Bypass Optus Sports VPN

c-riccio · July 14, 2024, 11:39pm

Hello, I currently live in Australia and have wireguard running with NordVPN connected to an Australian VPN server. With the VPN server connected Optus Sports detects my VPN and it will not work. I thought easy enough I will just enter the domain name in the PBR and away I go. That didnt work then I tried to enter the IP address instead of the domain and that too didnt work either. Is there anything else I can try?
This is the site sport.optus.com.au and this is the IP address I got it from inspecting the elements in google chrome 23.214.84.9 and used port 443

I also tried entering all the ip address obtained from tracert command there was around 10.....not sure if it matters but i used only the ip addresses not domain names.

Thanks

brada4 · July 15, 2024, 4:23am

Likely they dropped a cookie at you and now you are stuck until you come back from AU residential address.

stangri · July 15, 2024, 4:36am

Assuming you didn't bork the rest of your setup so that domain-based policy routing actually works, you may want to try the pbr version 1.1.5 which also supports DNS policies and make sure that the device you're accessing your sports web-site is using local DNS servers.

c-riccio · July 15, 2024, 4:51am

Thanks....I'm running PBR V1.1.1.7 I've come across this recently I cant see anywhere in the GUI where I can insert DNS policies.

c-riccio · July 15, 2024, 6:02am

Thanks do i need to uninstall my current PBR 1.1.1.7 before i install 1.1.5?
Domain PBR doesnt work for me. Could i have borked my setup, ive only got 2 rules for local machines to tunnel via VPN...my default gateway is WAN

Just checked PBR V1.1.5 is not listed when I do a package search

Edit:- I don't think my domain PBR is working, I just did a simple test and created a rule for whatismyipaddress.com to use my WAN and it doesnt work, i.e. my VPN IP is still coming up. Does it matter that I have my WAN as my default route?

Bit of background that may be the root cause but don't know whats causing it.
I have 2 network cards, one I use strictly for VPN 192.168.1.80 and the other for WAN. I mainly use the VPN route and only change when I have issues with routing via VPN.
As I test I reversed the route rule so that the whatismyipaddress.com is routed via VPN when on WAN and it works. However if I select my VPN network card and create the rule for whatismyipaddress.com to use the WAN it doesnt route and still routes via the VPN.
Should it work this way? or have I missed something?

Bugga I think I know what the problem might be.....I have one rule for 192.168.1.80 to route via VPN and then have a second rule for the domain to use the WAN, is this conflicting with each other?

Ive attached my PBR config settings.

Thanks

egc · July 15, 2024, 12:05pm

You can move your rule up with three striped menu icon, see if that helps

Further more you can set resolver support for domains and set to nft if that is what you are using

c-riccio · July 15, 2024, 12:20pm

You serious, something so simple fixed it....that also will solve my issue you were helping with regarding google and captchas.

Thanks again egc, really appreciate your help and everyone else input.

c-riccio · July 19, 2024, 10:32am

Unfortunately I still cannot get Optus to work even though I have set up the domain via PBR to use the WAN.

I did a test and changed my DNS servers from 1.1.1.1 and 1.0.0.1 to NordVPN DNS servers and it works.

So my question.....is there a way to set different DNS servers for specific domains?

My GUI doesnt provide an option to PBR DNS servers.

I'm thinking something along these lines but dont know where to insert it sport.optus.com.au/1.1.1.1(or whatever DNS I want)

Is there a PBR package that I can manually install so I have that option?

This person tried to forward the domain but later said it failed

I reckon I'm close!!

egc · July 19, 2024, 1:13pm

I am going to try to clear up things as far as I know.
DNS resolution is normally done by the router (through DNSMasq or similar), so the LAN client will get the routers address as DNS address.

Now you have a VPN which is not your default gateway i.e. all traffic is going through the WAN including the DNS.

You have one LAN client which you want to use the VPN and make a PBR rule to route traffic form this client via the VPN, so far so good.
But DNS resolution is still going to the router and the router wil use the WAN for DNS resolution.

The problem
Many websites e.g your bank , netfilx , Amazon etc will not only check the origin or your IP address (which will show the VPN tunnels address) but also the origin of your DNS query which is going through the WAN and shows a different origin.

The solution
On the client you need to put something else as DNS server instead of the routers address, this can be done through DNS option 6 or a redirect rule.
You use a publicly available DNS server instead of the routers address, you can choose any DNS server you want e.g. your VPN providers DNS server.
By doing this the LAN client will reach out to this DNS server for DNS resolution and the DNS query will just follow the path of all traffic from this client i.e. is going via the VPN tunnel

Problem solved.

Both option 6 and redirect rules are described at: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/stop-dns-leak
The next PBR upgrade will have a simple GUI setting for this DNS redirect

What you loose
As you are not using the router as DNS server you loose local name resolution and if you have set name resolution for certain domains through a different server (e.g. server=/mydomain/8.8.8.8) you of course will loose that to.
But you can set the server you want to use as redirect but that is the server all your domain resolution will use.

Can not explain it any better

c-riccio · July 19, 2024, 1:36pm

Ok think I understand, my actual default route is VPN not WAN

My VPN is set in my own country so there shouldn't be any geo lock, I think as you described my public DNS does not match my provider so there is my problem

My wan and vpn DNS are both set to 1.1.1.1 and 1.0.0.1.

If I change my VPN DNS to Nords the site that didn't work, works.
If I change my wan dns to nords it also works

In saying that is it good practice to have your wan dns and vpn dns to have the same dns servers? or one to have public dns and the other to have nords dns servers.

Correct me but option 6 wont allow domain names only static ip addresses? so i dont think I can use the method you described.

I'm struggling to understand...if I only route through WAN with DNS servers i.e. 1.1.1.1 everything works fine.....whats the difference if routing through VPN and have a PBR rule for the domain to route via WAN, it uses the same DNS server and yet it fails.(what else could be happening)

Just so I understand, If my wan dns is set to 1234 and my vpn dns is set to 2222 im assuming that when on vpn my dns will be 2222 and when using wan (not vpn) my dns will be 1234?

I will investigate what you described more thoroughly.

reddit.com is another problematic site but I will work on one issue at a time.
Thanks

c-riccio · July 21, 2024, 11:21am

Is there any issues in having 3 to 4 dns servers? Im asking because if i add my providers dns server as dns server #3 all sites appear to work.