DD-wrt, everything thru VPN accept Netflix

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4  Next
View previous topic :: View next topic  
Author Message
dahosepipe
DD-WRT Novice


Joined: 24 Mar 2015
Posts: 33
PostPosted: Tue Mar 15, 2016 22:21    Post subject: Reply with quote
Cerebus99 wrote:
It worked for me (using dd-wrt on Netgear R7000 via a Canadian ISP and IPVanish). This is true of streaming on my PC and wireless connections to the router from a PS3 and Smart TV.


Glad it worked for you! Happy to help.

Cerebus99 wrote:
For some reason though my mobile phone still gets the proxy error.


You may need to add a server or two to the list. You can use tcpdump while logged in to the R7000 via Telnet to watch the traffic. "tcpdump -i eth1" or "tcpdump -i eth2" most likely

Cerebus99 wrote:
In general I am not happy that Netflix has prompted me to reduce my overall internet security but I am very happy to have found this work around.


I'm pissed at Netflix about this. As a US Subscriber using a VPN Proxy in the US I don't understand why they feel the need to block legitmate users.
Back to top View user's profile Send private message
Sponsor
flop_shot
DD-WRT Novice


Joined: 03 Mar 2016
Posts: 22
Location: Austin, TX
PostPosted: Tue Mar 15, 2016 22:48    Post subject: Reply with quote
This is awesome! Thanks dahosepipe and eibgrad for putting this together. I've put it in and it think it's working for me.

But a question... I noticed that you have whatismyip.org as one that should bypass the VPN. But when I check it out, it's returning my VPN's IP address. Why is that?

Edit: The other odd thing I've noticed is that speedtest.net still picks up my local IP address. It wasn't doing that before I put this change in.
_________________
WRT1900ACS with DD-WRT v3.0-r29300M kongmv (03/25/16)

Last edited by flop_shot on Tue Mar 15, 2016 22:51; edited 1 time in total
Back to top View user's profile Send private message
dahosepipe
DD-WRT Novice


Joined: 24 Mar 2015
Posts: 33
PostPosted: Tue Mar 15, 2016 22:51    Post subject: Reply with quote
flop_shot wrote:
But a question... I noticed that you have whatismyip.org as one that should bypass the VPN. But when I check it out, it's returning my VPN's IP address. Why is that?


whatismyip.org should return your ISPs IP (not your VPNs) if things are working correctly.
Back to top View user's profile Send private message
flop_shot
DD-WRT Novice


Joined: 03 Mar 2016
Posts: 22
Location: Austin, TX
PostPosted: Tue Mar 15, 2016 23:19    Post subject: Reply with quote
dahosepipe wrote:
flop_shot wrote:
But a question... I noticed that you have whatismyip.org as one that should bypass the VPN. But when I check it out, it's returning my VPN's IP address. Why is that?


whatismyip.org should return your ISPs IP (not your VPNs) if things are working correctly.


when I do a lookup I get whatismyip.org -> 45.56.96.24

But when I check the routing table (route -n) I don't see that IP listed.
_________________
WRT1900ACS with DD-WRT v3.0-r29300M kongmv (03/25/16)
Back to top View user's profile Send private message
dahosepipe
DD-WRT Novice


Joined: 24 Mar 2015
Posts: 33
PostPosted: Tue Mar 15, 2016 23:22    Post subject: Reply with quote
Quote:
But when I check the routing table (route -n) I don't see that IP listed.


You should see 208.64.0.0 in the routing table.

Notice that whatismyip.org and whatsmyip.org are two different sites.
Back to top View user's profile Send private message
flop_shot
DD-WRT Novice


Joined: 03 Mar 2016
Posts: 22
Location: Austin, TX
PostPosted: Wed Mar 16, 2016 0:38    Post subject: Reply with quote
dahosepipe wrote:
Notice that whatismyip.org and whatsmyip.org are two different sites.


Damn! Sorry. I'll just be going now. But I will enjoy the new setup very much. Thank you!
_________________
WRT1900ACS with DD-WRT v3.0-r29300M kongmv (03/25/16)
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Wed Mar 16, 2016 9:22    Post subject: Reply with quote
Oke, i removed the policy based settings and firewall rules.

