Jump to content
Not connected, Your IP: 3.83.236.51
quesadillaLOVER

Bypass VPN for specific domain names (Netflix, Hulu) via custom configuration in OpenVPN (Tomato, DD-WRT,router)

Recommended Posts

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account.  Does not help for out-of-country Netflix access.  

 

I was surprised to not see this in the forum, as it's very simple and works.  It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.

 

allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway

 

So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses.  I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

Share this post


Link to post

Well just took a day for that to stop working.  Netflix IPs change FAST.  I just ran nslookup for netflix.com... the addresses change every time I run the command.  Even after five seconds, there several new IPs.  I guess it really is difficult to bypass openVPN for a domain name like that. 

 

That said, there are only so many IP addresses that Netflix can use.  It seems like there could be a script that checks the addresses every few seconds and re-builds a local list.  Eventually the list would be 99% accurate, and refreshes to the script would make it complete.

Share this post


Link to post

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.

Share this post


Link to post

An alternative to using ForceBindIP for browsing is to use the HTTP proxy Squid/Cygwin. See this::

 

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=49046

 

The description there is for browsing using the VPN when you use the VPN only for selected things (torrents and browsing/ripping geo-restricted sites). But you could put your non-VPN interface and DNS server addresses into the config file instead.

Share this post


Link to post

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.

Hey there,

 

using ForceBindIP to use a dedicated browser to use your home IP is exactly what I am missing with AIrVPN so far. I had been able to do so while using another VPN but cannot get it to work with network lock enabled, even when new rules are added to the firewall after activation of network lock has been enabled. The funny thing is, the bypass via ForceBindIP is possible when using wifi, but not with a wired connection. I am in Win10, by the way. Any chance you got ForceBindIP working with network lock on and on a wired connection to your router?

 

Cheers!

Share this post


Link to post

Firs of all I wanna thank all Viscosity developers for a wonderful soft they created.
And now let's get to buziness =)
I need to visit some domains thru my local provider, but not thru openvpn connection, which is constantly established here. I know about ip-based route exceptions, however the problem is that most of that websites use a numerous number of ip addresses and it's almost impossible to add all of them.
Is there any way of routing domains, but not ip addresses in the way I need? Maybe some 3rd-party software, if Viscosity can't make it?

Share this post


Link to post

Is there any way of routing domains, but not ip addresses in the way I need?

 

An OS's routing table uses IP addresses, so no, domains won't work. You're also not the only one wanting this, I fear there's no other way. Even adding all IP ranges sometimes doesn't yield the desired effects, especially with Netflix.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

I sat on tech support with netflix and bitched about not being able to use my vpn and demanding a real answer. They are very cagey with information and would loop around the same question "why do you use a vpn" over and over again thinking they could wear me down. I even asked them why they could not lock my account to my billing address since Ive had netflix for years it is clearly me, and not some guy in another country wanting to watch shows in mine. Never the less it didn't yield much for a laughable answer that I should talk to my ISP and have them host my VPN using the IP addy that was originally assigned to me as closely geographically tied to my physical address as possible(he gave no ranges, I assume the radius is centered around my ISP). I have looked for local proxies around my house but there really arent any to see if that might work.

 

My solution was to just use a switch and a roku box. I tried this before when roku first came out and it was terrible, but the 4k one is quite nice. Granted, this wont help someone whose primary screen is a laptop but it suits my needs. A chromecast also works and could be used to 'cast' the video feed to your screen of choice but using a phone as a remote was annoying.

Share this post


Link to post

Hey, thanks... I did not know I could do this. Got my hulu running with routing, everything else Netflix, etc... works fine through the Air(vpn) xd

 


This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account.  Does not help for out-of-country Netflix access.  

 

I was surprised to not see this in the forum, as it's very simple and works.  It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.

 

allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway

 

So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses.  I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...