VPN - Selective routing for Netflix, Pandora and Hulu

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4  Next
Author Message
ChuckHL
DD-WRT Novice


Joined: 22 Jun 2012
Posts: 31

PostPosted: Mon Sep 24, 2012 6:46    Post subject: Reply with quote
kk5000 wrote:
Hi,

Here's the HMA guide I'm talking about :

https://vpn.hidemyass.com/vpncontrol/myaccounts/wrtgen

This is pretty much their default guide. You see this when you login, click "DD-WRT routers", and then generate code under the automated installer after selecting the servers.

It says :

"In the "OpenVPN Daemon" section select "Enable".
Then click "Save".

Note! Do not enable OpenVPN Client."

If I follow all that step by step it does work perfectly as in my outgoing IP changes. Just don't know how to setup your stuff with this Smile


Regarding your comment below, I dont want to sound rude either but since you brought their guide to the topic i just referred to an easier guide that is manual giving you the chance to understand and customize the OpenVPN much easier since you can see what values you set one by one rather than the automatic one your link refers to.

I hope others find the link below helpful.

http://forum.hidemyass.com/index.php/topic/1927-tutorial-configure-hma-openvpn-on-a-dd-wrt-router/


Last edited by ChuckHL on Mon Sep 24, 2012 15:44; edited 10 times in total
Sponsor
kk5000
DD-WRT Novice


Joined: 25 Jun 2012
Posts: 20

PostPosted: Mon Sep 24, 2012 9:12    Post subject: Reply with quote
ChuckHL wrote:
If your vpn provider is hide my ass i recommend using this guide

http://forum.hidemyass.com/index.php/topic/1927-tutorial-configure-hma-openvpn-on-a-dd-wrt-router/


I don't wanna sound rude but you wanna read through the thread you're posting in before you post.
ChuckHL
DD-WRT Novice


Joined: 22 Jun 2012
Posts: 31

PostPosted: Mon Sep 24, 2012 14:35    Post subject: Reply with quote
kk5000 wrote:
Thank you for this VERY informative & useful post. The observation about OpenVPN being broken above 18777 is on the mark. Of course no one has any way of knowing this outside of trial and error. I've been pulling my hair out since yesterday trying to figure out why this was not working until I saw your post, downgraded to 18777 and BANG, worked instantly. If somebody posts asking about all this he will likely be told to RTFM. What good is the stupid manual if the software is broken???? Anyway, I'll stop ranting now.

So thanks for that VERY important piece of info.

I had a couple other questions though. You said you're using HMA but then you also say enable openvpn client. The HMA people specifically tell you not to do that and ask to simply enable "OpenVPN server". If I threw your config into the additional config area of the OpenVPN server will it work?

Secondly, what IP would I substitute into the XXX. area? The VPN IP? That's unique everytime though.

Thank you so much for this post BTW. Exceptional stuff.



Sorry to tell you this but there are other builds above 18777 where OpenVPN works. I use build 18946 and OpenVPN works perfectly. For both client and server. You should double check before claiming that they dont work above build 18777
kk5000
DD-WRT Novice


Joined: 25 Jun 2012
Posts: 20

PostPosted: Tue Sep 25, 2012 1:11    Post subject: Reply with quote
ChuckHL wrote:

Sorry to tell you this but there are other builds above 18777 where OpenVPN works. I use build 18946 and OpenVPN works perfectly. For both client and server. You should double check before claiming that they dont work above build 18777


1> This is good. However, the fact that VPN does not work above 18777 was the OP's assertion, not mine.

2> The link to the guide you posted has already been posted in the thread and used by many including me.

The thread is not about configuring HMA with DD-WRT which is why your post was off-topic especially since the info you provided has already been posted in said thread.

We are currently wrestling with 3 issues here :

1. How not to fill up the NVRAM of the router when adding all these custom routing entries to the VPN under "additional config".

2. Finding a way to make FQDN work for routing (perhaps via a proxy based solution on DD-WRT) so wide swaths of the internet don't need to be routed via the VPN.

