# Accessing US sites via VPN



## Gatos (Aug 16, 2016)

Is it just me or is it becoming more difficult to access US websites under a VPN ? Started several months ago with Netflix. A couple months back bankofamerica.com required I take down my vpn. Today schwab.com is doing the same thing. Ok - I guessed what the issue was - but how many customers do these sites have who don't understand the "Access Denied" page they throw up ?


----------



## joaquinx (Jul 3, 2010)

Gatos said:


> A couple months back bankofamerica.com required I take down my vpn. ?


I have always accessed BofA with or without a VPN. It is true that many sites look at the IP address and they know which ones are VPN sites.


----------



## joaquinx (Jul 3, 2010)

Additionally, on your computer the Opera browser comes with a free VPN. On your tablet or smartphone, Opera has a VPN app that has free access.


----------



## Gatos (Aug 16, 2016)

joaquinx said:


> Additionally, on your computer the Opera browser comes with a free VPN. On your tablet or smartphone, Opera has a VPN app that has free access.


That's good to know. I have OpenLinksys on my router (tomato). Anything in the house gets a IP address via our VPN provider on access (laptops / roku / desktops / tablets / smartphones). It is nice to be able to control the VPN from a single place.

I used opera years ago on BeOS.


----------



## Isla Verde (Oct 19, 2011)

Forgive my ignorance, but what is a VPN?


----------



## TundraGreen (Jul 15, 2010)

Isla Verde said:


> Forgive my ignorance, but what is a VPN?


Virtual Private Network.

They provide an intermediary between you and the internet. There are two main uses that I can think of:

- Companies use them to provide a secure log in to a company web site for an employee working at home for example.

- An individual can use one to hide where you are located. When you visit a web site, the web site thinks that you are located where the VPN is rather than where you are.

It is actually quite handy right now. For some reason, my internet provider (Megacable) is blocking a site that I have to get to all the time. If I go through a VPN, Megacable doesn't know where I am going and doesn't block it. So the VPN provides obscurity in both directions.


----------



## Isla Verde (Oct 19, 2011)

TundraGreen said:


> Virtual Private Network.
> 
> They provide an intermediary between you and the internet. There are two main uses that I can think of:
> 
> ...


Thanks for the explanation, Will. Isn't the second use you mention a little bit on the "iffy" side of legality?


----------



## lagoloo (Apr 12, 2011)

If it were possible to "disappear" all the expats who are using fake U.S. addresses for various purposes; whose cars have never been to Clay County, South Dakota, who use VPN's to watch U.S. Netflix; who scramble to the piles of pirated CD's around, etc., we'd have no traffic jams in places like the Lake Chapala area. 

I think the term might be "situational honesty"??


----------



## Gatos (Aug 16, 2016)

lagoloo said:


> If it were possible to "disappear" all the expats who are using fake U.S. addresses for various purposes; whose cars have never been to Clay County, South Dakota, who use VPN's to watch U.S. Netflix; who scramble to the piles of pirated CD's around, etc., we'd have no traffic jams in places like the Lake Chapala area.
> 
> I think the term might be "situational honesty"??


Please - show me the law that says using a VPN is any way dishonest ....

It should be dishonest to NOT protect your internet footprint. That capability should be built into ALL browsers.


----------



## eastwind (Jun 18, 2016)

The main point of a VPN is to provide security rather than anonymity. 

Suppose that you sometimes take advantage of free wifi services offered at public places. Those connections can be snooped by anyone. Even if the connection requires a password, all a malefactor has to do is ask for that password like any other customer and they can, with snooping software, see what YOU send over that wifi connection. So if you check your email, they can, maybe, steal your email password. If you check your brokerage you are putting your account at risk. If you log into your work you are potentially putting your whole company's network at risk, depending on what other security software your work network is using.

Having a VPN service lets you create a secure connection to the VPN provider, and over that connection the VPN service usually provides encryption, so a snooper just sees you connecting to a VPN site and some encrypted data they can't read going back and forth. 

