OK, so I’m a Brit living in the US and my family wants to be able to watch TV from the old country.
We use ROKU devices throughout the house. I have pfSense set up as my home firewall / router.
So, I’m looking at getting a VPN set up to the UK to watch iPlayer, however I only want to route that traffic over the VPN. Now, all the “selective VPN” information I can find would basically force all the Roku box(es) through the VPN, which should make iPlayer work, but would screw up US-based services (like NetFlix).
So, what I’m looking for is a way for pfSense to detect traffic specifically for iPlayer and route only that over the VPN.
Any ideas?
Does anyone know if iPlayer uses specific ports that I could detect? Or is there a list of IP addresses that iPlayer is known to use?
One of your best solutions here: Get another Roku dedicated for iPlayer only, hook it up on another input on your TV, and route that one to the UK. (or if missing additional inputs, swap the HDMI cable between them)
I just wanted to thank everyone who has commented on this thread. I think I’m going to have to get a second Roku (not only due to the VPN thing, but also because of restrictions with installing the iPlayer app.)
I route only Netflix traffic from select devices through a VPN.
I use pfBlockerNG to maintain an ‘alias match’ list of Netflix ASN’s, IP’s and DNS names. The sources are GitHub lists of Netflix IP’s, https://bgp.he.net/ and a few manual entries.
A firewall rule then directs all traffic that matches an entry in that list through the VPN.
The result is Netflix on an Nvidia Shield showing content from Singapore and all other apps such as Disney+ showing content from my actual location.
It’s quite a thing to setup, but it’s possible and it works.
a list of IP addresses that iPlayer is known to use?
the thing is, that this list is ENORMOUS, and it isnt only used by BBC iPlayer - it’s used by other stuff too.
The days of one IP = one service are long long gone. These days everything is CDN backed, so 1 IP could serve thousands of services.
Your easiest solution is to get another ROKU (if theyre cheap) or maybe something like a Fire Stick (30 bucks). Then put the new device on a WiFi network dedicated to VPN (seperate VLAN or similar) - and route the whole network.
I agree. Another device route to your VPN tunnel would be the most efficient way to get what you need. I would say, in general, it’s very hard to maintain routing rules for streaming services since the IP stack they use, do change over time.
I have a setup with a dedicated device and I call it HDMI 1: US Apple TV / HDMI 2: DK Apple TV
I’ve not heard of that one. I just looked at it and it appears to be another VPN service? How does it work? It talks about redirecting DNS traffic but I don’t see how that helps?
I figured they probably used multiple IPs, which is why I was thinking ports…
NSLOOKUP for bbc.com gives me 4 IPV4 addresses, but I don’t know if behind the scenes iPlayer may actually be running on a different one. I guess I could start with those 4 and see where to go from there…
Can I chime in and say I think BBC runs their own ASN and does not host on the cloud. Their IP ranges are likely very stable. I still recommend the above post about routing a dedicated device out the tunnel to make your life easy.
The A records for bbc.com are completely unrelated to your question. You need to find out all the networks their cdn and location detection system use.
I’d give up and use policy routing to route a Roku via a vpn or not and diaable/enable the rule in pfsense as needed. If just pay for acorn.
The problem here is that it’s a Roku. So, the VPN client needs to be on the router.
I can policy based on source device (Roku) but that would force all traffic over the VPN, including NetFlix, HBO etc. and I will have the same issue, but in reverse.
I think I’m going to have to end up with two Rokus
That’s kind-of why I’m here - to see if anyone has a list of the IP addresses (or Ports, or any other identifying network feature) they use…
The problem with the suggestion of turning on and off the VPN for the Roku is that it isn’t very family friendly. I’m hoping to make it transparent
Acorn is fine, but doesn’t let you watch live TV (I don’t think). A lot of what the fam are after is things like News… It also offers a “curated” set of shows, again, not what we want