3. Failing #2, adding to the list of ranges that need to routed via US VPN to get all US/English language content.

Any and all help on these 3 issues would be much appreciated.
atulb
DD-WRT Novice


Joined: 25 Mar 2009
Posts: 13

PostPosted: Fri Nov 09, 2012 18:35    Post subject: Privoxy Reply with quote
Can you guide me on, how i can set this up? I have currently setup openvpn on my vps which works fine. But it becomes troublesome to find all the correct IPs.
goli wrote:
Hey there.

I started using privoxy as a transparent proxy on my dd-wrt box. And I use another HTTP proxy on the OpenVPN entpoint side. For me this is no problem because the remote endpoint is a VPS completely managed by myselfe.

This allows me to filter HTTP requests by very fine grained rules on my local side that aren't based on current IP addresses.

Especially when you start doing youtube through such a proxy, this becomes very importent because it's the only managable way to avoid doing all google traffic throug an oversea VPN.

Here's my current local privoxy configuration on my dd-wrt box. It's a useractions file.
Code:
{ \
+forward-override{forward vpn.interface.of.my.remote.host:8080} \
}

## hulu
.hulu.com/gc
.hulu.com/select
.hulu.com/v3/session


## CBS
.theplatform.com

## Youtube
.youtube.*/watch.*
.youtube.*/videoplayback.*

## Wieistmeineip
.wieistmeineip.de


This completely works without the iptables stuff targeting remote content providers. Instead, I pass all my HTTP traffic through my local privoxy instance that runs on my dd-wrt:
Code:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -s 192.168.0.128/255.255.255.224 -j DNAT --to 192.168.0.1:8118


As you can see, adding VPN proxied routes is very simple and less painfull then adding thousands of iptables rules.

Regards,
Stephan.
avdk
DD-WRT Novice


Joined: 02 Dec 2012
Posts: 1

PostPosted: Sun Dec 02, 2012 1:34    Post subject: split routing Reply with quote
dd-wrt = build 18946m
strongvpn.com = openVPN (working connection)

I would love to use the routing tables to selectively route/tunnel certain internet(wan) IP addresses (ie. Hulu, Vevo, CBS etc.) through the openVPN. I would like all other addresses unfiltered through my local ISP. I have tried the solution mentioned in the first post, but find when I add the following code to the "Additional Config" that OpenVPN fails to connect.
Code:
###
### OpenVPN common configuration
###
route-nopull
route XXX.XXX.XXX.XXX 255.255.255.255 net_gateway

###
### OpenVPN routes
###

# whatismyip.org
route 98.207.0.0 255.255.0.0 vpn_gateway

# pandora.com
route 208.85.40.0 255.255.248.0 vpn_gateway

# amazon ec2 (us)
# https://forums.aws.amazon.com/ann.jspa?annID=1528 & extended via whois
route 23.20.0.0 255.252.0.0 vpn_gateway
route 50.16.0.0 255.252.0.0 vpn_gateway
route 50.112.0.0 255.255.0.0 vpn_gateway
route 54.224.0.0 255.240.0.0 vpn_gateway
route 54.240.0.0 255.240.0.0 vpn_gateway
route 67.202.0.0 255.255.192.0 vpn_gateway
route 72.44.32.0 255.255.224.0 vpn_gateway
route 75.101.128.0 255.255.128.0 vpn_gateway
route 107.20.0.0 255.252.0.0 vpn_gateway
route 174.129.0.0 255.255.0.0 vpn_gateway
route 184.72.0.0 255.254.0.0 vpn_gateway
route 184.169.128.0 255.255.128.0 vpn_gateway
route 204.236.128.0 255.255.128.0 vpn_gateway


OpenVPN will only connect when I have the following code in. Before you ask yes i have tried to place both pieces of code in together with no luck.
Code:
redirect-gateway def1
hand-window 30
remote 98.158.119.83 443 tcp
remote 98.158.119.83 110 tcp
reneg-sec 0


Any thought on how I can make all this work together?
goli
DD-WRT Novice


Joined: 01 Sep 2012
Posts: 12

PostPosted: Tue Dec 18, 2012 0:06    Post subject: Reply with quote
Hi atulb.