Copyd

Code:
SCRIPT_DIR="/tmp/etc/config"
SCRIPT="$SCRIPT_DIR/add-routes.wanup"
mkdir -p $SCRIPT_DIR

cat << "EOF" > $SCRIPT
#!/bin/sh

# dd-wrt selective domain routing
WAN_GW="$(nvram get wan_gateway)"

# list domains for selective routing
for domain in \
"netflix.com" \
"ichnaea.netflix.com" \
"movies.netflix.com" \
"www.netflix.com" \
"nflxext.com" \
"cdn1.nflxext.com" \
"nflximg.com" \
"nflxvideo.net" \
"ipv4_1.cxl0.c145.sjc002.ix.nflxvideo.net" \
"amazonaws.com" \
"whatsmyip.org"
do
  # extract ip addresses
  for ip in $(nslookup $domain | awk '/^Name:/,0{if (/^Addr/)print $3}'); do
    # add class c route for each ip address to wan gateway
    ip route add `echo $ip | cut -d . -f 1,2`.0.0/16 via $WAN_GW
  done
done

# flush cache
ip route flush cache
EOF

chmod +x $SCRIPT
sleep 60
$SCRIPT


In "Commands" on mine dd-wrt r7000 router, pressed "save startup" and rebooted the router, but still netflix is blocked and whatsmyip.org gives VPN IP.
what am i forgetting?
Back to top View user's profile Send private message
Cerebus99
DD-WRT Novice


Joined: 12 Mar 2016
Posts: 3
PostPosted: Wed Mar 16, 2016 16:14    Post subject: Reply with quote
Unfortunately the success I reported is not perfect. Later in the day it did not work. Using tcpdump I was able to find and add the following:

"ipv4_1.lagg0.c048.sea001.ix.nflxvideo.net" \
"ipv4_1.lagg0.c006.ord001.dev.ix.nflxvideo.net" \
"ipv4_1.lagg0.c105.ord001.ix.nflxvideo.net" \
"ipv4_1.lagg0.c031.sea001.ix.nflxvideo.net" \
"ipv4_1.lagg0.c005.ord001.dev.ix.nflxvideo.net" \

Now it works again...sort of. It streams fine on the PC but not the PS3. Checked tcpdump again while PS3 was connected and there were several more similar lines. I am worried this will be an endless process of adding more lines/rebooting/testing.

Can wildcards be used for these entries? Perhaps:
"*.dev.ix.nflxvideo.net" \


Thanks,
Allan
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Wed Mar 16, 2016 18:17    Post subject: Reply with quote
@eibgrad


I can/will flash mine r7000 with a Shibby tomato, will that do it?
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Wed Mar 16, 2016 18:24    Post subject: Reply with quote
I will set it up, but you need to give me the instructions Very Happy
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Wed Mar 16, 2016 20:01    Post subject: Reply with quote
Oke, router is flashed and running, i can telnet in to it.
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Thu Mar 17, 2016 18:43    Post subject: Reply with quote
@eibgrad

Tnx for your script, but i have a question about it, the first point is too

Quote:
"add ipset directive w/ your domains to DNSMasq custom configuration:
# e.g., ipset=/ipchicken.com/netflix.com/nflxvideo.net/lan2wan"


But where do i need to set it? must i paste it in the script or is there a other way to do it?

Or do in eed to do something like this

Code:

TID="200"
FW_MARK="0x88"
IPSET="netflix.com/nflxvideo.net"



Tanks for your patiënts
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Fri Mar 18, 2016 7:41    Post subject: Reply with quote
Does the script work with "routing policy"? because i only get the VPN to work when i enable "routing policy".
If i do nog set it, no data goes thru the VPN (VPN is connected)
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Fri Mar 18, 2016 18:57    Post subject: Reply with quote
Oke first things first, i cant get to run the VPN without setting a "routing policy". at this moment i have not configed the script and things.

Without a routing policy al traffic goes directly to isp (Ip chicken gives normal IP)
When setting a routing policy that IP goes thru the VPN (Ip chicken gives VPN ip) so the VPN works, so it looks like a missed config option?

The log shows the following:


Code:
Mar 18 19:40:28 unknown daemon.info dnsmasq-dhcp[1080]: DHCPREQUEST(br0) 192.168.0.100 00:04:20:eb:e1:6c
Mar 18 19:40:28 unknown daemon.info dnsmasq-dhcp[1080]: DHCPACK(br0) 192.168.0.100 00:04:20:eb:e1:6c HarmonyHub_beneden
Mar 18 19:40:28 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 18 19:40:28 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 18 19:40:29 unknown daemon.err apcupsd[888]: apcupsd FATAL ERROR in linux-usb.c at line 609 Cannot find UPS device -- For a link to detailed USB trouble shooting information, please see <http://www.apcupsd.com/support.html>.
Mar 18 19:40:29 unknown daemon.err apcupsd[888]: apcupsd error shutdown completed
Mar 18 19:40:29 unknown daemon.notice openvpn[1451]: OpenVPN 2.3.10 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  7 2016
Mar 18 19:40:29 unknown daemon.notice openvpn[1451]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.09
Mar 18 19:40:29 unknown daemon.warn openvpn[1454]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mar 18 19:40:29 unknown daemon.warn openvpn[1454]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 18 19:40:29 unknown daemon.notice openvpn[1454]: UDPv4 link local: [undef]
Mar 18 19:40:29 unknown daemon.notice openvpn[1454]: UDPv4 link remote: [AF_INET]104.238.169.147:1194
Mar 18 19:40:29 unknown daemon.warn openvpn[1454]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 18 19:40:30 unknown daemon.notice openvpn[1454]: [Private Internet Access] Peer Connection Initiated with [AF_INET]104.238.169.147:1194
Mar 18 19:40:30 unknown user.notice root: vpnrouting: clean-up
Mar 18 19:40:30 unknown daemon.info dnsmasq-dhcp[1080]: DHCPREQUEST(br0) 192.168.0.127 7c:5c:f8:48:8c:03
Mar 18 19:40:30 unknown daemon.info dnsmasq-dhcp[1080]: DHCPACK(br0) 192.168.0.127 7c:5c:f8:48:8c:03 test
Mar 18 19:40:32 unknown daemon.err openvpn[1454]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 19:40:32 unknown daemon.err openvpn[1454]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 19:40:32 unknown daemon.err openvpn[1454]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 19:40:32 unknown daemon.err openvpn[1454]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 19:40:32 unknown daemon.notice openvpn[1454]: TUN/TAP device tun11 opened
Mar 18 19:40:32 unknown daemon.notice openvpn[1454]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 18 19:40:32 unknown daemon.notice openvpn[1454]: /sbin/ifconfig tun11 10.188.1.6 pointopoint 10.188.1.5 mtu 1500
Mar 18 19:40:32 unknown daemon.notice openvpn[1454]: updown.sh tun11 1500 1542 10.188.1.6 10.188.1.5 init
Mar 18 19:40:32 unknown daemon.notice openvpn[1454]: Initialization Sequence Completed
Mar 18 19:41:09 unknown daemon.info dnsmasq-dhcp[1080]: DHCPREQUEST(br0) 192.168.0.116 44:4c:0c:c0:90:32
Mar 18 19:41:09 unknown daemon.info dnsmasq-dhcp[1080]: DHCPACK(br0) 192.168.0.116 44:4c:0c:c0:90:32 Iphone
Mar 18 19:41:13 unknown daemon.info dnsmasq-dhcp[1080]: DHCPDISCOVER(br0) 00:18:dd:41:01:0c
Mar 18 19:41:13 unknown daemon.info dnsmasq-dhcp[1080]: DHCPOFFER(br0) 192.168.0.102 00:18:dd:41:01:0c
Mar 18 19:41:13 unknown daemon.info dnsmasq-dhcp[1080]: DHCPREQUEST(br0) 192.168.0.102 00:18:dd:41:01:0c
Mar 18 19:41:13 unknown daemon.info dnsmasq-dhcp[1080]: DHCPACK(br0) 192.168.0.102 00:18:dd:41:01:0c HDhomerun
Mar 18 19:41:13 unknown cron.err crond[1034]: time disparity of 24305441 minutes detected



