Jump to content


Photo

Netflix blocked again

netflix blocked

  • Please log in to reply
62 replies to this topic

#1 A556

A556

    Advanced Member

  • Members
  • PipPipPip
  • 198 posts
  • LocationUnited States

Posted 10 June 2016 - 09:09 PM

Today (and yesterday), I tried to use Netflix while connected to AirVPN. I was trying to connect to the netflix.com website on Firefox browser.

The servers that I have tried to use that are blocked: Naos, Pollux, Zosma, Alkaid, Pavonis.
​Miaplacidus.
​Zosma.
Rasalas.
​Azha.
​Albireo.
​Dschubba.
​Metallah

Picture of error message: http://imgur.com/pOnEZgr

#2 sckirklan

sckirklan

    Member

  • Members
  • PipPip
  • 15 posts

Posted 10 June 2016 - 11:10 PM

Add Auva to that list.



#3 A556

A556

    Advanced Member

  • Members
  • PipPipPip
  • 198 posts
  • LocationUnited States

Posted 11 June 2016 - 12:46 AM

Add Auva to that list.

done

#4 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 11 June 2016 - 01:46 AM

connected to Auva I did some tests.  Previously netflix was working on both roku and apple tv.  not sure when it quit working but it has on both devices.

 

my setup is pfsense and I am redirecting all DNS requests to Air DNS so netflix's DNS requests to google DNS will be blocked.  I even changed mssfix until the witch web site said "no openvpn detected", which took an mssfix value of 1340 with TCP tunnel.  still not working.



#5 My VPN

My VPN

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 11 June 2016 - 01:51 AM

List of servers that I have tested that have been blocked by Netflix.

Alkaid.

Pavonis.

​Miaplacidus.

​Zosma.

Rasalas.

​Azha.

​Albireo.

​Dschubba.

​Metallah.

 


#6 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 11 June 2016 - 02:50 AM

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized. :(



#7 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 11 June 2016 - 03:07 AM

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized. :(

 

AS2906, AS55095, should be good candidates to start with.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#8 mharawira

mharawira

    Newbie

  • Members
  • Pip
  • 2 posts
  • LocationCanada

Posted 12 June 2016 - 06:49 PM

I disconnected from AirVPN in order to watch Netflix last night in sheer desperation. I assumed that I would be able to reconnect but have failed t do so so far. Can anyone please help? I am on IOS and have no programming ability nor do I understand the language being used. :(



#9 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 12 June 2016 - 07:44 PM

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized. :(

 

AS2906, AS55095, should be good candidates to start with.

 

allowing AS2906 outside the VPN tunnel got netflix to work.  I didn't need to allow AS55095.



#10 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 12 June 2016 - 07:46 PM

That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#11 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 12 June 2016 - 07:57 PM

That's good news, if more people can confirm this working maybe there will be reason to write a mini how-to.

 

I hate having to allow so much outside the VPN.  I guess this has gotten too complicated for Air to re-route?



#12 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 12 June 2016 - 08:03 PM

There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.

So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPs

per each Air user (in case of rerouting).

 

As long as you route only netblocks from the AS there is little to no risk, imho.

This is a service that is tied to your identity in any case (for payment, etc).


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#13 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 12 June 2016 - 08:12 PM

There are no official sources for it but it seems that the blocks occur based on the number of users that share the same IP.

So rerouting won't help much and will be only a short temporary solution for a few days. This is impossible to have unique IPs

per each Air user (in case of rerouting).

 

As long as you route only netblocks from the AS there is little to no risk, imho.

This is a service that is tied to your identity in any case (for payment, etc).

 

if that's how they are determining who to block then it is useless for Air to do anything.  too bad.  of course the netflix account is tied to identity but my main reason for having a VPN is keep my ISP from knowing everything I do.



#14 sckirklan

sckirklan

    Member

  • Members
  • PipPip
  • 15 posts

Posted 13 June 2016 - 05:04 AM

 

if anybody has insight on what hosts should be routed outside the VPN tunnel so that netflix works I could use the help.  they seem to do a real good job of being decentralized. :(

 

AS2906, AS55095, should be good candidates to start with.

 

allowing AS2906 outside the VPN tunnel got netflix to work.  I didn't need to allow AS55095.

 

Are you adding static routes for each network in that ASN or is there a fancier trick?

 

Thanks!



#15 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 13 June 2016 - 05:32 AM

Are you adding static routes for each network in that ASN or is there a fancier trick?

 

Thanks!

 

 

There aren't too many networks in AS2906, but in any case in order to get parsed CIDR results for it - we will query the radb:

 

whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' |sort -n
 

 

Then the results can be fed to your iptables/AirVPN client/Windows firewall/router/etc.

 

Actually they announce smaller /24 blocks when their /17 and /18 cover them perfectly, so

I managed to narrow down the list for you by simply removing the redundant /24s:

 

 

whois -h whois.radb.net -- '-i origin AS2906' | grep -w "route:" | awk '{print $NF}' | grep -v "/24" | sort -n
 

 

 

23.246.0.0/18
37.77.184.0/21
45.57.0.0/17
64.120.128.0/17
66.197.128.0/17
69.53.224.0/19
108.175.32.0/20

185.9.188.0/22
192.173.64.0/18

198.45.48.0/20
208.75.76.0/22
 

That would be all.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#16 st4r

st4r

    Advanced Member

  • Members
  • PipPipPip
  • 37 posts

Posted 13 June 2016 - 06:04 AM

ok, for the less technically skilled...

I just enter the IPs in the last post to my eddie client's outsideVPN list and it's done?



#17 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 13 June 2016 - 06:12 AM

Yes. Thanks to @go558a83nk for confirming this workaround.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#18 MerlinRPM

MerlinRPM

    Member

  • Members
  • PipPip
  • 14 posts

Posted 13 June 2016 - 11:54 AM

I would love to confirm this worked for me but it did not. :(  Hopefully I'm just doing something wrong.

 

I added the list above to:

AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnel

Is that the correct way to add them?)

 

However I'm getting the "proxy detected" error in Netflix.

Tried on Zosmas, Gorgonea, Agena & Rasalas.



#19 go558a83nk

go558a83nk

    Advanced Member

  • Members2
  • PipPipPip
  • 1699 posts

Posted 13 June 2016 - 02:03 PM

I would love to confirm this worked for me but it did not. :(  Hopefully I'm just doing something wrong.

 

I added the list above to:

AirVPN Client -> Preferences -> Routes -> [x.x.x.x/xx] Outside the VPN tunnel

Is that the correct way to add them?)

 

However I'm getting the "proxy detected" error in Netflix.

Tried on Zosmas, Gorgonea, Agena & Rasalas.

 

when you add the routes to go outside the tunnel be sure to disconnect, exit out of Eddie properly.  then restart it and use like normal.  it should work assuming zhang was correct about the overlapping ranges (he probably was). :)



#20 MerlinRPM

MerlinRPM

    Member

  • Members
  • PipPip
  • 14 posts

Posted 13 June 2016 - 02:59 PM

Yeah I did that, rebooted my PC as well, tried a few more US/CAN servers, no luck.

I tried both with Network Lock Active (which is how I normally connect) and disabled.  Same results for both.

 

Is there any other setting that can interfere with this?

Any logs I can post/review?

 

 read on another thread that if WITCH detects OpenVPN Netflix will as well, not sure if it's relevant here or not:

http://witch.valdikss.org.ru/

 

When I go to the site it does detect OpenVPN:

First seen    = 2016/06/13 17:55:58
Last update   = 2016/06/13 17:55:58
Total flows   = 1
Detected OS   = Windows 7 or 8
HTTP software = Chrome 51.x or newer (ID seems legit)
MTU           = 1392
Network link  = OpenVPN UDP bs128 SHA1 lzo
Language      = English
Distance      = 9
PTR           = 83.154.21.46.in-addr.arpa

PTR test      = Probably home user
Fingerprint and OS match. No proxy detected (this test does not include headers detection).
OpenVPN detected. Block size is 128 bytes long (probably AES), MAC is SHA1, LZO compression enabled.






Also tagged with one or more of these keywords: netflix, blocked

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 15607 - BW: 65344 Mbit/sYour IP: 34.226.208.185Guest Access.