Suggesting that there is something dishonest about using a VPN is akin to suggesting that there is something dishonest about sending sealed letters instead of using postcards for everything. The anonymity aspect is similar to putting an incorrect return address on a letter you mail. It's sometimes handy, and only slightly ethically challenged.


----------



## TundraGreen (Jul 15, 2010)

Isla Verde said:


> Thanks for the explanation, Will. Isn't the second use you mention a little bit on the "iffy" side of legality?


It is not intrinsically illegal at all. There is no reason most web sites need to know where you are. It is none of their business. Web sites like Netflix have different licensing agreements in different countries. So the selection of movies depends on where you are located. The movies/shows that they have a license to show varies with the country. So if you are using a VPN to see movies that Netflix has no license for Mexico, for example, it may be illegal. Although I don't know whether the crime is being committed by Netflix or the viewer. Mostly Netflix tries to block people who are hiding their location.

In my case, I am using it to get to my own personal web site. For some reason I do not understand, Megacable has decided to start blocking it. I am probably going to change internet providers if I can't get Megacable to fix the problem. In the meantime I can get to it with a VPN. There is absolutely nothing illegal about this use of a VPN.


----------



## Gatos (Aug 16, 2016)

I'd appreciate a little help.

I was tinkering with my router/vpn earlier today trying to tweak out some better performance. I downloaded my VPN provider's desktop app and found that it actually doubled the performance I was getting off my Cisco E4500 router. Then I uninstalled the app and all of a sudden I can no longer get to my VPN provider's website. I've tried from two different laptops and two different routers. If I force a hard-wired IP address into the router's VPN config I can get a virtual IP but the DNS resolution still does not work.

So - would some kind soul (living in Mexico) please try to access http://www.privateinternetaccess.com and let me know if it works for you ? At this point I can't even send them an email.

It is interesting that today, apparently, there are cyber attacks of all sorts going on - and this VPN provider cut off all ties to Russia last week....


----------



## eastwind (Jun 18, 2016)

It works for me. Here's a tracert, from which you can glean some useful IP's to ping and some intermediate names to try and see if your DNS server can resolve them.

I think you picked a bad day to mess with your router 

Tracing route to privateinternetaccess.com [72.52.9.107]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 10.0.0.1
2 3 ms 1 ms 1 ms 192.168.0.1
3 * * * Request timed out.
4 128 ms 98 ms * 10.162.2.254
5 13 ms 13 ms 16 ms 200.79.231.81.static.cableonline.com.mx [200.79.231.81]
6 19 ms 22 ms 19 ms 10.19.132.17
7 46 ms 44 ms 44 ms 58.189-202-240.bestel.com.mx [189.202.240.58]
8 46 ms 48 ms 49 ms 66.189-202-244.bestel.com.mx [189.202.244.66]
9 56 ms 56 ms 54 ms 181.200-57-2.bestel.com.mx [200.57.2.181]
10 97 ms 98 ms 98 ms 201-174-20-121.transtelco.net [201.174.20.121]
11 98 ms 125 ms 98 ms ustx-mca-pae.transtelco.net [201.174.254.197]
12 * * * Request timed out.
13 95 ms 92 ms 91 ms unknown.prolexic.com [209.200.144.200]
14 94 ms 91 ms 92 ms unknown.prolexic.com [209.200.144.207]
15 93 ms 92 ms 92 ms unknown.prolexic.com [72.52.9.107]

Trace complete.


----------



## Gatos (Aug 16, 2016)

I've gotta just hope that all the people lurking/logged onto this forum were simply out to lunch...

I managed to come up with another DNS server and that allowed me to get out to the website I was interested in. It would appear that the cache for the DNS server provided by Telmex was corrupt. (Just an educated guess)

Thanks for the help !


