What's new

Bypass Android DNS with DNSFilter whilst using a VPN and Diversion

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Chris_J

Regular Contributor
As per the title, I am wondering whether this is actually possible.

I have a VPN running on Client 1 using policy routing and have set 'accept DNS configuration' to disabled, as I would like to run Diversion also. Under WAN settings, I am using DoT to cloudflare. DNSFilter is set to Router global mode, BUT, I also have added my Android streaming devices to the client list, which are assigned to 'Custom 1'. Here I have added the IP address of the VPN provider's DNS server.

The problem I accouter is this: If I access any geo content such as Netflix, BBC etc using a normal browser, everything works fine, but if done via an Android device (Shield, Firestick...) they are able to detect proxy.

My guess is that somehow they are still able to force google DNS. Any ideas how to get around this?

TIA
 
As per the title, I am wondering whether this is actually possible.

I have a VPN running on Client 1 using policy routing and have set 'accept DNS configuration' to disabled, as I would like to run Diversion also. Under WAN settings, I am using DoT to cloudflare. DNSFilter is set to Router global mode, BUT, I also have added my Android streaming devices to the client list, which are assigned to 'Custom 1'. Here I have added the IP address of the VPN provider's DNS server.

The problem I accouter is this: If I access any geo content such as Netflix, BBC etc using a normal browser, everything works fine, but if done via an Android device (Shield, Firestick...) they are able to detect proxy.

My guess is that somehow they are still able to force google DNS. Any ideas how to get around this?

TIA
I've had success with configuring DNS in Custom Configs with Accept DNS Configuration = Strict.
Code:
dhcp-option DNS 1.1.1.1

Netflix and BBC block known VPN Servers. When these services see multiple connections from the same IP, the flag it as a VPN. I use a service that offers a private IP address.

On my Nvida shield, some of the streaming services require location tracking be enabled which takes priority over the IP address I am connected to. My Roku and FireTV don't require this. Check out
Location Spoofing on Android TV for an explanation.
 
Last edited:
Thanks for your reply.

I've had some success with your suggestion for the VPN configuration and setting this to Strict, plus adding the extra line to the custom config. This has enabled me to access BBC (for now) :)

Netflix remains with the 'proxy detected' error, regardless. I think that you're absolutely right, that Netflix will block VPN based off the IP address usage patterns. What I don't understand though, is if my IP address is flagged as a VPN and is being blocked, how would I be able to still access content when using Firefox? It only seems to detect the proxy on AndroidTV and FireTV. On the other hand, an Android tablet or phone will be fine. On my Shield, I have the location services switched off. Would that therefore rule out location tracking?

My VPN provider actually offers a personal IP, but it sounds like not even this would help.
 
Thanks for your reply.

I've had some success with your suggestion for the VPN configuration and setting this to Strict, plus adding the extra line to the custom config. This has enabled me to access BBC (for now) :)

Netflix remains with the 'proxy detected' error, regardless. I think that you're absolutely right, that Netflix will block VPN based off the IP address usage patterns. What I don't understand though, is if my IP address is flagged as a VPN and is being blocked, how would I be able to still access content when using Firefox? It only seems to detect the proxy on AndroidTV and FireTV. On the other hand, an Android tablet or phone will be fine. On my Shield, I have the location services switched off. Would that therefore rule out location tracking?

My VPN provider actually offers a personal IP, but it sounds like not even this would help.

I have Sony Android tv and getting netflix to work i had to create US based google account and use tor guard streaming ip
 
Thanks for your reply.

I've had some success with your suggestion for the VPN configuration and setting this to Strict, plus adding the extra line to the custom config. This has enabled me to access BBC (for now) :)

Netflix remains with the 'proxy detected' error, regardless. I think that you're absolutely right, that Netflix will block VPN based off the IP address usage patterns. What I don't understand though, is if my IP address is flagged as a VPN and is being blocked, how would I be able to still access content when using Firefox? It only seems to detect the proxy on AndroidTV and FireTV. On the other hand, an Android tablet or phone will be fine. On my Shield, I have the location services switched off. Would that therefore rule out location tracking?

