Netflix VPN detection - actual engineer needed

Matt Freitag mlfreita at mtu.edu
Sun Jun 5 22:18:20 UTC 2016


While it is damaging negative publicity it also makes sense. HE's tunnel
service amounts to a free VPN that happens to provide IPv6. I would love
for someone from HE to jump in and explain better how their tunnel works,
why it's been blocked by Netflix, and what (if anything) they are doing to
mitigate it.

For my part, I also found that my HE tunnel no longer worked with Netflix
because, again, it amounts to a free VPN service. I had to shut it off.

However, I did discover that my ISP Charter Communications runs a 6rd
tunnel service for their customers and enabled that on my router instead.
Here are the settings I put in my ASUS router, taken off of a Tomato router
firmware forum post:

DHCP Option: Disable
IPv6 Prefix: 2602:100::
IPv6 Prefix Length: 32
IPv4 Border Router: 68.114.165.1
IPv4 Router Mask Length: 0

I'm also using an MTU of 1480 and a Tunnel TTL of 255.

Works great, though I imagine it'll only work for other Charter customers
who don't care what prefix they get assigned as Charter uses prefix
delegation to make this work.

Matt Freitag
Network Engineer I
Information Technology
Michigan Technological University
(906) 487-3696 <%28906%29%20487-3696>
https://www.mtu.edu/
https://www.it.mtu.edu/

On Sun, Jun 5, 2016 at 5:59 PM, Owen DeLong <owen at delong.com> wrote:

>
> > On Jun 5, 2016, at 14:18 , Damian Menscher <menscher at gmail.com> wrote:
> >
> > On Fri, Jun 3, 2016 at 4:43 PM, Baldur Norddahl <
> baldur.norddahl at gmail.com>
> > wrote:
> >
> >> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <cryptographrix at gmail.com
> >:
> >>>
> >>> The information I'm getting from Netflix support now is explicitly
> >> telling
> >>> me to turn off IPv6 - someone might want to stop them before they
> >>> completely kill US IPv6 adoption.
> >>
> >> Not allowing he.net tunnels is not killing ipv6. You just need need
> native
> >> ipv6.
> >>
> >
> > This entire thread confuses me.  Are there normal home users who are
> being
> > blocked from Netflix because their ISP forces them through a HE VPN?  Or
> is
> > this massive thread just about a handful of geeks who think IPv6 is cool
> > and insist they be allowed to use it despite not having it natively?  I
> > could certainly understand ISP concerns that they are receiving user
> > complaints because they failed to provide native IPv6 (why not?), but
> > whining that you've managed to create a non-standard network setup
> doesn't
> > work with some providers seems a bit silly.
> >
> > Damian
>
> What is non-standard about an HE tunnel? It conforms to the relevant RFCs
> and
> is a very common configuration widely deployed to many thousands of
> locations
> around the internet.
>
> It’s not that Netflix happens to not work with these tunnels, the problem
> is
> that they are taking deliberate active steps to specifically block them.
>
> Most likely, these steps are being taken at the behest of their content
> providers,
> but to the best of my knowledge, that is merely speculation so far as I
> don’t
> believe Netflix themselves have confirmed this. (It’s not unlikely that
> they are
> unable to do so due to those same content providers likely insisting on
> these
> requirements being considered proprietary information subject to NDA.)
>
> So… I don’t know how many “normal users” use HE tunnels vs. “geeks” or how
> one
> would go about defining the difference. I can tell you that there are an
> awful
> lot of people using HE tunnels, and based on what I saw while working at
> HE,
> I don’t believe they are all geeks. While I would say that geeks are a
> larger
> fraction of the HE Tunnel using populace than of the general population,
> I’m
> not sure to what extent. Probably a lot less than you think based on the
> tone of your message.
>
> I think that a provider that has specifically claimed to be an early
> adopter
> supporting IPv6 and is now having their support department tell customers
> to
> turn off IPv6 altogether is certainly noteworthy and not in a good way.
>
> Further, if that provider is actively taking steps to damage previously
> working
> IPv6 network configurations, that is also worthy of substantial negative
> publicity.
>
> I’m confused as to why you would think otherwise.
>
> Owen
>
>



More information about the NANOG mailing list