Hey guys, so I get my raspberry pi today, and one big thing I can't find is a way to use the raspberry pi to make a http proxy compatible with ios to avoid people trying a man in middle on public wifi, and get around firewalls/restrictions. My ipad gives me the option for a server, a port, and authentication on/Off after you go to setting>wifi>network name info>http proxy set to ON. I want to create my own proxy for us on the IPad, but don't want to use a full VPN (another area of settings). The main reason is it is a school ipad with MDM profiles on it where a VPN will get me in trouble, but there is no rule against a http proxy. So if anyone knows a way to do that, that would be awesome. I am going to create a full VPN server for use with my laptop, android phone, and android tablet, but can't use it for the school ipad. Anyone help would be useful. Any chance this would work with openvpn? It seems more simple and compatible than a hamachi setup.
Out of curiosity how do they track you? Can you leave school with it? If they are watching your traffic you can always use say ssh or SSL over VPN to mask the traffic. You should check out the app fiddler for your pc and use it to see what's going on in the background of that iPad as I'm assuming you obviously would be in deep trouble if you jail broke it. ☺
Sent from my SAMSUNG-SGH-I337 using Tapatalk
Nizda1 said:
Out of curiosity how do they track you? Can you leave school with it? If they are watching your traffic you can always use say ssh or SSL over VPN to mask the traffic. You should check out the app fiddler for your pc and use it to see what's going on in the background of that iPad as I'm assuming you obviously would be in deep trouble if you jail broke it. ☺
Sent from my SAMSUNG-SGH-I337 using Tapatalk
Click to expand...
Click to collapse
Yes, I can take it home. I'm sitting in my bed messaging you on it atm. Also I can't jailbreak it because the profiles on it won't allow me to connect to a PC. They have the mobile device management profiles on it so they can track all of my apps, wifi connection, os version, view some settings, secure their wifi password through it (fiber optics hitting up to 50 mb/s), and they have IP address filtering. I can upload it, but I got an email saying to stop playing a game and sent me a picture with my ipad name, the app name, and the IP address it was accessing. I believe with the proxy since it's under settings, and I can set the IP as a static IP to what I want at home for the pi, they won't be able to figure it out and think it a website or weird app connection, and can't tell what it is exactly. They already caught a ton of people downloading the open door app that is basically a web browser and proxy app wrapped together. I just want to use the fast speeds and not have my games and some of my blogs blocked, but not have to leave my phone in my backpack attached to my 22,000 MaH external battery to tether all day and not kill my phone. Especially with my smartwatch and bluetoothheadphones battery life is very precious.
TL;DR
My ChromeCast was happily using Unblock US for Netflix for months. It stopped working on Friday. Is it a general problem, or is it just with my setup?
The long version:
I got my ChromeCast before Christmas, and I've been happily using it with multiple Netflix regions using Unblock US. On Friday I started getting the "We're having trouble playing this title" error on some titles, and it looks like my ChromeCast can no longer access non-UK titles.
It worries me that this coincides (sortof) with the official availability of ChromeCast in the UK, and I'm wondering if they've released a new build or service which prevents the use of services like Unblock US.
My ChromeCast is using build 16278 (with a worrying 'Country code GB' that I never noticed before). I'm intercepting access to Google's DNS on my router using the following iptables commands:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 208.122.23.22
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 208.122.23.23
And as I said, these have been working fine for months. I'm also fairly confident that they're still OK, because I've set my tablet to use 8.8.8.8 as the DNS and it can access Netflix US content just fine.
So, my questions:
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
2. If it's not working for you either, do you know why?
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
I've been happy with Unblock US but I'm equally happy to move to a different provider if there's a better one.
(I hope this is the right forum - it's where ChromeCast region settings and use of iptables have been discussed in the past. I'm a bit worried that the forum says I'm breaking the rules by asking a question, so if there's a better place for this post please don't be offended by my ignorance and please do let me know!)
Many thanks.
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
DJames1 said:
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
Click to expand...
Click to collapse
I expect we had better get used to this breakage with things like Netflix due to the fact that Google does a tiered rollout of updates and the Apps must also be updated to work with those new updates from time to time.
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Just wanted to point out, sometimes if you change settings on your router or the connection is disrupted randomly, the iptables may get reset and stop intercepting Chromecast DNS requests. Rebooting the router to start the script again helps.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
Click to expand...
Click to collapse
One of them said that Netflix was a separate binary and the only exception to running in a Chrome sandbox, so seems that is the case. It could still be cleverly coded so it wouldn't require a full update unless there was a low level or architecture change.
Asphyx said:
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Click to expand...
Click to collapse
Yup... even with the forced updates there's still a period of time when there are units on both old and new versions, DNS caches haven't been updated, etc.
RandomUser6 said:
TL;DR
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
Click to expand...
Click to collapse
Yes - though my CC still says country code US.Tried the Supernatural episode as well and that worked too.
RandomUser6 said:
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
Click to expand...
Click to collapse
I'm sure you probably already done this but have you checked your current external IP Address is active on the unblock-us website?
Some updates
Hi all,
Many thanks for all your responses. Some updates:
I checked the external IP address was active on Unblock US, and it was.
I restarted the router, the ChromeCast and the tablet. It made no difference.
I did another factory reset on the ChromeCast. It made no difference.
I managed to change the Country Code to US. It made no difference.
So I still have the problem and I’m not sure what the differences between my setup and Pully’s are.
The Country Code change is worth a bit more explanation. You all may already know this, or know how this mechanism works, but I didn’t.
* After a factory reset, I couldn’t see the ChromeCast on my tablet to set it up. I could see it with my phone. (My tablet is set to use Google’s DNS - intercepted and redirected to Unblock US’s DNS - rather than my ISP’s, location services are off, and ChromeCast has access to location services turned off in App Ops. My phone just uses regular DNS and has location services turned on.)
* I set the ChromeCast up using my phone, and it set the location (automatically) to GB. I’m not certain of this but I’ve no recollection of choosing the location at this point.
* I couldn’t get things to work and posted here. (Just so you know the timeline.)
* I did a factory reset again, and tried to set ChromeCast up using the tablet again. It still couldn’t see the reset ChromeCast. Then I changed App Ops on the tablet to allow access to location services, and it could suddenly see the ChromeCast to set it up. Location services were still turned off on the tablet, but it seems turning it off in App Ops interfered with it seeing the reset ChromeCast.
* When I tried to set it up with the tablet - now that it could see it - as part of the setup process it gave me a drop down to choose the location. I chose US. (I’ve also set it to EST/New York time and language to English (United States).
So the upshot is: I believe you can set the Country Code in build 16278 if you set it up using a device that has location services turned off, but not blocked by App Ops.
Unfortunately I’m still no further on with my Netflix problem and I’m running out of things to try.
How long does the US Country Code stick? Does it reset to GB when you power-cycle the Chromecast?
Maybe it's time to broaden your experiments to identify where the problem lies.
Instead of relying on the iptables commands you could try the static-route-to-nowhere method to block Google DNS and put the DNS addresses in your router fields for the moment. See if that makes a difference.
For an alternative DNS you could sign up for a 1-week trial with one of the others like Unotelly, or else try the free DNS services currently offered by SmartDNSProxy or Tunnelto.us. I have confirmed that they work with Netflix on the Chromecast.
If neither of those things work, at least you have eliminated some possibilities.
Right now tunnelto.us is working for me, whereas unlocater broke some time ago. SmartDNSProxy also not working for me.
Sent from my Nexus 5 using Tapatalk
It works now!
Hi folks,
I have it working now (thanks!) and have a bit more information. Some of this is just my supposition of what’s going on.
First of all, Country Code sticks between power-cycles without any problems. Time zone and language don’t seem to have any impact either. Also, I honestly have no idea whether Country Code has any effect at the minute. It might still be a red herring, or a problem for the future.
The fix was related to an idea DJames1 had. I changed my iptables to use tunnelto.us and it didn’t work either. So I tried setting the router to use Unblock US as the main DNS as well as in iptables, and it worked.
As I said before, this worked fine for months up until Friday. I don’t know if it’s the new build or something else, but I believe that something is now verifying(?) DNS using the DHCP-supplied DNS as well as Google’s hard-coded DNS.
I don’t want all machines on my home network using Unblock US’s DNS, so I updated my router config to supply Unblock US DNS entries via DHCP just to the ChromeCast. This works fine. If you want to do the same, and you’re using DD-WRT, just add this to your Additional DNSMasq Options:
dhcp-option=altdns,6,208.122.23.23,208.122.23.22
dhcp-host=#ChromeCast MAC Address#,net:altdns
Obviously you need to change #ChromeCast MAC Address# to the MAC address of your own ChromeCast. And if you want to use other DNS entries instead of Unblock US, just change the two IP addresses in the first line.
I’m sure there are other ways of achieving the same ends, but this worked for me. And the easiest option is just to use Unblock US as the DNS for your router/DHCP as well as the iptables entries.
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
RandomUser6 said:
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
Click to expand...
Click to collapse
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
I can't say but it would make some sense that the DNS used will change depending on the Country Code of the device.