There are two hosts involved:
* A VPS in a data center
* My local dd-wrt

The VPS runs OpenVPN on 0.0.0.0:1194, which is completely default. Its internal IP could bei 192.168.50.1.

The VPS additinally runs Privoxy on 192.168.50.1:8118, so the Privoxy HTTP proxy is only available thorugh OpenVPN, not through the public interface of the VPS. We don't want to provide our very own http provxy open for public use.

The dd-wrt internally provides 192.168.0.1/24, just default.

The dd-wrt runs the OpenVPN client, connects to the VPS and gets the internal 192.168.50.2. We don't need any further routing, our local clients (of the dd-wrt subnet) don't have to reach the VPS internal interface directly.

The dd-wrt runs another Privoxy instance which listens to 192.168.0.1:8118. Here the provixy coniguration from above becomes important: All HTTP requests matching the obove rules are forwareded from the dd-wrt-Privoxy to the VPS-Privoxy. That's basically what my configuration description sais.

So, until here you can just type the 192.168.0.1:8118 as HTTP proxy in your browser. This should work just fine without any iptables magic.

Now iptabes on the dd-wrt becomes involved. We redirect all HTTP connections that target the internal dd-wrt interface (br0) and on port 80. This are HTTP requests from inside our network to the outside world. I've restricted this to 192.168.0.128/27, so that's the hosts from 192.168.0.128 to 192.168.0.159 -- my dhcp range. This is kind of important. You should, at least, exclude the 192.168.0.1 directly form being redirected.

Things that have to be set up and can be tested:

The dd-wrt should be able to ping the external VPS interface. That's usually no problem a s soon as the VPS is up and running.
The dd-wrt should be able to ping the internal VPS interface (192.168.50.1). Can be tested by connecting to the dd-wrt by telnet and just "ping".
The VPS should be able to ping back to 192.168.50.2. Test this by connecting to the VPS via SSH.
Using "netstat" on the VPS you should be able to see privoxy listening 192.168.50.1:8118.
Using "netstat" on the dd-wrt you shold be able to see privoxy listening on 192.168.0.1:8118.

Does this make things clear?
Fred73L
DD-WRT Novice


Joined: 24 Dec 2012
Posts: 2

PostPosted: Mon Dec 24, 2012 4:12    Post subject: Selective VPN Reply with quote
As well, there are some other VPN services today that offer Selective Routing, and it works on most devices. http://www.vpnselect.com seems to be interesting. The idea is that you can choose sites you want to access (or block), and use services from different countries at the same time - for example one watches Netflix UK on TV in leaving room, and other can watch Hulu US from Xbox connected to TV in his bedroom.
nannus
DD-WRT Novice


Joined: 25 Feb 2013
Posts: 1

PostPosted: Mon Feb 25, 2013 17:15    Post subject: Reply with quote
I'm using OPs routing table, which works great, thanks for that.

Now, I would also like Google Play (android market) through my VPN, how would I go about identifying the IPs? Or if anyone happens to have them, that would be much appreciated.
db0yd13
DD-WRT Novice


Joined: 20 Oct 2009
Posts: 9

PostPosted: Thu Jul 04, 2013 5:58    Post subject: An option Reply with quote
I've just finished a project that may give you this, but it's not DD-WRT... it's Raspberry Pi.

The DSVR (Domain-Specific VPN Router) Project allows for selective per site/domain routing down multiple VPNs (PPTP only for now)

Check it out on Github -https://github.com/dboyd13/DSVR.git
PiSToL
DD-WRT Novice


Joined: 22 May 2011
Posts: 9

PostPosted: Sat Jul 13, 2013 16:15    Post subject: Reply with quote
Hi woodomat,

Thanks a lot. Followed your tutorial and It's working great for me. I'm not a network expert and want to add HBO GO to the list. Can anyone help me with that ?


