Blog

Various tech how-to's

© 2024. All rights reserved.

Bypassing your privacy VPN to use Netflix with pfSense

30 Dec 2017

In a continuation of my previous post on how to use pfSense to get around certain ISPs’ shoddy interconnects and/or throttling, this post will explain how to configure the pfSense resource you need to allow hosts on your LAN to connect to Netflix without being shutdown by their proxy detection and use your ISP’s gateway for those connections instead.

How it works

We’ll use a pfSense package called pfBlockerNG to compile and maintain lists of network ranges and save them as firewall aliases. We’ll use the alias to create firewall rules for those ranges that will bypass our VPN gateway.

Install pfBlockerNG

  1. Open Package Manager in pfSense, under the System drop-down menu
  2. Click the Available Packages header
  3. Search for pfBlockerNG and click the Install button
  4. Wait for the installation to complete

Configure pfBlockerNG

  1. Click pfBlockerNG under the Firewall drop-down menu
  2. Under the General tab, check the Enable tickbox

Create the Alias

  1. Click the IPv4 tab in the pfBlockerNG settings page, and click Add
  2. Name the alias “Netflix” or whatever name your heart desires
  3. Skip IPv4 Lists for now, we’ll come back to that section in a moment
  4. Change List Action to Alias Match
  5. Change Update Frequency to whatever rate you’d like
  6. Create the lists! For my ISP, I needed to add three lists, configured as:

Netflix

AWS

Explanation: We need to use those three IP ranges (For Centurylink, at least) since Netflix hosts a substantial portion of their infrastructure on Amazon Web Services, and pays CL to host local proxies of their content on their private network. If you're using a different ISP, you might need to add your own ISP's BGP Autonomous System number, depending on whether or not they proxy Netflix content the same way CL does.

Create firewall rule

  1. Click Rules under the Firewall dropdown at the top of the page
  2. Click the LAN tab and click the Add button with the upward-facing arrow
  3. Change Protocol to TCP/UDP
  4. Change Protocol to Any
  5. Configure Source in whichever way you’d prefer. I have mine set to Single host/alias and the IP of my smart TV. Amazon Web Services hosts a huge number of companies services, I’d prefer to only bypass the proxy just for my TV.
  6. Change Destination to Single host/alias and select the pfB_Netflix alias we created Rule screenshot
  7. Reload firewall rules to include the newly created rule

Verify it works

Test! You should be able to connect to Netflix with no angry “PROXY DETECTED!” errors.

Comments

Related Posts