My VPN provider actually offers a personal IP, but it sounds like not even this would help.
I am not sure why it is working on the Firefox browser but not via the router. Are you using the VPN client on your laptop/desktop rather than the router?

From reports on the forum, It appears that NordVPN and ExpressVPN are using their DNS as a proxy service to circumvent the geo restrictions. For this situation, best to set Accept DNS Configuration = Exclusive.

With my TorGuard private IP, I can use any DNS service.

Not sure if the x3mRouting project will be of help. It will allow you to selectively route BBC, Netflix, Hulu, etc over different VPN Clients.

If your service offers a private IP, they will probably allow you to test it out before buying. Just send their support an email saying you want to test drive it for 7 days.
 
I'm not running any of the client software, this is all purely through the AC86U router.

I tested again using Exclusive DNS configuration, but to my suprise, the problem persists. This also results in Diversion not functioning correctly.

Thanks for pointing out the x3mRouting project. I did have a look at this, but ideally I'd need a setup that would allow multiple VPN connections to run simultaneously. Unfortunately, NordVPN does not allow this on the same MAC address, even over different ports.

Might give the private IP a try, if they allow a trial. Other than that, Wifi geo-location spoofing is probably the last resort, but it's quite an extreme measure just to watch BBC! :D Plus, I can't seem to find much information on where to obtain the hardware.
 
Just to add to this:

As a test, I downloaded an old build of the Netflix APK and managed to successfully stream content over the VPN. This means that something must be happening in the app, rather than server side. This makes me think that blocking the IP address of the VPN is not necessarily the problem.

Nevertheless, I decided to take a trial for a dedicated static IP address with NordVPN. They are setting this up for me now, which I will be able to test shortly.

I'll report back here with results, just for purposes of knowledge sharing :)
 
I use a vpn client at the router. Has anyone had success blocking roku or netflix from “forcing” google dns? Am I right the roku firmware and even netflix’s servers are forcing google dns?
 
I use a vpn client at the router. Has anyone had success blocking roku or netflix from “forcing” google dns? Am I right the roku firmware and even netflix’s servers are forcing google dns?
You can force all lan clients to use the DNS specified on the router with this setting.

LAN->DNS Filter
upload_2020-5-2_19-16-58.png
 
You can force all lan clients to use the DNS specified on the router with this setting.

LAN->DNS Filter
View attachment 23210
Would static routing accomplish the same thing? Right now I’ve set routing rules for 8.8.8.8 and 8.8.4.4 via the router’s ip and subnet 255.255.255.255 on my LAN

ps/ I’m not running asusmerlin
 
Just to add to this:

As a test, I downloaded an old build of the Netflix APK and managed to successfully stream content over the VPN. This means that something must be happening in the app, rather than server side. This makes me think that blocking the IP address of the VPN is not necessarily the problem.

Nevertheless, I decided to take a trial for a dedicated static IP address with NordVPN. They are setting this up for me now, which I will be able to test shortly.

I'll report back here with results, just for purposes of knowledge sharing :)
Sorry for digging up an old thread but I'm experiencing same issue on my nvidia shield and my 2020 samsung tv. It appears that latest Netflix build on these platforms include some new checks to detect user location...have you solved this? I'm using the same configuration on my android phone and my 2017 samsung tv and both work fine but the other 2 devices throw a proxy detection error
 
Sorry for digging up an old thread but I'm experiencing same issue on my nvidia shield and my 2020 samsung tv. It appears that latest Netflix build on these platforms include some new checks to detect user location...have you solved this? I'm using the same configuration on my android phone and my 2017 samsung tv and both work fine but the other 2 devices throw a proxy detection error
I am in the same boat. I am using Router VPN and yet TV Netflix Apps caught and block me right away. However, everything else is fine, phone, tablet, and Windows PC.

Current setup: Asus RC-AC5300+SharkSurf VPN

If any of you have any solution to this, many thanks in advance.
 
I find using NordVPN Netflix and Amazon Prime works fine, but Prime detects VPN unless I use the NordVPN pushed DNS. So I just set a global default under DNS filter to my preferred DNS (CleanBrowsing Family), and then set up my televisions as exceptions 'no filter' - so they use the pushed NordVPN DNS and Prime works just fine.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top