[sploit]

@EIBGRAD

I created a Data Parser that parsed the Amazon JSON IP Ranges.

I can re-arange the data instantly as needed for different formats.

This list constitutes all Active Netflix and Amazon IP Ranges and it is accurate (ipv4).

We need to add this to a bypass list for the primary wan_gateway.

Once we get a working example I can do some fancy stuff with scripting to install it with 1 line of code.

For testing I loaded this into a NVRAM variable for easy access (later will install everything into JFFS so as not to blow up the NVRAM)

I am working on sending this to the IP Table 10 and actually did this but have not been able to route out. It has actually had the effect of completely firewalling the IP Ranges from all access. (I have only been working on this a few hours)


basically we need to take the below ip ranges and exclude them from the vpn route on startup and pass the traffic to the primary connection.


We need to basically create a Dual Gateway Whitelist routing setup. I have an active netflix, amazon and Hulu account for testing with.

This IP list is very large which means it will need to be forced onto JFFS in the end as a script to execute on startup.

[sploit]

Here are 2 other versions of the data I parses.

1 Is the complete list in Linear Format with CIDR

and the second is converted to subnet masks

[stangdriverdoug]

This is amazing. Looks like you have done a lot of the heavy lifting to make this happen. I'm still stuck in a situation where I want to use Kodi on all my Fire TV's but because I use Netflix, Hulu, Amazon, ect.

[sploit]

I wrote a small bash program to collect the netflix IP ranges and then converted them to CIDR ranges and used static routes to bypass the VPN.

I am going to let the program run for a few days on different servers I have and merge the data in case I missed any.


The online databases for Amazon, NetFlix and Hulu EC2 is not exhaustive and I will be manually mining these IP ranges.

[stangdriverdoug]

This is excellent. Thank you for trying to make this happen.

[sploit]

Saving myself some steps and contacted Netflix directly.

I requested all of their IP ranges and CIDR.

Told them what its for and stated I need ALL OF THEM for ALL of their servers to whitelist.

Should see whats up

[Adamcarter]

[sploit]

My script successfully collected all the west coast servers (Their locator assigns servers based on location) so I realized it wasn't gonna work for everyone.

Woulda taken me forever.

Part of their list is available because they use amazon.

[Adamcarter]

[sploit]

The real problem is this.

https://arstechnica.com/information-technology/2016/02/netflix-finishes-its-massive-migration-to-the-amazon-cloud/

So I already have all the Amazon and Netflix EC2 Servers CIDR ranges. The nastier problem... The secondary problem is that as soon as I press Play it gets blocked because the play buttons are linked to non EC2 servers. I need all of those Non EC2 servers CIDR's. Its a big mess. A real big mess...I guarantee that if I had all of them I could fix this problem.

The problem is the openconnect that is used.

This is why using PBR on a specific device is better.

[Adamcarter]

yikes, def doesn't sound the least bit easy

[Adamcarter]

[Adamcarter]

Just checkin in. Any luck?

[neerav]

So basically a PBR by device is our only solution. Just to understand correctly: that would mean I would have to have a dedicated Netflix/Hulu/etc device that bypasses VPN and then other device dedicated to just Kodi, right?

Wait, isn't there a setting in Kodi to setup the VPN for just Kodi? I'm thinking this device would bypass VPN (no PBR entry), but Kodi would establish is own VPN connection.

Problem solved? I feel that I'm still missing something that the OP was trying to do.

[sploit]

Somehow I was unsubscribed to my own thread.

No update. Sorry am on vacation right now...
Will be back soon.

You know whats really interesting though.... I have nothing but PC's with 1080p - 4k video cards hooked up to my systems so this problem doesnt even effect me because I route through ethernet to each room and I only use the VPN for specific devices that never need to be disconnected.