Thanks,

PiSToL
ptclabs
DD-WRT Novice


Joined: 14 Nov 2013
Posts: 3

PostPosted: Thu Nov 14, 2013 8:27    Post subject: Reply with quote
Adding them is not hard. You can use tracert to find out where it is connecting to. so like tracert hbo.com. Look up hbo.com or the ip addresses ASN number.

Find a site such as http://bgp.he.net that translates the ASN into IP used. Add them to the list.

Also so other things i leaned along the way. DONOT add port forwards while connected to the openVPN. It kills the net. Disable the vpn, add the ports and reenable the VPN. It did this on 18x and 21x. Spent all day scratching my head on why it killed it, but it does.

Here is my list running on 21x has google play store IN ENGLISH youtube IN ENGLISH thank god. Stuff like vudu apps for my panasonic TV etc.

I got lazy on a couple of them like google. Them boys just have too many ips to add them one by one. So some other sites may end up going through the vpn also, but that is not really a problem.

You will also want a CIDR table to help with the subnets if you want to add any more.

###
### OpenVPN common configuration
###
route-nopull
route 192.161.171.93 255.255.255.255 net_gateway

###
### OpenVPN routes
###

# whatismyip.org
route 54.234.0.0 255.254.0.0 vpn_gateway

# pandora.com
route 208.85.40.0 255.255.248.0 vpn_gateway

# amazon ec2 (us)
# https://forums.aws.amazon.com/ann.jspa?annID=1528 & extended via whois
route 23.20.0.0 255.252.0.0 vpn_gateway
route 50.16.0.0 255.252.0.0 vpn_gateway
route 50.112.0.0 255.255.0.0 vpn_gateway
route 54.224.0.0 255.240.0.0 vpn_gateway
route 54.240.0.0 255.240.0.0 vpn_gateway
route 67.202.0.0 255.255.192.0 vpn_gateway
route 72.44.32.0 255.255.224.0 vpn_gateway
route 75.101.128.0 255.255.128.0 vpn_gateway
route 107.20.0.0 255.252.0.0 vpn_gateway
route 174.129.0.0 255.255.0.0 vpn_gateway
route 184.72.0.0 255.254.0.0 vpn_gateway
route 184.169.128.0 255.255.128.0 vpn_gateway
route 204.236.128.0 255.255.128.0 vpn_gateway

# amazon ec2 (eu)
# https://forums.aws.amazon.com/ann.jspa?annID=1528 & extended via whois
route 46.51.128.0 255.255.192.0 vpn_gateway
route 46.51.192.0 255.255.240.0 vpn_gateway
route 46.137.0.0 255.255.128.0 vpn_gateway
route 46.137.128.0 255.255.192.0 vpn_gateway
route 79.125.0.0 255.255.128.0 vpn_gateway
route 176.34.64.0 255.255.192.0 vpn_gateway
route 176.34.128.0 255.255.128.0 vpn_gateway

# netflix
route 108.175.32.0 255.255.240.0 vpn_gateway
route 208.75.76.0 255.255.252.0 vpn_gateway
route 64.212.0.0 255.252.0.0 vpn_gateway
route 199.92.0.0 255.252.0.0 vpn_gateway
route 206.32.0.0 255.252.0.0 vpn_gateway
route 209.244.0.0 255.252.0.0 vpn_gateway
route 68.142.64.0 255.255.192.0 vpn_gateway
route 69.28.128.0 255.255.192.0 vpn_gateway
route 69.164.0.0 255.255.192.0 vpn_gateway
route 208.111.128.0 255.255.192.0 vpn_gateway
route 128.242.0.0 255.255.0.0 vpn_gateway
route 204.0.0.0 255.252.0.0 vpn_gateway
route 204.141.0.0 255.255.0.0 vpn_gateway
route 204.200.0.0 255.252.0.0 vpn_gateway
route 208.44.0.0 255.252.0.0 vpn_gateway

