Hey guys,
I selfhost a server at home where I run a couple of services. Wireguard is one of them. I also have another house where I live every couple of weeks for a few days. Netflix blocked me on the second house for account sharing. As I run my own wireguard and the tv in the second house runs AndroidTV I created a wireguard config (I run wg-easy) and installed the official Wireguard app on AndroidTV. Sadly netflix still blocks me which is weird because all traffic of that tv seems to be running over the tunnel.
Here is the config:
` [Interface] PrivateKey = XXX Address = 10.8.0.3/24 DNS = 1.1.1.1 MTU = 1420
[Peer] PublicKey = XXX PresharedKey = XXX AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 0 Endpoint = vpn.XXXde:51820 `
I also posted this on reddit selfhosted where it sadly got removed. Some suggestions were that somehow DNS requests or IPv6 traffic still got through without using the wireguard tunnel which doesn’t make much sense because usually the wireguard app puts everything through the tunnel.
I also edited the conf to also tunnel all ipv6 traffic with adding ::/0 under allowed IPs but that also didn’t resolved the problem.
Is there anything else I could try? Are there different solutions? I’m aware that there are other approaches to this problem (using Jellyfin) but I really want to figure out this problem as it doesn’t make any sense to me. The whole traffic should be going over my home server and it seems it doesn’t.
Has anyone gotten this kind of setup to work?
Thanks for any help, have a good day!
Did you try Netflix in the browser to rule out an issue with the app.
I have adguard home on my server and have the server wireguard IP as the DNS ip too so I can see all the DNS requests my devices make and block stuff. I disable ipv6 myself to keep things simpler.
It should work for you though.
Another option they can’t detect is use a router with a wireguard connection, then Netflix can go suck a lemon 🍋😉
Edit: Perhaps they are doing some timing on your connections and there is a difference between your primary connection and the VPN one .
If Netflix is denying you access to the subscription you pay for because you’re using a VPN to connect, that starts to smell like a good class action to me.
Haver you seem what’s your ip and ipv6 on the foreingner house?
Maybe your wireguard connection is creating a lan, but you didn’t configured an exit node or didn’t connected to the exit node.
Another solution could be using Tailscale as well
Yes. I installed a browser on the androidTV and it showed my local ip from back home (where the wireguard host runs) but no ipv6.
I have to look into the exit node thing as it doesn’t say anything to me but thanks for the Idea!
Tailscale should have the same problem as it basically runs on wireguard as far as I know. Are there any other things tailscale itself changes? I will try it tho because why not. I could probably also try headscale as I rather stay on the open source side ?
Tailscale only make easier to set exit nodes and manage wireguard setups… Try it and tell us what happens…
Anyway, I don’t know exactly what’s going on. Maybe you’re forwarding some packages to your wireguard VPN, like TCP/80, but not UDP or TCP/443. Check if everything is being properly forwarded, so all your connection is from Wireguard
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol TCP Transmission Control Protocol, most often over IP UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network
6 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #228 for this sub, first seen 21st Oct 2023, 17:15] [FAQ] [Full list] [Contact] [Source code]
At the second home with the TV not working, I’d.suggest testing out wireguard on a PC that hasn’t been used with Netflix yet and see if it has the issue too. This would also be easier to troubleshoot to find the root issue if it fails on the PC too.
This would be complicated as you can use the Netflix service on a new device for at least 30 days without issues
It’s probably cache or cookies. Netflix browser in private browsing would be a new session.
Definitely complicated to root cause. Please share if ya figure out the hard parts 😄
An idea: Netflix could be fingerprinting TUN interfaces on the TV.
One thing I’d consider trying is Tailscale in userspace networking mode on a distinct network host at location 2, which’ll start a SOCKS/HTTP proxy that the TV can use for outbound connections.
Bonus: any devices incompatible with Tailscale can use the proxies.
If you’d like to take a stab at this, Headscale is a self-hosted version of Tailscale’s service. Personally, I use Caddy to automatically manage letsencrypt certs while proxying requests to Headscale.
No experience with this setup myself, but you may want to try [email protected].
Try adding ::/0 to your AllowedIPs
Edit: nvm you tried that
Have you tried updating your Netflix Household via https://help.netflix.com/en/node/128339 ?
Did you solve it? I am in the same situation and nothing seems to help… Maybe wireguard, being inside a docker bridge network, isn’t forwarding correctly IPV6 packets. Or maybe Netflix checks more than just the public IP
I don’t know what Netflix takes into account for that. Might it be a different SSID on the Wi-fi? Or geolocation stuff?
Maybe a DNS leaking problem.
