# The Great Netflix VPN Block of 2016



## drmike (Mar 10, 2016)

Do we have Netflix users here?


Others out there having issues connecting to Netflix recently?  Getting an annoying blocked message on devices. 


Unsure if in my instance it dislikes VPN to remote server (which is a private IP and private VPN) or if my extensive block lists are contributing to it.  Either way I refuse to tear things down to watch internet version of TV.


Anyone having success behind VPN viewing Netflix at current?


Big petition here over the blow up blocking VPN:
https://act.openmedia.org/netflix


39k signatures and counting.  Yuuuuge!


Media article on the situation: http://www.wired.com/2016/03/netflix-discontent-blocked-vpns-boiling/


----------



## clarity (Mar 10, 2016)

I got this error just yesterday when trying to watch some content behind a firewall. It is a private vpn that has only ever accessed their services a few times, but it is still blocked. I wish that they would open it back up, but I understand why they aren't. It sucks for me!


----------



## HN-Matt (Mar 10, 2016)

seems Incredibly Rude


----------



## drmike (Mar 10, 2016)

I am wondering if they are blocking any datacenter IP or what at this point... feels like they are as I've spun up servers in multiple locations and same rejection message.  But I have funky setup and can believe DNS perhaps is culprit too in my own instance.  Thus, why I asked for group input 


Bad move by Netflix.  I cancelled the subscription I have due to this.


----------



## HN-Matt (Mar 10, 2016)

I have a Netflix subscription but never use it, so didn't notice.

Agree re: 'Bad move' though. Those who connect to Netflix via proxy or VPN are more than likely paying an American web host for the IP. If Netflix starts mass blocking certain American IP ranges, doesn't that mean a lot of lost business for American web hosts? That, and it's not like Netflix will gain any new subscribers out of the act. Seems like they're shooting their own economy in the foot more than anything.


----------



## KuJoe (Mar 10, 2016)

People getting angry at Netflix for trying to survive. They'll also be the first to complain when Netflix has shitty content because they can't get any good licenses from decent studios.


----------



## drmike (Mar 10, 2016)

KuJoe said:


> People getting angry at Netflix for trying to survive. They'll also be the first to complain when Netflix has shitty content because they can't get any good licenses from decent studios.



I'm not mad.  I just can't get Netflix to work. Smells like massive block list of commercial IPs.


I am pro blacklisting malicious stuff.


Netflix knew doing this was going to cause backlash.  They should have taken a softer stance.


Mark my words, Netflix will soften on this IP blocking and so soon.


----------



## Licensecart (Mar 10, 2016)

I like Netflix myself but I don't mind the UK version the only issue I would like fixed is some cool tv shows from the USA but again why risk it 


The only issue I have with this really would be the big companies want people to not pirate and pay them money but they can't be bothered to CC programs / films when you can buy it on Blu-ray (some films have CC) and then you can if you want to find everything online for free (Pirate). If they want money they should CC everything  and put it on Youtube, iTunes etc.


----------



## HN-Matt (Mar 10, 2016)

KuJoe said:


> People getting angry at Netflix for trying to survive. They'll also be the first to complain when Netflix has shitty content because they can't get any good licenses from decent studios.



Uhh, but they bought the American IP because Netflix had shitty content to begin with... if Netflix blocks them, it's not like they're going to retain a subscription in their own region.

So in short Netflix loses a shit load of subscribers who won't return in any other context due to the insularity of regional licensing conceits. What's that phrase again, cutting off the nose to spite the face?


----------



## RLT (Mar 10, 2016)

Netflix has no say in the matter, if they don't show they're blocking those customers then they get penalized to a much higher cost. 


It's a damned if you do and damned if you don't situation they have to choose the route of the lowest loss.


----------



## HalfEatenPie (Mar 10, 2016)

I think it's a combination of IP ban plus a few other factors involved.


I previously access Netflix using two different methodologies.  SNI Proxy and VPN (l2tp via softether).  


I think I need to tweak my proxy configuration as via my proxy I get the notification on Netflix saying I'm viewing through a proxy.  However, on the exact same server if use a VPN to watch netflix, it's perfectly fine.


I'd have to continue investigating (honestly, I really can't be assed and will probably be setting up selective DNS forwarding on my router through Unblock-Us), but I think tweaking the configuration on my SNI Proxy should fix it right up.


----------



## Hxxx (Mar 10, 2016)

Assuming you are in the USA drmike why would you vpn? At this point for netflix, dont tell me is because of privacy... 


If I recall correctly this was done because of licensing issues. A license for USA viewers cant be applied to South America for example. I guess it has some monetary logic. This is similar to youtube video restrictions.


About the vpn ban method,  maybe they started using the billing address to match IP.


----------



## drmike (Mar 10, 2016)

Hxxx said:


> Assuming you are in the USA drmike why would you vpn? At this point for netflix, dont tell me is because of privacy...
> 
> 
> If I recall correctly this was done because of licensing issues. A license for USA viewers cant be applied to South America for example. I guess it has some monetary logic. This is similar to youtube video restrictions.
> ...



All of my networks are gatewayed out via VPN and nested VPN within that on a per client basis.  Just standard protocol.  Nothing leaves anywhere otherwise.


Billing address and IP correlation wouldn't make sense in my instance since the subscription was bought using the very same VPN network.  If they were to stick things to IP origin at signup anyone traveling would be screwed.  Mobile devices would be an issue too.


----------



## HN-Matt (Mar 11, 2016)

HalfEatenPie said:


> I think I need to tweak my proxy configuration as via my proxy I get the notification on Netflix saying I'm viewing through a proxy.  However, on the exact same server if use a VPN to watch netflix, it's perfectly fine.



That's kind of hilarious. So not an IP block, but a technocratic half-measure with no real effect beyond discriminating against particular software configurations? _Not even an autocratic whuffie-style blacklist???_


----------



## Hxxx (Mar 11, 2016)

drmike said:


> All of my networks are gatewayed out via VPN and nested VPN within that on a per client basis.  Just standard protocol.  Nothing leaves anywhere otherwise.
> 
> 
> Billing address and IP correlation wouldn't make sense in my instance since the subscription was bought using the very same VPN network.  If they were to stick things to IP origin at signup anyone traveling would be screwed.  Mobile devices would be an issue too.



You either have some obsession with hiding your data/trail or you are way too smart and know things nobody does. Either way, nice setup.


----------



## drmike (Mar 11, 2016)

Hxxx said:


> You either have some obsession with hiding your data/trail or you are way too smart and know things nobody does. Either way, nice setup.



Everyone should be concerned and at least attempt to make things hard and thusly earned by the bad guys (hackers, thieves, government, foreign governments, etc.).


----------



## Hxxx (Mar 11, 2016)

drmike said:


> Everyone should be concerned and at least attempt to make things hard and thusly earned by the bad guys (hackers, thieves, government, foreign governments, etc.).



It works both ways. I find more vulnerable that you tunnel absolutely everything through them, so basically if one of these vpn fail, let say one of these VPS (if this is what you use) get hacked then you are compromising everything.


----------



## drmike (Mar 11, 2016)

... and let's be honest about things... when one goes avoiding plaintext (everyone should) malicious ISPs flag you, QoS things, flag you, etc.   So the avoidance and intentional privacy intent must march forward.


Still doesn't solve the fingerprinting via leaky crap (that's why to turn off Javascript).... Really break up their apparatus and intent with a text only approach, but even that needs ahh massaged to make not so apparent of what you are doing.



Hxxx said:


> It works both ways. I find more vulnerable that you tunnel absolutely everything through them, so basically if one of these vpn fail, let say one of these VPS (if this is what you use) get hacked then you are compromising everything.



Indeed it does work both ways.


Way the VPN works is as a fleet.  Collection of "connect profiles" those are connected to semi-randomly (not perfected).  The endpoints change regularly and since nested, if one layer fails, it's wrapped in the other.  The VPNs are an ever changing collection of VPS and VPN services.  Killswitch (script) for teardown and reconnect is mandatory.  Bulletproof?  nope, but eventually it gets there and better. 


None of the VPN accounts gets used for that long and remember things are nested.  Assume not everything is nested with just VPN / same type of VPN either.


And... DNS is nested in this and runs to remote crypto'd DNS lookups... so that is VPN ---> VPN ---> crypto'd DNS (at minimum).


Enemy of this is overhead and latency.  Not uncommon to see something like 80ms first hop out the door with the VPN up.


----------



## Hxxx (Mar 11, 2016)

drmike said:


> ... and let's be honest about things... when one goes avoiding plaintext (everyone should) malicious ISPs flag you, QoS things, flag you, etc.   So the avoidance and intentional privacy intent must march forward.
> 
> 
> Still doesn't solve the fingerprinting via leaky crap (that's why to turn off Javascript).... Really break up their apparatus and intent with a text only approach, but even that needs ahh massaged to make not so apparent of what you are doing.
> ...



That's a beautiful setup, indeed. Stable enough?


----------



## drmike (Mar 11, 2016)

Hxxx said:


> That's a beautiful setup, indeed. Stable enough?



It's quirky.  When there is a blip due to a nested VPN, you have to just go get a beverage and come back.. usually just some wonkiness that cleans up.   Might be seconds, might take upwards of a minute.  Most of it is origin of mixing in a shitty VPS provider with a node being dinged or latency on your own direct internet provider (had this happen the other night with like 100ms to first public hop and dropping 40% of packets).


Human nature responsiveness to that fail is to go ripping down connections and re-establishing which is meh, more hassle than anything and prone to busting a public viewable hole in setup.


OpenVPN (which primarily use) is decent about re-establishing connections on its own --- as-needed.  


Yeah it's stable   Some days are better than others and depending on who gets mixed in....  Starting to track where the issues are, so I can say no to this provider or a certain network.


Real drag is the public VPN companies.  Lots of blacklisting due to others, failures of service that can be ugly, config / end nodes that change customer side (dumb)...


----------



## willie (Mar 11, 2016)

Is it possible to download from netflix (assuming you have a paid account) using similar tools to the ones for downloading youtube?  That should get rid of the lag problems.


----------



## Nyr (Mar 12, 2016)

willie said:


> Is it possible to download from netflix (assuming you have a paid account) using similar tools to the ones for downloading youtube?  That should get rid of the lag problems.



All their content is DRMed, in fact pirated copies sourced from Netflix are just screen records.


----------

