Hey guys,
I selfhost a server at home where I run a couple of services. Wireguard is one of them. I also have another house where I live every couple of weeks for a few days. Netflix blocked me on the second house for account sharing. As I run my own wireguard and the tv in the second house runs AndroidTV I created a wireguard config (I run wg-easy) and installed the official Wireguard app on AndroidTV. Sadly netflix still blocks me which is weird because all traffic of that tv seems to be running over the tunnel.

Here is the config:

` [Interface] PrivateKey = XXX Address = 10.8.0.3/24 DNS = 1.1.1.1 MTU = 1420

[Peer] PublicKey = XXX PresharedKey = XXX AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 0 Endpoint = vpn.XXXde:51820 `

I also posted this on reddit selfhosted where it sadly got removed. Some suggestions were that somehow DNS requests or IPv6 traffic still got through without using the wireguard tunnel which doesn’t make much sense because usually the wireguard app puts everything through the tunnel.
I also edited the conf to also tunnel all ipv6 traffic with adding ::/0 under allowed IPs but that also didn’t resolved the problem.
Is there anything else I could try? Are there different solutions? I’m aware that there are other approaches to this problem (using Jellyfin) but I really want to figure out this problem as it doesn’t make any sense to me. The whole traffic should be going over my home server and it seems it doesn’t.
Has anyone gotten this kind of setup to work?

Thanks for any help, have a good day!

  • @JustinAngel
    link
    English
    41 year ago

    Definitely complicated to root cause. Please share if ya figure out the hard parts 😄

    An idea: Netflix could be fingerprinting TUN interfaces on the TV.

    One thing I’d consider trying is Tailscale in userspace networking mode on a distinct network host at location 2, which’ll start a SOCKS/HTTP proxy that the TV can use for outbound connections.

    Bonus: any devices incompatible with Tailscale can use the proxies.

    If you’d like to take a stab at this, Headscale is a self-hosted version of Tailscale’s service. Personally, I use Caddy to automatically manage letsencrypt certs while proxying requests to Headscale.