Friday, October 09, 2015

ASUS RT-AC66U Firmware 378.55 (Merlin) & setting up OpenVPN with Private Internet Access (PIA) and a ROKU Media player

I'm fairly late to the Netflix table but I knew early on that Canada was second to the US in terms of available shows(check out this Toronto Star Article). At the time of it's writing the US had just about double, 7202 titles compared to Canada's 3663.

I'm also a UFC fan and subscribe to UFC fight pass, their online streaming service. Last year UFC Fight Pass changed what I got content-wise from their service because the UFC had just signed a deal with TSN that prohibited Fight Pass from showing Prelims and other UFC TV offerings on the streaming service that were also being shown on television. If it happened to be shown on television, then UFC fight pass got "blacked out" in Canada (so you didn't "cut the cable" to encourage getting/keeping a cable subscription I guess). You needed Fight Pass AND a cable package featuring TSN in order to watch all the "free" TV UFC and Fight Pass events. The UFC was screwing over the paying subscribers of their streaming service by withholding UFC events that were also shown on TSN where "non-paying" UFC fans could watch them.

Thanks a lot. Even when we pay for stuff, we still manage to get screwed by cable companies we may or may not subscribe to.

In any event I had been using a VPN service for years, Private Internet Access(PIA) for my everyday surfing needs and wanted to extend it to my Netflix and UFC viewing to get around the annoying geoblocking. Everyone I know uses some sort of DNS-proxy based anti-geoblocking solution but I did not want to subscribe to a second service when I already had a perfectly good VPN service. The catch was that I do most of my media streaming on the main floor with a ROKU device which has zero OS customization (it has a great little remote, easy for the wife and kids to operate though). So how do you get a dumb closed device to use your VPN service? By telling your router to redirect it's IP to your VPN gateway.

Here's what you do.

You need to set up your router so that the OpenVPN client is known to it and then feed it an IP address of a device to have it go through the VPN and appear to come from somewhere else in the world like the good old U.S. of A. Here is a screen shot of my router's OPENVPN Clients tab.

In the "Server Address and Port" field you enter the location you are spoofing. I used
"" (no quotes)
along with port 1194. The port and the address need to match and you can find this info on PIA's site along with a full list of locations under the "Regional gateways" section in the bottom left.

Enter your PIA userid and password as shown and in the "Redirect Internet traffic" section choose "Policy Rules" in the dropdown and this opens up a section where you can enter the IP address of the device you wish to use with the VPN. In the destination IP just put (I'm using a ROKU media player).

I'm using the following in the "Custom Commands" section:

remote-cert-tls server
reneg-sec 0
verb 4

In the "Authorization Mode"  field I have it set to "TLS" and clicking on "Content modification of Keys & Certificates" brings up a page where you can enter the following cert in the "Certificate Authority" section. 


And that does it. If you are in Canada like I am fire up NETFLIX on the device you just made use the VPN and look for "Sons of Anarchy" or "30 rock" or any of the other 3000 some offerings not available in the great white north to see if it is working.

I don't feel too bad because it's a service we're paying for and it is the same as if you brought your IPAD with a netflix app across the border and fired it up in a Dunkin Donuts in Maccina or something. Plus the UFC Canada crap burns my ass almost enough to vote with my feet and cancel the service. At least this way I feel better about giving them my $10 a month.