What's new

accessing Hulu w/ policy rules

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

zimv20

New Around Here
setup:
- Asus RT-N66U
- Merlin 380.58
- Roku 2
- ExpressVPN

for months, i was able to successfully use OpenVPN policy rules to redirect Roku traffic through an ExpressVPN endpoint to stream Hulu. recently, it stopped working. i have not made any changes to the setup to cause that, afaict.

using either of these 2 methods, i can confirm successful Hulu streaming through a specific endpoint:
- using the ExpressVPN iOS app
- on the router, routing all traffic instead of using policy rules

... so i believe the ExpressVPN endpoint is good.

i do not want to redirect all traffic through this VPN endpoint, so i am trying to understand the difference between that and using the policy rules.

to configure the OpenVPN client, i downloaded a config file from ExpressVPN. here is the custom configuration:
Code:
fast-io
remote-random
pull
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
keysize 256
sndbuf 524288
rcvbuf 524288

here is a startup log (here, i am redirecting 2 devices):
Code:
Sep  4 03:10:49 rc_service: httpd 6595:notify_rc start_vpnclient2
Sep  4 03:10:50 kernel: tun: Universal TUN/TAP device driver, 1.6
Sep  4 03:10:50 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Sep  4 03:10:50 openvpn[7368]: OpenVPN 2.3.10 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 20 2016
Sep  4 03:10:50 openvpn[7368]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Sep  4 03:10:50 openvpn[7370]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep  4 03:10:50 openvpn[7370]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Sep  4 03:10:50 openvpn[7370]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  4 03:10:50 openvpn[7370]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  4 03:10:50 openvpn[7370]: Socket Buffers: R=[118784->237568] S=[118784->237568]
Sep  4 03:10:50 openvpn[7370]: UDPv4 link local: [undef]
Sep  4 03:10:50 openvpn[7370]: UDPv4 link remote: [AF_INET]184.173.170.208:1195
Sep  4 03:10:50 openvpn[7370]: TLS: Initial packet from [AF_INET]184.173.170.208:1195, sid=cd5c2993 1cbc32c2
Sep  4 03:10:50 openvpn[7370]: VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Sep  4 03:10:50 openvpn[7370]: VERIFY OK: nsCertType=SERVER
Sep  4 03:10:50 openvpn[7370]: VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Sep  4 03:10:50 openvpn[7370]: VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Sep  4 03:10:51 openvpn[7370]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sep  4 03:10:51 openvpn[7370]: Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  4 03:10:51 openvpn[7370]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sep  4 03:10:51 openvpn[7370]: Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sep  4 03:10:51 openvpn[7370]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sep  4 03:10:51 openvpn[7370]: [Server] Peer Connection Initiated with [AF_INET]184.173.170.208:1195
Sep  4 03:10:53 openvpn[7370]: SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
Sep  4 03:10:53 openvpn[7370]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.11.0.1,route 10.11.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.11.0.22 10.11.0.21'
Sep  4 03:10:53 openvpn[7370]: OPTIONS IMPORT: timers and/or timeouts modified
Sep  4 03:10:53 openvpn[7370]: OPTIONS IMPORT: --ifconfig/up options modified
Sep  4 03:10:53 openvpn[7370]: OPTIONS IMPORT: route options modified
Sep  4 03:10:53 openvpn[7370]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sep  4 03:10:53 openvpn[7370]: TUN/TAP device tun12 opened
Sep  4 03:10:53 openvpn[7370]: TUN/TAP TX queue length set to 100
Sep  4 03:10:53 openvpn[7370]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep  4 03:10:53 openvpn[7370]: /usr/sbin/ip link set dev tun12 up mtu 1500
Sep  4 03:10:53 openvpn[7370]: /usr/sbin/ip addr add dev tun12 local 10.11.0.22 peer 10.11.0.21
Sep  4 03:10:55 openvpn[7370]: /usr/sbin/ip route add 184.173.170.208/32 via 174.116.120.1
Sep  4 03:10:55 openvpn[7370]: /usr/sbin/ip route add 0.0.0.0/1 via 10.11.0.21
Sep  4 03:10:55 openvpn[7370]: /usr/sbin/ip route add 128.0.0.0/1 via 10.11.0.21
Sep  4 03:10:55 openvpn[7370]: /usr/sbin/ip route add 10.11.0.1/32 via 10.11.0.21
Sep  4 03:10:55 openvpn-routing: Configuring policy rules for client 2
Sep  4 03:10:55 openvpn-routing: Creating VPN routing table
Sep  4 03:10:55 openvpn-routing: Removing route for 10.11.0.1 to tun12 from main routing table
Sep  4 03:10:55 openvpn-routing: Removing route for 0.0.0.0/1 to tun12 from main routing table
Sep  4 03:10:55 openvpn-routing: Removing route for 128.0.0.0/1 to tun12 from main routing table
Sep  4 03:10:55 openvpn-routing: Adding route for 192.168.1.112 to 0.0.0.0 through VPN client 2
Sep  4 03:10:55 openvpn-routing: Adding route for 192.168.1.139 to 0.0.0.0 through VPN client 2
Sep  4 03:10:55 openvpn-routing: Completed routing policy configuration for client 2
Sep  4 03:10:55 openvpn[7370]: Initialization Sequence Completed

can anyone help me understand why there is different behavior between redirect all and policy rules, and/or determine how to get Hulu streaming again using policy rules?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top