Hacker News new | ask | show | jobs
by justinclift 1096 days ago
> But I’m working on setting up a VPN at my house to tunnel all Netflix traffic through ...

On a technical point, you might be able to get away with just using Squid for the proxy, with pretty much default settings.

http://www.squid-cache.org

I used to use that years ago (not with Netflix though) running from a data centre, using an ssh (autossh) tunnel to reach it securely.

Worked pretty well, aside from the extra latency due to the packets having to go an extra half way around the world. ;)
2 comments
voytec 1096 days ago
Before Netflix was available outside US, I had a VM somewhere in the US, with Netflix proxy (they had no issues with accepting payments from Poland).

Proxy-ing web traffic was not enough and, if memory serves, I also had to set up a DNS resolver on that machine and use it. May be easier to just set up WireGuard nowadays.

link
justinclift 1096 days ago
> DNS resolver on that machine and use it.

That's a good point. I'd kind of suspect that enabling the "Proxy DNS when using SOCKS v5" setting (in Firefox) would achieve the same thing without the extra setup hassle, but I've not tried it to know if it'd work. :)

link
breakingcups 1096 days ago
IIRC Netflix has gotten unreasonably good at detecting VPNs, VMs and other traffic originating from non-consumer IP addresses.
link
Matthias247 1096 days ago
A l7 (http) proxy will not work for this. Even if you are able to redirect the app to your proxy by overriding DNS it would just fail on the TLS handshake since Netflix is using https. You would need to have their private server certificate to make it work. Plus they might infer from extra headers that traffic is Proxied.

=> You need a L4 proxy, aka VPN

link
justinclift 1096 days ago
That sounds weird to me, as your description of it sounds like https servers in general shouldn't work through a (squid) proxy.

However, they work just fine.

link
Matthias247 1095 days ago
They work if you have control over the client and can either explicitly configure them to use a proxy server or if your client is ok to speak to a different domain for which you have the legit certificates. With the Netflix app both of this won’t be the case. When using it with a browser for which you can change connection settings it might work.
link
justinclift 1095 days ago
> With the Netflix app both of this won’t be the case.

Thanks, I'd forgotten about that. I've not used Netflix, so didn't really associate "it's an app with no proxy settings ability".

That being said though, if it's being used on a device (android, iSomething) shouldn't it all "just work" if the proxy is set in the OS system settings?

link