1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Bypass Android DNS with DNSFilter whilst using a VPN and Diversion

Discussion in 'Asuswrt-Merlin' started by Chris_J, Jan 25, 2020.

Tags:
  1. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    63
    Location:
    UK
    As per the title, I am wondering whether this is actually possible.

    I have a VPN running on Client 1 using policy routing and have set 'accept DNS configuration' to disabled, as I would like to run Diversion also. Under WAN settings, I am using DoT to cloudflare. DNSFilter is set to Router global mode, BUT, I also have added my Android streaming devices to the client list, which are assigned to 'Custom 1'. Here I have added the IP address of the VPN provider's DNS server.

    The problem I accouter is this: If I access any geo content such as Netflix, BBC etc using a normal browser, everything works fine, but if done via an Android device (Shield, Firestick...) they are able to detect proxy.

    My guess is that somehow they are still able to force google DNS. Any ideas how to get around this?

    TIA
     
  2. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,647
    Location:
    The Land of Smiles
    I've had success with configuring DNS in Custom Configs with Accept DNS Configuration = Strict.
    Code:
    dhcp-option DNS 1.1.1.1
    Netflix and BBC block known VPN Servers. When these services see multiple connections from the same IP, the flag it as a VPN. I use a service that offers a private IP address.

    On my Nvida shield, some of the streaming services require location tracking be enabled which takes priority over the IP address I am connected to. My Roku and FireTV don't require this. Check out
    Location Spoofing on Android TV for an explanation.
     
    Last edited: Jan 25, 2020
  3. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    63
    Location:
    UK
    Thanks for your reply.

    I've had some success with your suggestion for the VPN configuration and setting this to Strict, plus adding the extra line to the custom config. This has enabled me to access BBC (for now) :)

    Netflix remains with the 'proxy detected' error, regardless. I think that you're absolutely right, that Netflix will block VPN based off the IP address usage patterns. What I don't understand though, is if my IP address is flagged as a VPN and is being blocked, how would I be able to still access content when using Firefox? It only seems to detect the proxy on AndroidTV and FireTV. On the other hand, an Android tablet or phone will be fine. On my Shield, I have the location services switched off. Would that therefore rule out location tracking?

    My VPN provider actually offers a personal IP, but it sounds like not even this would help.
     
  4. krgck

    krgck Occasional Visitor

    Joined:
    Sep 24, 2019
    Messages:
    22
    I have Sony Android tv and getting netflix to work i had to create US based google account and use tor guard streaming ip
     
  5. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,647
    Location:
    The Land of Smiles
    I am not sure why it is working on the Firefox browser but not via the router. Are you using the VPN client on your laptop/desktop rather than the router?

    From reports on the forum, It appears that NordVPN and ExpressVPN are using their DNS as a proxy service to circumvent the geo restrictions. For this situation, best to set Accept DNS Configuration = Exclusive.

    With my TorGuard private IP, I can use any DNS service.

    Not sure if the x3mRouting project will be of help. It will allow you to selectively route BBC, Netflix, Hulu, etc over different VPN Clients.

    If your service offers a private IP, they will probably allow you to test it out before buying. Just send their support an email saying you want to test drive it for 7 days.
     
  6. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    63
    Location:
    UK
    I'm not running any of the client software, this is all purely through the AC86U router.

    I tested again using Exclusive DNS configuration, but to my suprise, the problem persists. This also results in Diversion not functioning correctly.

    Thanks for pointing out the x3mRouting project. I did have a look at this, but ideally I'd need a setup that would allow multiple VPN connections to run simultaneously. Unfortunately, NordVPN does not allow this on the same MAC address, even over different ports.

    Might give the private IP a try, if they allow a trial. Other than that, Wifi geo-location spoofing is probably the last resort, but it's quite an extreme measure just to watch BBC! :D Plus, I can't seem to find much information on where to obtain the hardware.
     
    Xentrk likes this.
  7. Chris_J

    Chris_J Regular Contributor

    Joined:
    Dec 10, 2019
    Messages:
    63
    Location:
    UK
    Just to add to this:

    As a test, I downloaded an old build of the Netflix APK and managed to successfully stream content over the VPN. This means that something must be happening in the app, rather than server side. This makes me think that blocking the IP address of the VPN is not necessarily the problem.

    Nevertheless, I decided to take a trial for a dedicated static IP address with NordVPN. They are setting this up for me now, which I will be able to test shortly.

    I'll report back here with results, just for purposes of knowledge sharing :)
     
    Xentrk likes this.