----------



## michmex (Jul 15, 2012)

Gatos said:


> I'd appreciate a little help.
> 
> I was tinkering with my router/vpn earlier today trying to tweak out some better performance. I downloaded my VPN provider's desktop app and found that it actually doubled the performance I was getting off my Cisco E4500 router. Then I uninstalled the app and all of a sudden I can no longer get to my VPN provider's website. I've tried from two different laptops and two different routers. If I force a hard-wired IP address into the router's VPN config I can get a virtual IP but the DNS resolution still does not work.
> 
> ...


No luck with your site. I have also been experiencing issues with various websites today. Most likely the issues have been caused by the massive distributed denial-of-service attack on Dynamic Network Services Inc., known as Dyn which started on the USA east coast about 7:10 AM and seems to be spreading spreading across the USA with some reports stating issues worldwide.

If you have the actual numeric IP address you may be able to go to your site as the issues seem to involve the name servers.


----------



## Gatos (Aug 16, 2016)

Thank you both.

@eastwind - your ISP is not Telmex ?? I think it is their DNS server (cache) which is hosed - and if I recall correctly that takes something like 24 hours to right itself ?

I can get to every other site on the internet except PIA (that I have tried). I guess the message is - don't mess with folks who can mess back... (There is a lesson).

Hope I am the only frustrated expat today. (until they try to use their rokus).

@michmex - yes I was fortunate to find a numeric IP address for a server in NJ. Guess I need to add that to my important info data for the future.


----------



## eastwind (Jun 18, 2016)

This tip is not for the faint of heart...

If you can get to your TCP/IP settings, you can mess with your DNS server addresses.

Windows seems to change how you get to those settings with every release. But on my win 8.1 laptop, if I open network & sharing center and click on "change adapter settings" in the left column, then I am at the path Control Panel\Network and Internet\Network Connections. If I right click on my adapter and choose properties I get a window that's been more or less then same since XP days. 

It has a list of things in a box, with check marks by each one. The list starts off with "Client for Microsoft Networks", and has a bit further down "Internet Protocol Version 4 (TCP/IPv4). 

If you select that row, the Properties button becomes clickable. In that dialog is where you can configure whether to use your routers DHCP server or statically hardcode an IP address. Then below that you have a choice of obtaining a DNS server address from your ISP automatically or hardcoding an address.

The default is to obtain automatically. But what you can do if you like is figure out what your ISP's DNS server address is and hardcode that, then add an alternative DNS server address as a backup. This will give you two chances to resolve addresses at no performance cost as long as your IPS's DNS server is working and resolving all your addresses. If it goes down, the each resolution will take longer as it has to fail on the first server before trying the second, but that's better than not working at all.

Doing this, however is baking in a problem for yourself for the future. Because someday your ISP will decide to change their DNS server's IP address. Since they assume everyone is on automatic, they think they can just do this out of the blue. From then on, you'll be failing over to the secondary on every DNS lookup, until that one has a bad day, at which point you'll get total failures, which will clue you to go in and update the first hardcoded address. 

I think this is only worth it if your ISP's DNS server is more flaky than usual. When I was working our work network had it's own DNS server that would go on the blink about once every 2 weeks, and I made use of this technique to work around it.

Or, you might decide to ditch your ISP's DNS server entirely, and just rely on a couple public ones. 
Here's a web page with a list of them. The page claims you get faster web page loads this way, but YMMV since it's in comparison to your ISP's DNS server, which is going to be closer to you.

https://theos.in/windows-xp/free-fast-public-dns-server-list/

I think when I was doing this at work we used 4.2.2.6 as our backup. We couldn't completely ditch the work DNS server because only it could resolve work-network names behind the our firewall.


----------



## Gatos (Aug 16, 2016)

Yes - at one point I tried to use Google's DNS (8.8.8.8) - no love.

Then I did a google search on 'popular dsn servers' and came up with an entry for OpenDNS which DID work for me.

