Every device in my house is blocked from Netflix this evening due to their new "VPN blocker". My house is on my own IP space, and the outside of the NAT that the family devices are on is 198.202.199.254, announced by AS 11994. A simple ping from Netflix HQ in Los Gatos to my house should show that I'm no farther away than Santa Cruz, CA as microwaves fly.
Unfortunately, when one calls Netflix support to talk about this, the only response is to say "call your ISP and have them turn off the VPN software they've added to your account". And they absolutely refuse to escalate. Even if you tell them that you are essentially your own ISP.
So... where's the Netflix network engineer on the list who all of us can send these issues to directly?
Matthew Kaufman
Maybe it's time to use some reverse-psychology and try connecting through a VPN provider? 
Pete
Ps, I hope you succeed in getting an answer from an actual engineer. But if I were a betting man...
Turns out it has nothing to do with my IPv4 connectivity. Neither of my ISPs has native IPv6 connectivity, so both require tunnels (one of them to HE.net, one to the ISPs own tunnel broker), and both appear to be detected as a non-permitted VPN. As an early IPv6 adopter, I've had IPv6 on all my household devices for years now.
So after having to temporarily turn off IPv6 at my desktop to fix issues with pay.gov (FCC license payments), and issues with various other things, and then remember to turn it back on again... I now have the reason I've been waiting for to turn it off globally for the whole house.
Thanks Netflix for helping move us forward here.
Matthew Kaufman
ps. Would still be helpful if the support techs could tell from the error codes that the denied VPN is an IPv6 tunnel
There is an epic lesson here. I'm just not sure what it is. 
- - ferg
Matthew, haven’t you told your ISP to stop using the dreaded 198 space? Everyone knows those are magic addresses that belong to NetGear!
-Bill
Have you tried cdnetops@netflix.com ?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
That Netflix offering free streaming to everyone over IPv6 (after fixing their VPN detection) would be the most effective way to convince end-users to demand IPv6 service from their ISPs?
;>
Had the same problem at my house, but it was caused by the IPv6 connection
to HE. Turned of V6 and the device worked.
Turns out it has nothing to do with my IPv4 connectivity. Neither of
my ISPs has native IPv6 connectivity, so both require tunnels (one of
them to HE.net, one to the ISPs own tunnel broker), and both appear to
be detected as a non-permitted VPN. As an early IPv6 adopter, I've had
IPv6 on all my household devices for years now.
So after having to temporarily turn off IPv6 at my desktop to fix
issues with pay.gov (FCC license payments), and issues with various
other things, and then remember to turn it back on again... I now have
the reason I've been waiting for to turn it off globally for the whole
house.
Wish I read this thread earlier. Damn. I just went through the whole
useless process myself with an ineffectual support rep…
«
But if the system is telling you that error code, it is a setting on
the local network, call your ISP, they can assist you on that issue.
Oh right. RIGHT. I'm SURE they'll be able to help.
»
…and I came to the same conclusion and similar resolution (adding an
outbound rule rejecting traffic to 2620:108:700f::/48, causing fallback
to IPv4 worked for me).
At least I got the support rep to SAY he opened a ticket.
Wow! It's my chance to be the noisy minority!
M.
Confirmed that Hurricane Electric's TunnelBroker is now blocked by
Netflix. Anyone nice people from Netflix perhaps want to take a crack at
this?
I would imagine it was done on purpose. The purpose of the Netflix VPN detection was to block users from outside of different regions due to content providers requests. Since HE provides free ipv6 tunnels, it's an easy way to get around the blockage, hence the restriction.
Netflix needs to figure out a fix for this until ISPs actually provide IPv6
natively.
I don't blame them for blocking a (effectively) anonymous tunnel broker.
I'm sure their content providers are forcing their hand.
Seems everyone continues to forget the content providers are not Netflix...They are the Disney, Discovery, NBC, Turner ect... These are the ones that put clauses and restrictions in their licensing and re-broadcast agreements forcing things like Netflix is doing..
Robert Jacobs | Network Director/Architect
Direct: 832-615-7742
Main: 832-615-8000
Fax: 713-510-1650
5959 Corporate Dr. Suite 3300; Houston, TX 77036
A Certified Woman-Owned Business
24x7x365 Customer Support: 832-615-8000 | support@pslightwave.com
This electronic message contains information from Phonoscope Lightwave which may be privileged and confidential. The information is intended to be for the use of individual(s) or entity named above. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify me by telephone or e-mail immediately.
Same, but until there's a real IPv6 presence in the US, it's really
annoying that they haven't come up with some fix for this.
I have no plans to turn off IPv6 at home - I actually have many uses for
it, and as much as I dislike the controversy around it, think that adoption
needs to be prioritized, not penalized.
Additionally, I think that discussing content provider control over
regional decisions isn't productive to the conversation, as they didn't
build the banhammer (wouldn't you want to control your own content if you
had made content specific to regional laws etc?).
I.e. - not all shows need to have regional restrictions between New York
(where I live) and California (where my IPv6 /64 says I live).
I'm able to watch House in the any state in the U.S.? Great - ignore my
intra-US proxy connection.
My Netflix account randomly tries to connect from Tokyo because I forgot to
shut off my work VPN? Fine....let me know and I'll turn *that* off.
There is no way for Netflix to know the difference between you being in NY
and using the tunnel, and you living in Hong Kong and using the tunnel.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com
I have a VPN connection at my house. There's no way for them to know the
difference between me using my home network connection from Hong Kong or my
home network connection from my house.
Are they going to disable connectivity from everywhere they can detect an
open VPN port to, also?
If they trust my v4 address, they can use that to establish historical
reference. Additionally, they can fail over to v4 if they do not trust the
v6 address.
(since we must dual-stack still here in the US)
There is a large difference between "the VPN run at your house" and
"Arguably the most popular, free, mostly anonymous tunnel broker service"
If it were up to the content providers, they probably would block any IP
they saw a VPN server listening on.
*Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net
*Arbor Networks*
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com