DNS Leak with OpenVPN and selective routing

spears

Hi all, i'm looking for a bit of help...

I've set up my PIA VPN on OpenVPN on my router, specifically to watch BBC iPlayer. I've confirmed that it works by routing all of my data through the VPN, but what i'd like to achieve, is to only route data through the VPN which is going to the BBC. This is so that i can use my regular internet for most of my web browsing.

The problem i'm having is that although the VPN works when all my data goes through, when i only send the BBC data through the VPN, it blocks me for being outside of the UK.

I believe the reason for this is because for some reason, when all of my data goes through the VPN to the UK VPN server, it uses a DNS based in the UK. However, when i only route the BBC data, it either uses my regular ISP DNS, or if i use the route-noexec option, it uses the PIA DNS based in the US, and as it's based in the US, BBC once again blocks me for not being in the UK...

I think that i need to somehow make it use the UK based DNS that is uses when all of the data is being tunneled through the VPN...

I'd really appreciate some help with this...

Thanks

spears

Some further information after playing around with it a bit more :

I notice that when i send all my data through the UK VPN server, my DNS shows as the same IP as the VPN exit node, so both are based in the UK.

When i use route-noexec and routing policies, to only send data to the necessary BBC domains through the VPN, the VPN exit node IP is obviously still based in the UK, but the DNS has become an actual DNS server based in the USA (resolver2.privateinternetaccess.com)...

This is what seems to be resulting in the geoblocking when i try to route only the BBC data through the VPN...

I'm confused as to why one configuration would use the VPN's exit node IP as the DNS IP, while the other configuration would use an actual DNS server in the US, especially since both configurations have the same /etc/resolv.dnsmasq file being used, and router logs show that both configurations use the same nameservers when the OpenVPN service is started...

leoOK

DNS server plays no role on this issue, BBC actively blocks known VPN IPs.

You need to find out all the UK server IPs, then try it one by one.

To find out server IPs, you can issue a dig command "dig +short uk-london.privateinternetaccess.com" on Linux terminal.

leoOK

In case you are on Windows, this is windows cmd command "nslookup uk-london.privateinternetaccess.com'

spears

The problem isn't that they are blocking the IP, i've confirmed that it works when routing all of the data through the VPN, yet when i only route BBC data through, it doesn't work...

The IP changes when i do this, but during trying to figure all of this out, i've changed these settings back and forth close to a hundred times, and each time when all of the data is routed through, it works, but when i only route the BBC data through, it's blocked...

The reason i thought it was a DNS issue is because the only difference that i can see between both of those configurations, is that the DNS changes from being the same IP as the VPN exit node (in this configuration the BBC doesn't block me), or the DNS is shown as the PIA DNS server based in the US, or my default set google DNS set in the US/Taiwan (in this configuration it is always blocked by the BBC).

While the BBC may block these PIA IP's again in the future, it's currently not the issue...

I'll start saving the IP's as i test more solutions though, just to confirm that i'm not somehow having such bad luck that i get assigned a blocked IP every time i happen to change the routing settings... I can't see how it's possible though, so i think it's still something else causing it...

leoOK

How about you directly put a just working IP on your router's vpn client to see the results?

spears

I'll try it right now, i didn't realise i could just put in an IP to directly connect to

Edit: Ok so i had 2 IP's saved into a text file, which didn't work while i was routing through just the BBC data, i chose one of them and reconnected OpenVPN while routing all of the data through the VPN, and that same IP works fine with the BBC player

I tried it with the 2nd IP as well and it worked too

So i'm still thinking it's to do with the fact that when i route through just the BBC data, for whatever reason i end up using a non-UK DNS which somehow lets them block me...

jonathan.holvey

Did you get anywhere with this? I seem to be having the same problem when using iptables to selectively route iPlayer traffic through my VPN. It works fine when the VPN is used as the default gateway.

dannytrigo

I am interested in this as well.  I didn't manage it either but did not think of DNS being the issue - I thought I just missed some IP ranges to route through the VPN.

I'm using dd-wrt on my router to route my TV traffic through the VPN.

How did you determine which IP ranges to route?

PiaVipper

What makes you think your selctive routing is working? I suspect than when you think you are routing just the BBC data through the VPN, it is in fact going direct with all your other data.

dannytrigo

For me, I know selective routing works because I can selectively route a site like dnsleaktest.com

p5283284

I follows this post very closely as I am having an issue with recorded series from iplayer. I am showing the cbees to my kid and after the firs (no problem), any other play gives a message saying that is only available in UK. One worked, anything after it, not anymore.
I use VPN on DDWRT. I used the 2 UK servers and none works anymore.
Thanks for helping

p5283284

Update...
leoOK is right. I changed the PIA uk network dn with an ip out of the NS query and it seems to be working now.
The question is:
I got 12 IPs out of the NS quesry. Is it possible that sooner or later they are all banned? Or are those IPS regularly changed to avoid being blocked after all?