How to unblock US Netflix & BBC iPlayer using Openwrt 21.02 and SmartDNS

Openwrt, Unblock Netflix US BBC iPlayer

Not so long ago I wrote a guide on how to unblock U.S Netflix and other services such as BBC iPlayer using an Openwrt router and SmartDNS. That guide is still valid but ever since I wrote that guide there has been a big development. The OpenWrt team released the latest stable version of OpenWrt-version 21.02 which came out on the 5th of September. This is a major release that requires a rewrite of the guide.

The main aim of this article is to teach you how to unblock services such as U.S Netflix, AppleTV+, Disney+, Britbox BBC iPlayer, SBS Australia, Channel 4 and TVNZ by configuring your router for static routing. To do this you will need a router running OpenWrt 21.02 i.e. the latest stable version of OpenWRT on your router.

Where do I get a router running OpenWrt?

This is a question that I keep getting in my inbox. So let me explain my setup again. I have ZOL Wibroniks in my home. ZOL supplied me with their (useless) black GreenPacket WiFi router which also doubles as the POE injector. I have put this in bridge mode i.e. as far as my computers are concerned the router doesn’t exist. Instead, the main outdoor router acts as a DHCP server on my primary LAN.

I also have an old TP-Link TL-MR3420 V5 that I bought from Fanoos in town for about $25. You can get a similar router or some other decent TP-Link router. This router was running TP-Link firmware when I bought it but then I flashed (installed OpenWrt) firmware on it using the instructions here. The router is now plugged into one of the LAN ports on my ZOL router and it gets an IP address from my outdoor ZOL router. My TV sticks and laptops are connected to this OpenWrt router.

Basic network configuration

Before you proceed you need to make sure you have an active SmartDNS service. Once I had installed OpenWrt 21.02 on my router, connected it to the internet I proceeded to set a SSH password for it and logged in via SSH and fired up the following commands you can copy-paste them provided you follow the caveats below:

uci -q delete network.wan.dns
uci add_list network.wan.dns=”154.127.57.224″
uci add_list network.wan.dns=”129.232.164.26″ uci set network.wan.peerdns=”0″
uci set network.wan6.peerdns=”0″ uci commit network /etc/init.d/network restart

Each line is a new command which has to be typed or copy-pasted separately. The IP addresses I used here are for SmartDNSProxy. If you use a different service you’ll need to use the DNS servers from that service.

Setting up static routing

The above commands should be enough for services like BBC iPlayer but as already noted in my original guide, Netflix is a much more tricky beast. You can also still not use Chromecast as Google tries to use their own public DNS servers 8.8.8.8 and 8.8.4.4. Back in the day, they used UDP to do this so all we needed to do was hijack DNS traffic but these days apps like Chrome use DNS over TLS and sometimes HTTPS.

To fix this we need to set up static routing. Basically, we tell our router to capture all packets meant for Google DNS and send them to our own DNS server instead. This was hard to do in OpenWrt 19.07 and before but this latest version of OpenWrt makes things a bit easier.

Setting up static rules int he firewall

You need to login into the OpenWrt WebUI (Luci) by visiting https://192.168.1.1 and logging in as root. Go to the Network menu and select firewall. Then visit the custom rules tab. Add the following lines:

iptables -I PREROUTING -t nat -p udp –dport 53 -j DNAT –to-destination 154.127.57.224
iptables -I PREROUTING -t nat -p tcp –dport 53 -j DNAT –to-destination 129.232.164.26

iptables -I FORWARD -d 108.175.32.0/255.255.240.0 -j REJECT
iptables -I FORWARD -d 198.38.96.0/255.255.224.0 -j REJECT
iptables -I FORWARD -d 198.45.48.0/255.255.240.0 -j REJECT
iptables -I FORWARD -d 185.2.220.0/255.255.252.0 -j REJECT
iptables -I FORWARD -d 23.246.0.0/255.255.192.0 -j REJECT
iptables -I FORWARD -d 37.77.184.0/255.255.248.0 -j REJECT
iptables -I FORWARD -d 45.57.0.0/255.255.128.0 -j REJECT

Click on save and restart your OpenWrt router. Now the United States version of Netflix should be working even on smart TVs and Android TV sticks connected to the router.

Automating authorisation

SmartDNS services like SmartDNSProxy and SmartyDNS work on an IP basis. When you pay for their service they use your current IP address to determine if you are authorised to use their unblocking service. Every time your IP changes you have to manually authorise your new IP in their dashboards. This gets tedious fast, the whole point of having a router handle unblocking stuff is because we want to automate the boring stuff.

Fortunately, most services give you an API you can use to automatically authorise your current IP. Typically it’s just a web address followed by a unique key. When you visit this address, the server on the other end takes your key, checks your IP and authorises that IP. Usually, this API uses an HTTPS address which meant you had to install Curl package on OpenWrt. This is no longer necessary on OpenWrt 21.02 which comes with WolfSSL built-in.

So here is how I did it:

  • Log in via SSH into the OpenWrt server
  • Open the cron via via the command crontab -e this opens the cron file using the Vi editor
  • I then entered the following line */5 * * * * /usr/bin/wget -O /dev/null https://www.globalapi.net/full_api_path
  • Saved the file using Esc then Shift+: the wq and enter (close and save commands for the vi editor)

NB. remember to use your own full API URL as given by your provider. What this does is set up a cron job that runs every 5 minutes. In this case, the job is to call the authorisation API. So as soon as your router boots it runs the job and does so every five minutes. It’s not perfect, but it does the job. Unfortunately, the API is throttled so you cannot set an interval of fewer than 5 minutes.

That’s all

All you need to do now is connect your devices to this router and they will automatically unblock US Netflix, iPlayer and other such services. You only need to do this once and never touch your configuration again.

, ,

5 comments

  1. ben makundi

    meaningless article
    You’ve the idea but you’re failing to sequence the steps that should be followed.

    1. Garikai Dzoma

      This is an updated guide meant for a particular audience. It’s not meangless. The steps outlined are in sequential order. This is one of those guides where you need to apply your mind instead of just copying and pasting I am afraid.

      1. Traveller from the West, The Far west

        What about those who are not part of the ‘particular audience’?? 😎. They don’t matter I guess. You have to be aboard the black pearl to be part of Cpt. Jack Sparrow. 😂😂😂

    2. Donkey breath

      WTF is this?

      Q: How to watch US netflix?
      A: Use a smart DNS provider… Here’s some instructions that only work for one provider of said service, and they’re pretty bad.

      Honestly, just Google smart dns, pick the cheapest, and follow their websites instructions. Don’t accept shilling from sites like this.

  2. Ajit

    Whilst the author reaches a particular audience and they am sure wld appreciate the share …we novices are pretty much in the dark and remain in the DStv dungeon ..
    Thank u for the ping was excited till I saw it was written in ‘mandaringlish’…..

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.
Exit mobile version