[SOLVED] Netflix is given local lan address (192.0.0.69)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Milax
DD-WRT User


Joined: 24 Oct 2020
Posts: 175

PostPosted: Sun Oct 03, 2021 16:15    Post subject: [SOLVED] Netflix is given local lan address (192.0.0.69) Reply with quote
Hi Everyone,

I'm using DD-WRT v3.0-r47474 std (09/20/21) on my Dlink 882 A1. I have openvpn client service running (NordVPN), with Policy based routing rule defined so that only some devices are "behind" the VPN. Some of those devices xbox and smart tv) are used for netflix streaming and everything is ok. However, when i tried to access Netflix on my computer (exluded from policy based routing) to manage my account it failed. It was the same issue with all other devices that were not using the vpn (ping command on router also point netflix to 192.0.0.69).

I discovered later, when i tried to ping www.netflix.com, netflix.com on all the devices excluded from PBR, that they try to access Netflix on 192.0.0.69 address and obviously that's the cause of the issue and it may be linked to NordVPN DNS configured in 'Network Address Server Settings (DHCP)'. An information that may help is that, when i connect to nordvpn app installed on my computer on whatever server in the world, netflix is accessible again.

Quote:
PING netflix.com (192.0.0.69): 56 data bytes

--- netflix.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss


Any explanation or workaround for this issue ?


Last edited by Milax on Thu Oct 07, 2021 16:59; edited 1 time in total
Sponsor
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Sun Oct 03, 2021 16:59    Post subject: Reply with quote
what is your policy based routing rule... it looks as though DNS is getting routed incorrectly. Are any other sites having this problem?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun Oct 03, 2021 17:11    Post subject: Reply with quote
Usually NORD pushes its DNS servers.

So for all clients the DNS server from NORD are used.

What you want in this case is to use Different DNS servers for different clients (split DNS.

The OpenVPN guides and documents section (link in my signature) has a guide about DNS Problems and how to deal with that.

If you have any questions left feel free to ask.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Mon Oct 04, 2021 15:07    Post subject: Reply with quote
192.0.0.69 is a public address.

The private range is 192.168.0.0/16.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Oct 04, 2021 15:20    Post subject: Reply with quote
PYB is correct (as usual).

https://www.omnisecu.com/tcpip/what-are-private-ip-addresses.php

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Milax
DD-WRT User


Joined: 24 Oct 2020
Posts: 175

PostPosted: Mon Oct 04, 2021 17:56    Post subject: Reply with quote
Thanks for the answers that meant to help.

After removing Nord DNS servers, problem was solved.
192.0.0.69 seemed to me abnormal for Netflix, no matter how we call or classify this ip address. i'm wondering if it's safe to use other DNS server than those recommended by Nord ? Are google public DNS servers safe ?
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon Oct 04, 2021 22:43    Post subject: Reply with quote
Milax wrote:
Thanks for the answers that meant to help.

After removing Nord DNS servers, problem was solved.
192.0.0.69 seemed to me abnormal for Netflix, no matter how we call or classify this ip address. i'm wondering if it's safe to use other DNS server than those recommended by Nord ? Are google public DNS servers safe ?

Perfectly safe if you don't mind them keeping a permanent record of your DNS lookups and analyzing it to decide what to market to you. I don't actually know that they do this, but of course they are Google, so...

Safest free, nonlogging (beyond your general geographic area so they can accumulate stats) public DNS is Quad9 (9.9.9.9), because they screen out some vast number of malware domains. See quad9.net. They are one of several popular choices among dd-wrt users. My main router runs 3 VPN clients to two different providers and using both protocols, OpenVPN and wireguard, but I use Quad9 for DNS for all of them (dd-wrt runs a common DNS system, so "all" is ordinary), and the only issue is a few AirDNS domain names that only resolve through their DNS system. Those names are minor convenience features only though, so everything works fine.

Simpler answer: try changing your DNS server to a non-Nord choice and see what happens. By default you won't be running those DNS queries through Nord's VPN, but if you want to do that (after you try the plain-vanilla version for a bit) you can: add a "route 9.9.9.9" line to the OpenVPN client's Additional Config window, and when the VPN connects, it will tweak the dd-wrt routing table to route Quad9 access through the VPN. The change will be undone when the VPN is taken offline.

If you like that but want to go further and encrypt DNS queries between Nord's server and Quad9's server, see my sig (new method) below for a discussion of a bit of a hack that is working great on six routers for me.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Tue Oct 05, 2021 1:07    Post subject: Reply with quote
I was thinking it was one of Nord's relays and thus when outside of the VPN, it was not authorized...

If you want look at:
https://en.wikipedia.org/wiki/Public_recursive_name_server

someone has a nice list for reference.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Tue Oct 05, 2021 3:11    Post subject: Reply with quote
Been awhile (2 years?) but when I last used Nord, their DNS servers (nameservers) were accessible outside the tunnel. Back then it was not so easy to get dd-wrt to use them through the tunnel, actually, so I set them up as I would have any public nameserver.

And yes, there are many internet lists of public nameservers, many tests (usually for latency/speed) and comparisons, and of course lots of opinions. Thanks for pointing to one list to get people rolling.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.


Last edited by SurprisedItWorks on Tue Oct 05, 2021 19:05; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Oct 05, 2021 4:16    Post subject: Reply with quote
SurprisedItWorks wrote:
And yes, there are many internet lists of public nameservers, many tests (usually for latency/speed) and comparisons, and of course lots of opinions. Thanks for pointing to one list to get people rolling. Rolling Eyes

It's how we do here on this forum. Guesstimations, speculations, conjecture, poppycock. Let the discussions begin! Twisted Evil

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Thu Oct 07, 2021 1:02    Post subject: Reply with quote
Laughing back in my day there was no dns ... there were not enough computers on the network... You young fangled people with your dns.... get off my series of tubes that al gore invtented Laughing Laughing Laughing
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Thu Oct 07, 2021 2:03    Post subject: Reply with quote
Sweet memories of the days of ARPANET and D-ARPANET, Unix chat, Cobol, and Fortran, eh?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Milax
DD-WRT User


Joined: 24 Oct 2020
Posts: 175

PostPosted: Thu Oct 07, 2021 16:58    Post subject: Reply with quote
Hi everyone, issue solved by adding
Quote:
pull-filter ignore "dhcp-option DNS"
to additional config in VPN setup page, thanks to the excellent guide by egc (DDWRT DNS Problems with Policy Based Routing v1.14.pdf)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum