For a long time, Netflix has always been my pain point. I could cross the GFW to visit most of the blocked websites, but not Netflix, because Netflix will detect your IP address, and if they think you are using a proxy, you will be blocked when you are trying to watch the video (Netflix won't block you if you just want to broswer their website).
Thanks to ExpressVPN, people who use their service won't be blocked by Netflix, but does it mean everyone can easily watch videos on Netflix just by using the VPN. Maybe it is true to the rest of the world, but not China. Most of the time it will be a failure when you try to connect to ExpressVPN directly in China. Even if you are lucky enough to make it, the speed is very limited. I almost gave up, but later I thought maybe I could use ExpressVPN based on SS. Since I already set up SS in my router, I could forward all the requests to SS. I just need to change my iptables configurations.
#!/bin/sh
iptables -t nat -N SHADOWSOCKS
iptables -t nat -A SHADOWSOCKS -d 121.42.213.83 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
It turns out to be a good idea. The speed is super fast. I'm completely free when browsering the internet, but there are still some problems to improve or figure out.
- When connecting to the router (with configuration above) directly without VPN, without SS, I cannot watch YouTube. The video couldn't be loaded even though everything else works well.
- I learnt from this tweet that we could unlock Netflix through DNS. Compared to ExpressVPN, it's much cheaper. Maybe I should give it a try later.
- The iptables configurations could be improved. At least all the requests to Chinese servers shouldn't go through the VPN.
Anyway let's enjoy Netflix first.
Reference: