Before I start with my question I think there maybe an issue with the password reminder email not being received. I'm unable to access my old OpenWrt account, I tried the reminder feature but didn't receive an email, of course have checked spam. So had to register with a new account.
Anyway my question is, I'm runing OpenWrt 21.02 with OpenVN connecting to a paid for 3rd party VPN. I'm using a UDP UK sever, I can connect and confirm a UK IP via whatismyip.com - so far so good.
However when I try iPlayer I receiv e amessage that the content is not available in my region. I've tried Channel 4 which works, but ITV's player similar seems to not work (albeit minus a message about my region). The VPN does provide a browser extension which when connected allows me to access iPlayer but I'd prefer to have this working at the router.
So I'm beginnig t suspect that some openwrt config is causing the issue, perhaps a firewall setting? Are there any tests I can run to confirm,
I keep seeing this in the systme log which I'm not sure if it is significant:
Mon May 8 17:05:58 2023 user.notice firewall: Reloading firewall due to ifup of tun0 (tun0)
We can review your configuration, but keep in mind that the streaming services have various criteria that may result in the restrcition of content even when using a VPN. For example, your computer (and phone/tablet) may have location services that use methods other than VPN (for example, location services based on Wifi SSIDs is common, albeit not always accurate, for computers, while phones and tablets might use that plus GPS data). Some services may also restrict content when the IP is known to belong to a VPN service.
Anyway, if you want to have a review of your config...
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Please see in my original post - "The VPN does provide a browser extension which when connected allows me to access iPlayer but I'd prefer to have this working at the router."
In all cases I am connected to the openwrt router. But the vpn suggested I try their chrome extension, it provides a country list and I enter the same credentials used in my userpass.txt. When it is enabled iplayer works. Hope that makes sense?
Something significant I should probably add, my real actual IP is in the UK, so the provider can't be reading a real IP which it determines I am trying to mask, I would guess?
This is related to the server you're using with the VPN provider vs the one used in the browser plugin.
It's not an issue related to openwrt, rather something you'd need to discuss with your VPN provider. The ones I've used in the past have dedicated UK streaming servers to connect to which are used to bypass region restrictions.
The BBC is actively trying to block VPN connections so it is a Cat and Mouse game with VPN providers.
One thing to pay attention to is DNS leak, one way to track you is to see where the DNS request is coming from so make sure your DNS request is also routed via the the VPN tunnel. ipleak.net and dnsleaktest.com will show you if the DNS is not leaking.
I went back to the VPN provider and explained that the -iplayer was only working when I used their browser extension, suggesting that it uses a different server to that which I have configured in my openvpn router config.
I then thought to try the openvpn standalone windows app. I installed it and used the same config file as used in openwrt, with the suspected blocked server and the i-player does work. This would lead to the conclusion that it is in fact the router config which is the issue and not the server?
Every time you connect to the VPN provider you'll get a different IP address, even with the same config. It could be that the IP address you got when you connected to the desktop was not blocked by the BBC.
Are you able to connect to iPlayer consistently after reconnecting to the VPN multiple times on the desktop?
I've just tried 3 different times connecting with the windows app, giving me 3 different IP's and on each occasion I was able to view i-player content. I've never once manaaged to view content when connected to the openwrt router.
Could this be significant, my openwrt is plugged via the red wan port into a lan router which is wireless connected to my main router. I could rip it ut and plug it direct to the main router but I'd rather not if we can rule this out?
That should not matter. The outside of the tunnel (encrypted packets) only needs some connection through the Internet to reach the VPN server. It does not matter if they are NATd multiple times.
Unfortunately the thread has gone dead, so I'll leave my concluding findings:
VPN tested with:
OpenWrt
3rd Party VPN Browser Extension
OpenVPN Windows App.
For my tests all 3
same VPN server and settings used
connecting from the UK to a UK VPN
confirmed that IP is UK based from the same range
In all scenarios but OpenWrt I was able me to stream from i-player on every occasion without fail. The common denominator at all points of failure is OpenWrt which is leaking my IP or otherwise triggering i-player that my connection is suspicious and denying me access.
An aside, this appears to be a bug in the OpenWrt firmware, steps to reproduce:
Connect to a working openvpn configured server
Stop server
Upload a misocnfigured server config file
Try to connect, fails
Delete mis-cnfigured server and re-upload the correct working server
Connection does not work
The only way to resolve this is to reboot the router. The error logs I see when this happens:
Tue May 16 15:56:31 2023 daemon.err openvpn(54654565)[9427]: RESOLVE: Cannot resolve host address: ************.com:80 (Try again)
Tue May 16 15:56:36 2023 daemon.err openvpn(54654565)[9427]: RESOLVE: Cannot resolve host address: ************.com:80 (Try again)
Tue May 16 15:56:36 2023 daemon.warn openvpn(54654565)[9427]: Could not determine IPv4/IPv6 protocol
Tue May 16 15:56:36 2023 daemon.notice openvpn(54654565)[9427]: SIGUSR1[soft,init_instance] received, process restarting
Tue May 16 15:56:41 2023 daemon.warn openvpn(54654565)[9427]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue May 16 15:56:46 2023 daemon.err openvpn(54654565)[9427]: RESOLVE: Cannot resolve host address: ************.com:80 (Try again)
It makes debugging practically impossible because each new config upload required a reboot of router