So a CCast in the UK might use a hardcoded DNS for GoogleUK server as opposed to a US server....
You're right!
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
RandomUser6 said:
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
Click to expand...
Click to collapse
Interesting. My Chromecast in Canada definitely is still using Google's hard coded DNS, but the firmware version still isn't the newer one you've reported.
Sent from my Nexus 5 using Tapatalk
RandomUser6 said:
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Click to expand...
Click to collapse
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Code:
[email protected]:~# tcpdump -nli br-lan host 10.12.30.1 and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 65535 bytes
18:01:05.016228 IP 10.12.30.1.37745 > 8.8.8.8.53: 35107+ A? lh3.googleusercontent.com. (43)
18:01:05.061083 IP 8.8.8.8.53 > 10.12.30.1.37745: 35107 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.34.235, A 173.194.34.236, A 173.194.34.234 (120)
18:02:12.584606 IP 10.12.30.1.42801 > 8.8.8.8.53: 49188+ A? clients3.google.com. (37)
18:02:12.626840 IP 8.8.8.8.53 > 10.12.30.1.42801: 49188 12/0/0 CNAME clients.l.google.com., A 173.194.41.9, A 173.194.41.0, A 173.194.41.5, A 173.194.41.1, A 173.194.41.4, A 173.194.41.6, A 173.194.41.7, A 173.194.41.2, A 173.194.41.14, A 173.194.41.8, A 173.194.41.3 (237)
18:03:06.852570 IP 10.12.30.1.54056 > 8.8.8.8.53: 18326+ A? lh4.googleusercontent.com. (43)
18:03:06.898487 IP 8.8.8.8.53 > 10.12.30.1.54056: 18326 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.11, A 173.194.41.12 (120)
18:05:09.640580 IP 10.12.30.1.53769 > 8.8.8.8.53: 61549+ A? clients3.google.com. (37)
18:05:09.687719 IP 8.8.8.8.53 > 10.12.30.1.53769: 61549 12/0/0 CNAME clients.l.google.com., A 173.194.41.224, A 173.194.41.233, A 173.194.41.230, A 173.194.41.229, A 173.194.41.228, A 173.194.41.227, A 173.194.41.238, A 173.194.41.231, A 173.194.41.232, A 173.194.41.225, A 173.194.41.226 (237)
18:05:09.913235 IP 10.12.30.1.43963 > 8.8.8.8.53: 14131+ A? lh5.googleusercontent.com. (43)
18:05:09.954725 IP 8.8.8.8.53 > 10.12.30.1.43963: 14131 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.12, A 173.194.41.11 (120)
My router’s dhcp server tells the clients on my network (including my chromecast) that they should use 10.12.0.1 as their dns server.
As you can see in tcpdump output above, the chromecast (10.12.30.1) is ignoring that and using 8.8.8.8.
New build?
kpiris said:
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Click to expand...
Click to collapse
Interesting. My problems started last Friday, and mine is reporting (stock) build 16278.
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Restart, restart, restart...
bhiga said:
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
Click to expand...
Click to collapse
Yeah, today was a bit of a restart frenzy for me. Both the router and the ChromeCast have been powered off and back on again since the config changes and they continue to work.
cmstlist said:
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Click to expand...
Click to collapse
Yes here in Denmark, my cc has 16278
Hi
I'm looking to set up multiple chromecasts around the office.
I'd like to know if users on the network can detect what is being cast.
For example.. I'm using one to show a financial portfolio, I don't want users on the network to be able to detect or see this without permission... The only people who should see it are the users in the room the cast is being presented to.
I don't want others to see the live presentation or the file name being cast.. Also I don't want them to be able take over the chromecast if its in use..
Can anyone advise on this.
Thanks
Sent from my Nexus 7 (2013) KitKat 4.4.2
Don't know how to lock out other users unless you put it on it's own network. As for the rest of it.
If you use a password to log onto your network, and cast straight from desktop to chromecast you should be fine. The way I understand it.
Sent from my PHOTON Q using XDA Premium 4 mobile app
albert_htc said:
I'm looking to set up multiple chromecasts around the office.
I'd like to know if users on the network can detect what is being cast.
For example.. I'm using one to show a financial portfolio, I don't want users on the network to be able to detect or see this without permission... The only people who should see it are the users in the room the cast is being presented to.
I don't want others to see the live presentation or the file name being cast.. Also I don't want them to be able take over the chromecast if its in use..
Click to expand...
Click to collapse
Yes, if I'm casting a YouTube video and my wife connects to the same Chromecast, she'll see exactly what I'm watching as well as the playback position.
With the right application you can probably get information about what's being cast regardless of what application is casting.
