can help work this out.

Share this post


Link to post

Just to add some information that might be of some use to someone.

The other night I was bored enough to check my netflix access on every AirVPN server. I don't use a Pfsense box, just your average user, DNS leak protection, firewall rules (block all apart from added AirVPN servers) etc.

It was suggested before that the restrictions may now be associated with netflix accounts. I think this may be the case.

I was able to view netflix europe on every NL server with no issues. All servers micro-routing US Netflix or other were not playable. 
Working through all the servers I would check with http://witch.valdikss.org.ru/ every 3 servers or so or if a country, or region location change happened.

There was no correlation between the results of 'W I T C H' and what I could or couldn't access.

In the next few days I hope to find the time to setup a netflix account with a US address, US registered payment etc and will see if that changes things.

As things stand EU netflix works no problem for me. The lack of content is a problem though

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...