Jump to content


Photo
- - - - -

Bypass VPN for specific domain names (Netflix, Hulu) via custom configuration in OpenVPN (Tomato, DD-WRT,router)

Bypass Netflix Hulu OpenVPN Tomato router DD-WRT

  • Please log in to reply
9 replies to this topic

#1 quesadillaLOVER

quesadillaLOVER

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 04 October 2016 - 05:23 PM

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account.  Does not help for out-of-country Netflix access.  

 

I was surprised to not see this in the forum, as it's very simple and works.  It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.

 

allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway

 

So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses.  I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).



#2 quesadillaLOVER

quesadillaLOVER

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 04 October 2016 - 09:08 PM

Well just took a day for that to stop working.  Netflix IPs change FAST.  I just ran nslookup for netflix.com... the addresses change every time I run the command.  Even after five seconds, there several new IPs.  I guess it really is difficult to bypass openVPN for a domain name like that. 

 

That said, there are only so many IP addresses that Netflix can use.  It seems like there could be a script that checks the addresses every few seconds and re-builds a local list.  Eventually the list would be 99% accurate, and refreshes to the script would make it complete.



#3 quesadillaLOVER

quesadillaLOVER

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 09 October 2016 - 08:02 PM

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.



#4 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 413 posts

Posted 10 October 2016 - 03:07 PM

An alternative to using ForceBindIP for browsing is to use the HTTP proxy Squid/Cygwin. See this::
 
https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=49046
 
The description there is for browsing using the VPN when you use the VPN only for selected things (torrents and browsing/ripping geo-restricted sites). But you could put your non-VPN interface and DNS server addresses into the config file instead.

#5 techterrain

techterrain

    Member

  • Members
  • PipPip
  • 10 posts

Posted 22 October 2016 - 01:18 PM

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.

Hey there,

 

using ForceBindIP to use a dedicated browser to use your home IP is exactly what I am missing with AIrVPN so far. I had been able to do so while using another VPN but cannot get it to work with network lock enabled, even when new rules are added to the firewall after activation of network lock has been enabled. The funny thing is, the bypass via ForceBindIP is possible when using wifi, but not with a wired connection. I am in Win10, by the way. Any chance you got ForceBindIP working with network lock on and on a wired connection to your router?

 

Cheers!



#6 elipeordan112

elipeordan112

    Newbie

  • New Members
  • Pip
  • 4 posts
  • Location1952 Kinchant St

Posted 01 January 2017 - 05:15 AM

Firs of all I wanna thank all Viscosity developers for a wonderful soft they created.
And now let's get to buziness =)
I need to visit some domains thru my local provider, but not thru openvpn connection, which is constantly established here. I know about ip-based route exceptions, however the problem is that most of that websites use a numerous number of ip addresses and it's almost impossible to add all of them.
Is there any way of routing domains, but not ip addresses in the way I need? Maybe some 3rd-party software, if Viscosity can't make it?



#7 giganerd

giganerd

    I shall have no title

  • Members
  • PipPipPip
  • 2478 posts
  • LocationGermany

Posted 03 January 2017 - 07:56 AM

Is there any way of routing domains, but not ip addresses in the way I need?

 

An OS's routing table uses IP addresses, so no, domains won't work. You're also not the only one wanting this, I fear there's no other way. Even adding all IP ranges sometimes doesn't yield the desired effects, especially with Netflix.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs is the proper way to heaven.
Same issues are rare! Search for solutions and if not successful open your own threads.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

 


#8 Stack of computer parts

Stack of computer parts

    Member

  • Members
  • PipPip
  • 28 posts

Posted 25 January 2017 - 04:13 PM

I sat on tech support with netflix and bitched about not being able to use my vpn and demanding a real answer. They are very cagey with information and would loop around the same question "why do you use a vpn" over and over again thinking they could wear me down. I even asked them why they could not lock my account to my billing address since Ive had netflix for years it is clearly me, and not some guy in another country wanting to watch shows in mine. Never the less it didn't yield much for a laughable answer that I should talk to my ISP and have them host my VPN using the IP addy that was originally assigned to me as closely geographically tied to my physical address as possible(he gave no ranges, I assume the radius is centered around my ISP). I have looked for local proxies around my house but there really arent any to see if that might work.

 

My solution was to just use a switch and a roku box. I tried this before when roku first came out and it was terrible, but the 4k one is quite nice. Granted, this wont help someone whose primary screen is a laptop but it suits my needs. A chromecast also works and could be used to 'cast' the video feed to your screen of choice but using a phone as a remote was annoying.



#9 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2205 posts

Posted 25 January 2017 - 04:32 PM

The complete solution for laptop users is install a VM which will be bridged on the ethernet/wireless adapter and bypass VPN.

If you run VPN on the router you can exclude that VM IP and route it via WAN.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#10 zqwvyx

zqwvyx

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 02 April 2018 - 03:34 AM

I wrote a quick Lua script that parses the address ranges from ipinfo.io and converts them to OpenVPN routes. Here's a link to the code: http://bit.ly/2Gu8Q2Y

Here's a list of routes that covers all the current Netflix ranges: https://pastebin.com/raw/zRyv6KDj







Similar Topics Collapse


Also tagged with one or more of these keywords: Bypass, Netflix, Hulu, OpenVPN, Tomato, router, DD-WRT

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 14728 - BW: 53349 Mbit/sYour IP: 54.81.244.248Guest Access.