Chromecast, is a consumer device designed for ease-of-use on a home network. It's very loose on the privacy, even considering the market, IMO.
As @rbeavers suggested, you can control access by putting Chromecast on separate networks, whether that's via separate APs or via VLANs, it depends on how your network is configured. If you go the VLAN route, make sure to enable Multicast support on the VLAN but not multicast routing.
albert_htc said:
Hi
I'm looking to set up multiple chromecasts around the office.
I'd like to know if users on the network can detect what is being cast.
For example.. I'm using one to show a financial portfolio, I don't want users on the network to be able to detect or see this without permission... The only people who should see it are the users in the room the cast is being presented to.
I don't want others to see the live presentation or the file name being cast.. Also I don't want them to be able take over the chromecast if its in use..
Can anyone advise on this.
Thanks
Sent from my Nexus 7 (2013) KitKat 4.4.2
Click to expand...
Click to collapse
Here is a good rule to go by.....
If Google's Name is on the device your Privacy is pretty much NIL! LOL
As @bhiga said, Anyone can connect to the CCast and get a report of what it is playing and where it is at in the playback.
So no Bachelor party tapes via CCast when the Wife is home! LOL
Thanks. That explains it perfectly.
Sent from my Nexus 7 (2013) KitKat 4.4.2
Hey community, what VPN service do you use and/or recommend for our phones that is preferably free, which maintains reliability and speed. I have looked into a few and frootvpn is close to the top of my list. I use it for security in downloading and access behind wifi restrictions. Thanks.
mrsamtee said:
Hey community, what VPN service do you use and/or recommend for our phones that is preferably free, which maintains reliability and speed. I have looked into a few and frootvpn is close to the top of my list. I use it for security in downloading and access behind wifi restrictions. Thanks.
Click to expand...
Click to collapse
I wouldn't recommend a free VPN for fears of bandwidth restrictions, ads and logging concerns. To better understand what to look for when selecting a VPN read this along with this for for android VPNs
Do share which you decide to go with though. Always good to have actual user reviews.
I've been using PIA (Private Internet Access) for a year now. It has good speed, fairly inexpensive, and it can be installed on up to 5 devices.
nicholb said:
I've been using PIA (Private Internet Access) for a year now. It has good speed, fairly inexpensive, and it can be installed on up to 5 devices.
Click to expand...
Click to collapse
Thanks. They seem like a good choice along with ipvanish.
I personally VPN to my house, where I have a Meraki Z1 firewall installed. They provide a free dynamic DNS address, so I don't have to worry about my IP changing.
dc/dc said:
I personally VPN to my house, where I have a Meraki Z1 firewall installed. They provide a free dynamic DNS address, so I don't have to worry about my IP changing.
Click to expand...
Click to collapse
Wouldn't that be a static IP address? By definition, dynamic IP addresses change.
dc/dc said:
I personally VPN to my house, where I have a Meraki Z1 firewall installed. They provide a free dynamic DNS address, so I don't have to worry about my IP changing.
Click to expand...
Click to collapse
Yeah I do that too but for instances where you don't want your isp to know what your doing online it helps to have extra layer of anonymity.
mrsamtee said:
Hey community, what VPN service do you use and/or recommend for our phones that is preferably free, which maintains reliability and speed. I have looked into a few and frootvpn is close to the top of my list. I use it for security in downloading and access behind wifi restrictions. Thanks.
Click to expand...
Click to collapse
I use Private Internet Access. They make an app for the Android too. On my computer I use it for torrent. Yes, up to 5 connection allowed.
After you are done, go to dnsleaktest website to see if you can really can be found. If not, then you are safe.
Air vpn.
Sent from my SM-N910T using xda app-developers app
RiverCity.45 said:
Wouldn't that be a static IP address? By definition, dynamic IP addresses change.
Click to expand...
Click to collapse
No. Comcast uses DHCP, so the IP address assigned to my Z1 can and does change on occasion. Meraki assigns a dynamic DNS address that has the name of my network plus some random letters and numbers on the meraki.com TLD, which allows me to VPN to that URL instead of having to remember the IP address.
mrsamtee said:
Yeah I do that too but for instances where you don't want your isp to know what your doing online it helps to have extra layer of anonymity.
Click to expand...
Click to collapse
Fair enough. I usually only use mine to bypass QoS at hotels or better secure my connection at a public hotspot. Also, some guest networks that have content controls, such as the ones I build, block public VPN services like Strong VPN or Hotspot Shield but allow enterprise ones such as Meraki.
I too use Private Internet Access. $40 a year is pretty cheap for peace of mind when online. I didn't know I could install on more than one device. Thanks!!