Turns out it has nothing to do with my IPv4 connectivity. Neither of my
ISPs has native IPv6 connectivity, so both require tunnels (one of them
to HE.net, one to the ISPs own tunnel broker), and both appear to be
detected as a non-permitted VPN. As an early IPv6 adopter, I've had IPv6
on all my household devices for years now.
So after having to temporarily turn off IPv6 at my desktop to fix
issues with pay.gov (FCC license payments), and issues with various
other things, and then remember to turn it back on again... I now have
the reason I've been waiting for to turn it off globally for the whole
house.
Thanks Netflix for helping move us forward here.
Matthew Kaufman
ps. Would still be helpful if the support techs could tell from the
error codes that the denied VPN is an IPv6 tunnel
------ Original Message ------
From: "Matthew Kaufman" <matt...@matthew.at>
To: "NANOG" <nanog@nanog.org>
Sent: 6/1/2016 8:27:00 PM
Subject: Netflix VPN detection - actual engineer needed
Every device in my house is blocked from Netflix this evening due to
their new "VPN blocker". My house is on my own IP space, and the
outside of the NAT that the family devices are on is 198.202.199.254,
announced by AS 11994. A simple ping from Netflix HQ in Los Gatos to my
house should show that I'm no farther away than Santa Cruz, CA as
microwaves fly.
Unfortunately, when one calls Netflix support to talk about this, the
only response is to say "call your ISP and have them turn off the VPN
software they've added to your account". And they absolutely refuse to
escalate. Even if you tell them that you are essentially your own ISP.
So... where's the Netflix network engineer on the list who all of us
can send these issues to directly?
Matthew Kaufman
