Hi,
not sure where else to post this. For a while now, I’ve unsuccessfully been trying to get WireGuard to work with Crunchyroll.
Setup is as follows:
- dedicated server hosts a wg-quick instance in [neighboring country]
- OPNSense acts as peer on a single IP
- I have a rule for routing the entire traffic of some source device via that IP
This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device’s local gateway. The connection is stable, and fast.
…except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.
I don’t think this is an issue with CR recognizing that I’m not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I’ve also tried from multiple other devices, all with the same symptom.
If anyone has suggestions, I’d love to hear them 😅
EDIT: It was MTU. Had to manually set it to 1500 on both devices.
Nope, still the same issues. I was using the fallback interface there briefly.
EDIT: It WAS MTU related, I had to enable MSS clamping on the OPNSense.
Try switching your browser to a mobile view and see if that works. I have a hunch.
Do you run pfblocker-ng? Try using it with another DNS service
Hi,
no, sorry :(
I really don’t think it’s DNS (famous last words, I know)
What does Wireshark or
tcpdump
show on any relevant interfaces?Alright, this is weird. I ran
tcpdump
on the server, and checked both physical andwg0
interface. For things like youtube, it’s a constant stream of packets coming in on the physical interface, then immediately being relayed throughwg0
- just as it should be.But for Crunchyroll, there’s… Nothing. I get an initial burst of packets when opening the site containing the video I want to stream, and then packets just stop coming in once the page itself has fully loaded.
Are you familiar with web development by chance? Can you see anything in your browser’s developer tools like failed XHR/fetch requests? I’m kind of wondering if they’re doing something specific since you said traffic is flowing as expected on other websites.
If your VPN exits from a datacenter (common with VPN and cloud providers) it could be that while their website wasn’t smart enough to block you, the server the content streams from is and is refusing to stream the content. This would probably show up as a failure in the developer tools (HTTP 401 Unauthorized, some JSON with an error, etc).
Good idea. I get a number of CORS errors - but I also get them without the VPN, so I don’t think that’s it.
The idea that CR doesn’t block me, their content hipster does though - that might have merit. Hm. I have noticed that some sites require me to solve the Cloudflare Captcha. So maybe that happens when requesting the page/stream, and then since I don’t (can’t) solve it, nothing happens?
Do you have an idea how I could verify this? 😅
Those websites (and tons of others) will tell you who your ISP appears to be. Whether or not a service considers it a datacenter isn’t set in stone, but usually it’s easy to tell based on what’s shown there.
Edit: If you’re getting the captchas it’s probably because you appear to be on a VPN.
Potential double (triple) nat issue? Do any other streaming services work?
I don’t have accounts on any other streaming services 😅 YouTube works, though
Do you have a suggestion how to eliminate this as a possibility?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web VPN Virtual Private Network
[Thread #835 for this sub, first seen 27th Jun 2024, 21:25] [FAQ] [Full list] [Contact] [Source code]
Maybe DNS problem?
I’m able to resolve DNS requests from the device. But maybe I’m misunderstanding your question? 😅
Yeah I mean, are you using the same DNS resolver in the server and client?
Ah, alright. Yes, I’ve just double checked. The server end of the tunnel provides a dns server, and the client is configured to use that as its only dns server.
Have you confirmed that with something like https://www.dnsleaktest.com? DNS leaks are common so it’s good to check.
Yep, no leak.