Pfsense PIA VPN and Netflix

geldorff · January 9, 2018, 2:08am

Ok, great idea, I just used the search in google like Ryan and Wendell used.

Dexter_Kane · January 9, 2018, 2:12am

I’m not sure if this helps or not but I’ve suggested it to people before. Make sure you’re using the dns resolver in pfsense rather than the dns forwarder. Make sure dns cache is enabled and set the cache life to the same period (or longer) as the alias look up (it should say on the alias page if I remember).

Because the aliases are resolved periodically you want to make sure that the client and the firewall are both getting the same ip for each domain name so using the dns cache should help with that.

Yockanookany · January 9, 2018, 2:25am

I had a great deal of trouble getting my PIA up and running but when I finally started tinkering with DNS it worked. It wasn’t this method but I’m sure dexter won’t lead you wrong, OP.

Dexter_Kane · January 9, 2018, 2:26am

What worked for you? I personally haven’t tried to get Netflix working through a vpn, just some sites which don’t play nice with it.

Yockanookany · January 9, 2018, 2:37am

I ran PIA through it’s internet DNS servers but used my works openDNS connector for everything else. I lost the configuration when the upgrade bricked my install and I haven’t gotten it working again, mainly because of lack of time. When I get it up again I’ll get that config for you.

Knight26 · January 9, 2018, 3:45am

The only way I’ve gotten a Netflix bypass rule to work consistently is to have not only the Netflix ip addresses, but also the Amazon Web Service server addresses that they use. You can use wireshark to generate a list or download the public AWS address ranges in a json file, convert it into a text file, then import them into pfsense as a new alias. Setup a rule to bypass the Netflix ip’s and a separate one for the AWS addresses. This will also create a bypass for Amazon Video as well. The benefit of splitting them means that the AWS ip’s can be easily updated when they change, just download a new list from Amazon. The Netflix ip’s don’t actually change very often. The drawback is that the AWS list contains about 900 ip’s that are being routed around the VPN and many of them probably have nothing to do with video streaming

ExpressVPN has a server in LA that is setup to allow Netflix streaming. A separate one for Amazon Video and Hulu but their service is more than twice the cost of PIA.

geldorff · January 9, 2018, 2:48pm

All great ideas, While I was checking which services would be affected, only Netflix took the hit, my hulu Sling and Amazon Prime Video services are all working fine.

I did start the list build for Netflix addresses and must have about 10-15 in the list so far. I had seen the AWS servers in the stream but didn’t add them to the list. Maybe that’s what I’m missing.

The other thing I also noticed, while my gaming only added about 10 ms of latency, my overall speed is way down, didn’t really think about the speed of the connections at the end of the tunnel. Having GFiber its kinda hard to see speeds of 200Mbps or less… Ugh.

Knight26 · January 9, 2018, 3:50pm

If you want to avoid the higher latency for online gaming then you’ll need to setup rules for the ports that the games you play use. Most of the popular games should have the port ranges posted somewhere.

geldorff · January 9, 2018, 4:22pm

Anything under 100 ms is ok, my normal is 70-80 so 80-90 ms is withing range

geldorff · January 9, 2018, 7:48pm

Did that during the first part of configuring the router, ty.

geldorff · January 17, 2018, 11:32pm

That would be cool!

andrewdfogg · January 18, 2018, 1:18am

I had trouble creating Netflix rules on Pfsense which I think was down to my ISP (Virgin media UK) having their own Caching servers for Netflix. Tried adding some of them to my Alias but couldn’t work it out.

Yockanookany · January 18, 2018, 1:25am

Thanks for replying here, i had completely forgotten about this. I just got PIA set back up yesterday so ill have to get that part working again this weekend.

geldorff · January 18, 2018, 9:36pm

I found these “netflix” servers, does anyone have any others?

108.175.32.0/20
208.75.76.0/22
64.212.0.0/14
199.92.0.0/14
206.32.0.0/14
209.244.0.0/14
68.142.64.0/18
69.28.128.0/18
69.164.0.0/18
208.111.128.0/18
128.242.0.0/16
204.0.0.0/14
204.141.0.0/16
204.200.0.0/14
208.44.0.0/14

Linuxephus · January 18, 2018, 9:56pm

Not sure if you fully resolved your issue. But a quick Google search turned this up.

https://www.privateinternetaccess.com/forum/discussion/21421/pia-vpn-neftlix-bypass-for-pfsense

geldorff · January 18, 2018, 10:17pm

I had not seen that list, thank you

Linuxephus · January 18, 2018, 10:56pm

Not a problem.
That should fix any issues you have, even if it’s not quite the way you’d care to be routing Netflix itself via VPN.

johnsevan · September 29, 2018, 9:22am

I tested PIA and some of their IP is working with Netflix. Also, I tried PureVPN, ExpressVPN and VyprVPN, only PureVPN is working with good speed.

MisteryAngel · September 29, 2018, 11:13am

We highly appreciate that you share your testing experiences with those vpn’s.
But this topic is allready 9 months old, so i guess that topic starter allready found,
a solution for his issue.

There for i’m going to lock this topic.

Before you decide to create a post please check the date of the the topic.
If you have more questions regarding reviving older topics.

Then please check here: Announcement: Reviving Old Threads Guideline Has Been Added to the FAQ