Mar 18 20:18:11 unknown daemon.err openvpn[4169]: event_wait : Interrupted system call (code=4)
Mar 18 20:18:11 unknown daemon.notice openvpn[4169]: /sbin/ifconfig tun11 0.0.0.0
Mar 18 20:18:11 unknown daemon.notice openvpn[4169]: updown.sh tun11 1500 1542 10.180.1.6 10.180.1.5 init
Mar 18 20:18:11 unknown daemon.notice openvpn[4169]: SIGTERM[hard,] received, process exiting
Mar 18 20:18:12 unknown kern.info kernel: tun: Universal TUN/TAP device driver, 1.6
Mar 18 20:18:12 unknown kern.info kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mar 18 20:18:12 unknown daemon.notice openvpn[4669]: OpenVPN 2.3.10 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 7 2016
Mar 18 20:18:12 unknown daemon.notice openvpn[4669]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
Mar 18 20:18:12 unknown daemon.warn openvpn[4672]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mar 18 20:18:12 unknown daemon.warn openvpn[4672]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 18 20:18:12 unknown daemon.notice openvpn[4672]: UDPv4 link local: [undef]
Mar 18 20:18:12 unknown daemon.notice openvpn[4672]: UDPv4 link remote: [AF_INET]104.207.136.31:1194
Mar 18 20:18:12 unknown daemon.warn openvpn[4672]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 18 20:18:12 unknown user.notice root: vpnrouting: clean-up
Mar 18 20:18:12 unknown daemon.notice openvpn[4672]: [Private Internet Access] Peer Connection Initiated with [AF_INET]104.207.136.31:1194
Mar 18 20:18:13 unknown user.notice root: vpnrouting: clean-up
Mar 18 20:18:15 unknown daemon.err openvpn[4672]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 20:18:15 unknown daemon.err openvpn[4672]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 20:18:15 unknown daemon.err openvpn[4672]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 20:18:15 unknown daemon.err openvpn[4672]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Mar 18 20:18:15 unknown daemon.notice openvpn[4672]: TUN/TAP device tun11 opened
Mar 18 20:18:15 unknown daemon.notice openvpn[4672]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 18 20:18:15 unknown daemon.notice openvpn[4672]: /sbin/ifconfig tun11 10.120.1.6 pointopoint 10.120.1.5 mtu 1500
Mar 18 20:18:15 unknown daemon.notice openvpn[4672]: updown.sh tun11 1500 1542 10.120.1.6 10.120.1.5 init
Mar 18 20:18:15 unknown daemon.notice openvpn[4672]: Initialization Sequence Completed
Mar 18 20:18:19 unknown daemon.err openvpn[4672]: event_wait : Interrupted system call (code=4)
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: OpenVPN STATISTICS
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: Updated,Fri Mar 18 20:18:19 2016
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: TUN/TAP read bytes,0
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: TUN/TAP write bytes,0
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: TCP/UDP read bytes,3890
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: TCP/UDP write bytes,1271
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: Auth read bytes,0
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: pre-compress bytes,0
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: post-compress bytes,0
Mar 18 20:18:19 unknown daemon.notice openvpn[4672]: pre-decompress bytes,0
Mar 18 20:18:20 unknown daemon.err openvpn[4672]: event_wait : Interrupted system call (code=4)
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: OpenVPN STATISTICS
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: Updated,Fri Mar 18 20:18:20 2016
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: TUN/TAP read bytes,0
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: TUN/TAP write bytes,0
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: TCP/UDP read bytes,3890
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: TCP/UDP write bytes,1271
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: Auth read bytes,0
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: pre-compress bytes,0
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: post-compress bytes,0
Mar 18 20:18:20 unknown daemon.notice openvpn[4672]: pre-decompress bytes,0



Any idea?
Back to top View user's profile Send private message
spider85
DD-WRT Novice


Joined: 07 Mar 2016
Posts: 21
PostPosted: Mon Mar 21, 2016 12:55    Post subject: Reply with quote
Oke, Finaly i got the VPN working.
But the script didnt work at this moment, i have done the following:

I put the following in: tomato --> advanced --> DHCP/DNS --> Dnsmasq

ipset=/ipchicken.com/netflix.com/nflxvideo.net/lan2wan

And put the script in tomato --> administration --> scripts --> firewall

i copyed wthe whole script from http://pastebin.com/dgKEU613
rule 1 till 76

saved evrythging and rebooted.

whatismyip.com gives the VPN IP but ipchicken.com gives also the VPN ip

If i telnet to the machine and do "ipset -L lan2wan" i get

Code:
root@unknown:/tmp/home/root# ipset -L lan2wan
ipset v6.24: The set with the given name does not exist



Logfile: http://pastebin.com/921ZkSZh
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3, 4  Next Display posts from previous:    Page 2 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum