Not so long ago I wrote a guide on how to unblock U.S Netflix and other services such as BBC iPlayer using an Openwrt router and SmartDNS. That guide is still valid but ever since I wrote that guide there has been a big development. The OpenWrt team released the latest stable version of OpenWrt-version 21.02 which came out on the 5th of September. This is a major release that requires a rewrite of the guide.
The main aim of this article is to teach you how to unblock services such as U.S Netflix, AppleTV+, Disney+, Britbox BBC iPlayer, SBS Australia, Channel 4 and TVNZ by configuring your router for static routing. To do this you will need a router running OpenWrt 21.02 i.e. the latest stable version of OpenWRT on your router.
Where do I get a router running OpenWrt?
This is a question that I keep getting in my inbox. So let me explain my setup again. I have ZOL Wibroniks in my home. ZOL supplied me with their (useless) black GreenPacket WiFi router which also doubles as the POE injector. I have put this in bridge mode i.e. as far as my computers are concerned the router doesn’t exist. Instead, the main outdoor router acts as a DHCP server on my primary LAN.
I also have an old TP-Link TL-MR3420 V5 that I bought from Fanoos in town for about $25. You can get a similar router or some other decent TP-Link router. This router was running TP-Link firmware when I bought it but then I flashed (installed OpenWrt) firmware on it using the instructions here. The router is now plugged into one of the LAN ports on my ZOL router and it gets an IP address from my outdoor ZOL router. My TV sticks and laptops are connected to this OpenWrt router.
Basic network configuration
Before you proceed you need to make sure you have an active SmartDNS service. Once I had installed OpenWrt 21.02 on my router, connected it to the internet I proceeded to set a SSH password for it and logged in via SSH and fired up the following commands you can copy-paste them provided you follow the caveats below:
uci -q delete network.wan.dns
uci add_list network.wan.dns=”220.127.116.11″
uci add_list network.wan.dns=”18.104.22.168″ uci set network.wan.peerdns=”0″
uci set network.wan6.peerdns=”0″ uci commit network /etc/init.d/network restart
Each line is a new command which has to be typed or copy-pasted separately. The IP addresses I used here are for SmartDNSProxy. If you use a different service you’ll need to use the DNS servers from that service.
Setting up static routing
The above commands should be enough for services like BBC iPlayer but as already noted in my original guide, Netflix is a much more tricky beast. You can also still not use Chromecast as Google tries to use their own public DNS servers 22.214.171.124 and 126.96.36.199. Back in the day, they used UDP to do this so all we needed to do was hijack DNS traffic but these days apps like Chrome use DNS over TLS and sometimes HTTPS.
To fix this we need to set up static routing. Basically, we tell our router to capture all packets meant for Google DNS and send them to our own DNS server instead. This was hard to do in OpenWrt 19.07 and before but this latest version of OpenWrt makes things a bit easier.
You need to login into the OpenWrt WebUI (Luci) by visiting https://192.168.1.1 and logging in as root. Go to the Network menu and select firewall. Then visit the custom rules tab. Add the following lines:
iptables -I PREROUTING -t nat -p udp –dport 53 -j DNAT –to-destination 188.8.131.52
iptables -I PREROUTING -t nat -p tcp –dport 53 -j DNAT –to-destination 184.108.40.206
iptables -I FORWARD -d 220.127.116.11/255.255.240.0 -j REJECT
iptables -I FORWARD -d 18.104.22.168/255.255.224.0 -j REJECT
iptables -I FORWARD -d 22.214.171.124/255.255.240.0 -j REJECT
iptables -I FORWARD -d 126.96.36.199/255.255.252.0 -j REJECT
iptables -I FORWARD -d 188.8.131.52/255.255.192.0 -j REJECT
iptables -I FORWARD -d 184.108.40.206/255.255.248.0 -j REJECT
iptables -I FORWARD -d 220.127.116.11/255.255.128.0 -j REJECT
Click on save and restart your OpenWrt router. Now the United States version of Netflix should be working even on smart TVs and Android TV sticks connected to the router.
SmartDNS services like SmartDNSProxy and SmartyDNS work on an IP basis. When you pay for their service they use your current IP address to determine if you are authorised to use their unblocking service. Every time your IP changes you have to manually authorise your new IP in their dashboards. This gets tedious fast, the whole point of having a router handle unblocking stuff is because we want to automate the boring stuff.
Fortunately, most services give you an API you can use to automatically authorise your current IP. Typically it’s just a web address followed by a unique key. When you visit this address, the server on the other end takes your key, checks your IP and authorises that IP. Usually, this API uses an HTTPS address which meant you had to install Curl package on OpenWrt. This is no longer necessary on OpenWrt 21.02 which comes with WolfSSL built-in.
So here is how I did it:
- Log in via SSH into the OpenWrt server
- Open the cron via via the command crontab -e this opens the cron file using the Vi editor
- I then entered the following line */5 * * * * /usr/bin/wget -O /dev/null https://www.globalapi.net/full_api_path
- Saved the file using Esc then Shift+: the wq and enter (close and save commands for the vi editor)
NB. remember to use your own full API URL as given by your provider. What this does is set up a cron job that runs every 5 minutes. In this case, the job is to call the authorisation API. So as soon as your router boots it runs the job and does so every five minutes. It’s not perfect, but it does the job. Unfortunately, the API is throttled so you cannot set an interval of fewer than 5 minutes.
All you need to do now is connect your devices to this router and they will automatically unblock US Netflix, iPlayer and other such services. You only need to do this once and never touch your configuration again.