# hulu
route 23.32.0.0 255.224.0.0 vpn_gateway
route 23.64.0.0 255.252.0.0 vpn_gateway
route 64.221.0.0 255.255.128.0 vpn_gateway
route 64.221.128.0 255.255.192.0 vpn_gateway
route 64.221.192.0 255.255.224.0 vpn_gateway
route 77.109.170.0 255.255.255.0 vpn_gateway
route 80.239.221.0 255.255.255.0 vpn_gateway
route 92.122.0.0 255.254.0.0 vpn_gateway
route 195.27.0.0 255.255.0.0 vpn_gateway
route 199.127.192.0 255.255.252.0 vpn_gateway
route 208.91.156.0 255.255.252.0 vpn_gateway
route 217.156.128.0 255.255.128.0 vpn_gateway

# mysqueezebox
route 192.221.0.0 255.255.0.0 vpn_gateway
route 204.160.0.0 255.252.0.0 vpn_gateway
route 205.128.0.0 255.252.0.0 vpn_gateway
route 207.120.0.0 255.252.0.0 vpn_gateway
route 209.84.0.0 255.255.0.0 vpn_gateway

#google
route 74.125.0.0 255.255.0.0 vpn_gateway
route 173.194.0.0 255.255.0.0 vpn_gateway

# disney.go.com - WORKS
route 68.71.208.0 255.255.240.0 vpn_gateway

# Viacom i.e. nick.com and all that crap - WORKS
route 129.228.0.0 255.255.128.0 vpn_gateway
route 166.77.0.0 255.255.0.0 vpn_gateway
route 206.220.40.0 255.255.252.0 vpn_gateway
route 69.31.132.0 255.255.254.0 vpn_gateway
route 72.246.0.0 255.254.0.0 vpn_gateway

# CBS - WORKS
route 198.99.118.0 255.255.254.0 vpn_gateway
route 198.99.120.0 255.255.254.0 vpn_gateway
route 198.99.122.0 255.255.255.0 vpn_gateway

# NBC WORKS
route 66.77.124.0 255.255.255.0 vpn_gateway

# ABC & general Disney range works
route 199.181.129.0 255.255.255.0 vpn_gateway
route 199.181.130.0 255.255.254.0 vpn_gateway
route 199.181.132.0 255.255.252.0 vpn_gateway

#VUDU
route 208.79.220.0 255.255.252.0 vpn_gateway
route 208.79.220.0 255.255.254.0 vpn_gateway
jms
DD-WRT Novice


Joined: 28 Aug 2013
Posts: 3

PostPosted: Mon Dec 09, 2013 4:22    Post subject: This sounds exactly what I need! Reply with quote
I live in the Caribbean and bought a network enabled DVD player with netflix. It can't connect as it has the wrong IP, so I want to buy a router (e3200 or e4200) and set it up with my identity cloaker us IP address.

Once I have figured out which builds to use, how do I enter the code you show into the router, or can you point me to a step by step tutorial in this forum?

Thanks in advance

John
Chrysalis
DD-WRT Novice


Joined: 27 May 2010
Posts: 32

PostPosted: Sun Feb 02, 2014 1:30    Post subject: Reply with quote
guys is there an up to date list for netflix?

When I route 0.0.0.0 on my vpn I get american netflix.

When I route only the ips listed in this thread I get uk netflix and I am even using my american dns server for the dns lookups with no success, it only works when I route the entire internet via the vpn.

I know the ips are been rerouted as I can see they been rerouted on pings and traceroutes.

The answer seems when I auth to netflix I am doing so on a ip not listed. Because when I was already authed (restarted vpn whilst logged into netflix) I was still able to play american only media. But as soon as I logged out and back in again it was back to uk only.
dizzasta
DD-WRT Novice


Joined: 03 Oct 2012
Posts: 4

PostPosted: Tue Mar 11, 2014 9:42    Post subject: Invert Reply with quote
Is it possible to invert this?

I want it all communicates via VPN and only defined services such as Facebook and amazon to use my Provider-IP.

dizzasta
Goto page Previous  1, 2, 3, 4  Next Display posts from previous:    Page 2 of 4
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum