Hi everynoe,
I'm using OpenWrt 23.05.2 on my OrangePi R1 PLUS LTS but when I try to watch something on Netflix or Disney+ I've problems. I konw there is the PBR to SKYP the VPN for Netflix and use the IP of the ISP.
Someone can help me for configurate all??
Thanks
Policy Based Routing (PBR ) can be used to single out some of your LAN clients e.g. your TV from using the VPN
1 Like
Hi,
I need if i want watch Netflix/prime/Disney on my TV use the normal line and for the rest use the VPN.
It's possible?
I installed PBR and luci-pbr now I need just NETFLIX.com go on the WAN and not on the VPN.
What I must do?? I Checked on ENALBE on "Custom User File Includes" for "/usr/share/pbr/pbr.user.netflix", and do "Save & Apply" but nothing,
if I do the tracert to connect on NETFLIX.COM give me this massage
C:\Users\franc>tracert -d netflix.com
Traccia instradamento verso netflix.com [18.200.8.190]
su un massimo di 30 punti di passaggio:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 192.168.1.1 rapporti: Protocollo di destinazione non raggiungibile.
Traccia completata.
If I UNCHECK, but all the traffic goes on the VPN, give me this message
C:\Users\franc>tracert -d netflix.com
Traccia instradamento verso netflix.com [3.251.50.149]
su un massimo di 30 punti di passaggio:
1 <1 ms <1 ms <1 ms 192.168.1.1
2 12 ms 12 ms 12 ms 10.7.4.1
3 12 ms 13 ms 12 ms 185.217.71.177 (VPN IP)
4 * * * Richiesta scaduta.
5 13 ms 12 ms 32 ms 146.70.1.186
6 12 ms 12 ms 12 ms 93.186.128.46
7 13 ms 13 ms 13 ms 93.186.128.107
What can I do??
Thanks
From the Manual:
If you want to use
dnsmasq’sipsetornftsetssupport, you will need to installdnsmasq-fullinstead of thednsmasq. To do that, connect to your router via ssh and run the following commands:
But Netflix destination routing is unreliable in my testing.
Just use the source IP address of your TV to route that via the WAN.
It is possible that you also need to do some DNS tweaking as Netflix might track your DNS location.
I need, when I use my TV, netflix and prime go on normal line and other programs do on VPN. It's possible?
Then you have to try destination routing with the netflix ipset.
For that you have to install dnsmasq full as described in the pbr guide.
As said no guarantee it will work and you still have to take care of dns
It's installed
ut what I must do now? What I must check in " Policy Based Routing - Configuration"?
Thanks
Do you have all the Disney, NetFlix and Amazon server IP addresses in a list to add to PBR?
The domains needed for Netflix are /netflix.com/netflix.net/nflxext.com/nflximg.com/nflximg.net/nflxvideo.net/nflxso.net/
The domains needed for Disney+ (might not be exhaustive, can't test it atm) should be /disney-plus.net/disneyplus.com/disneyplus.com.ssl.sc.omtrdc.net/dssott.com/dssott.com.akamaized.net/search-api-disney.bamgrid.com/search-api-disney.svcs.dssott.com/
The domains (maybe not exhaustive) for Prime Video (which in my experience hasn't provided issues with VPN for the last 4 years) should be: /media-amazon.com/ssl-images-amazon.com/amazonvideo.com/amazon.com/primevideo.com/video.a2z.com/
If you enable /usr/share/pbr/pbr.user.netflix on the bottom of the PBR GUI then the netflix domains should automatically be added and be routed via the WAN.
You can check the list with (from command line) with:
/usr/sbin/nft list set 'inet fw4' pbr_wan_4_dst_ip_user
I did a quick test and it shows:
root@DL-WRX36:~# /usr/sbin/nft list set 'inet fw4' pbr_wan_4_dst_ip_user
table inet fw4 {
set pbr_wan_4_dst_ip_user {
type ipv4_addr
policy memory
flags interval
auto-merge
comment ""
elements = { 23.246.0.0/18, 37.77.184.0/21,
45.57.0.0/17, 64.120.128.0/17,
66.197.128.0/17, 69.53.224.0/19,
108.175.32.0/20, 185.2.220.0/22,
185.9.188.0/22, 192.173.64.0/18,
198.38.96.0/19, 198.45.48.0/20,
208.75.76.0/22 }
}
}
If you then do a traceroute 23.246.0.1 you should see that it is routed via the WAN at least it does on my router
If this will get all the necessary domains I cannot test, I do not have Netflix
See also chapter 8.3.15. Netflix Domains in the PBR guide
This is when I do the tracert netflix.com without the flag
if I put the flag and do the tracert always pass on VPN.
If I add it in policies
Block all. WHY??? What can I do?
I UNDERSTAND!!!!!!!!
In Network-->Firewall the LAN was ONLY "VPN_zone". I add the WAN and now no problem.
Thanks
Can tou the me if there's some file for Disney+ like amazon/netflix to add on "Custom User File Includes" thanks
I am not familiar with the PBR package/configuration via LuCI. But you are be able to ssh into the router to create a file in /usr/share/pbr/ that is called pbr.user.disney and add the domains to the file. Make sure to copy the file pattern of the pbr.user.netflix file if there is more to it than a simple list of domains. Then you should be able to use the Add button in the Custom User File Includes screenshot you posted to add the newly created file and there the Disney+ domains.
You can make a policy just like the netflix policy with the following domains:
Through our testing, we found that Disney Plus uses the following domains:
NOTE: These domains were obtained through testing and maybe differ depending on where you access Disney Plus. This list may also change at any time. For a definitive list, please reach out to Disney Plus Support.
disneyplus.com bamgrid.com bam.nr-data.net cdn.registerdisney.go.com cws.conviva.com d9.flashtalking.com disney-portal.my.onetrust.com disneyplus.bn5x.net js-agent.newrelic.com disney-plus.net dssott.com adobedtm.com
No guarantee it will work