I think this is a glimpse into the future.... Guess its good I am an old fart


----------



## eastwind (Jun 18, 2016)

I am renting, and my apartment manager had an existing contract for CATV/internet/VOIP in the apartment owner's name that I just have to pay. It's with a company called iZZi. At first it sounded like a *really* good deal, 384 pesos for basic cable, internet & voip, but the deal seems to have changed and now it's 550, still a bargain vs NoB. But they don't seem to have an option for an improved TV package that includes english language stations, so I don't have any english-language TV news or sports 

When I went to look up what my DNS server address was, I realized that my router (netgear nighthawk ac1900) was running its own shadow DNS server, so I had to get into my router to find out the real address. It's 200.79.231.6 - ns2cun.cablemas.net.mx

I suppose izzi is just leasing the cable (and the TV content) from cablemas, based on the DNS server being cablemas, and creating a triple-play by adding their own internet and VOIP (probably they're leasing that hardware from telmex or something). But here I'm applying NoB business model assumptions, so I'm probably way off.


----------



## Gatos (Aug 16, 2016)

@eastwind

IZZI has fiber cable running near our neighborhood but here all utilities are in the ground and we are not sure there is enough room left in the conduit. We had fiber when we first came to Mexico and it was very nice.

Our Sky satellite gives us CNN and Fox News as well as a couple Sports channels in English. I have a cheap Roku device which provides many sources for US (and other) News channels and ESPN (for college football).

This morning our VPN is back to normal. They wrote back to say they are taking steps to prevent the same problem from happening in the future. I read elsewhere that yesterday's attack on Dyn Inc involved hundred of thousands of IP enabled cameras, baby monitors etc.


----------



## eastwind (Jun 18, 2016)

I think Roku sounds like what the izzi tech said I should get if I wanted US TV channels. I couldn't catch the name, because I'd never heard of it before he said it. I'll definitely look into that.

Thanks for the info.


----------



## Gatos (Aug 16, 2016)

eastwind said:


> I think Roku sounds like what the izzi tech said I should get if I wanted US TV channels. I couldn't catch the name, because I'd never heard of it before he said it. I'll definitely look into that.
> 
> Thanks for the info.


Amazon has a Roku Stick for less than $50USD and if you spend $65USD they will ship for free to Mexico. You'd probably have it for next weekend.


----------



## lagoloo (Apr 12, 2011)

In response re the ethical or legal questions re using a VPN to hide one's physical location, most uses are both honest and legal as far as I know.

When people sign up to use U.S. Netflix, they also agree to use it only where permitted, which does not include foreign countries such as Mexico. Obviously, using a VPN to do so violates such an agreement, but Netflix is addressing the issue very effectively by blocking the VPN's when they detect that the subscriber is using them to watch U.S. Netflix.
Most of the major ones have been axed already. Interesting article in news about it last week or so.......which I can't find again, or I'd pass it on.


----------



## Gatos (Aug 16, 2016)

@lagoloo

What you say is true - but I think the real issue is who owns the contents. Netflix US provides a lot of stuff other people own - so they are required to not distribute it where they have not agreed to. 

At the same time - CBS - which provides at least two different sources for contents - owns its contents itself. 

Personally - we have changed our viewing habits (which really only consisted of TV series) away from Netflix to CBS AllAccess. I may need to look into SlingTV if we run out of interesting things to watch.

Edit : Or add the premium channels to our Sky subscription...


----------



## TundraGreen (Jul 15, 2010)

lagoloo said:


> In response re the ethical or legal questions re using a VPN to hide one's physical location, most uses are both honest and legal as far as I know.
> 
> When people sign up to use U.S. Netflix, they also agree to use it only where permitted, which does not include foreign countries such as Mexico. Obviously, using a VPN to do so violates such an agreement, but Netflix is addressing the issue very effectively by blocking the VPN's when they detect that the subscriber is using them to watch U.S. Netflix.
> Most of the major ones have been axed already. Interesting article in news about it last week or so.......which I can't find again, or I'd pass it on.


Just to clarify, if you have a Netflix account in any country, you can use it in every country. But, legally, you can only watch the selection available for where you are located. I have used my Netflix account in Mexico (where I pay in pesos every month). I have used it in the US, Germany, and a few other countries. When I am in Germany, the movies all are available with German subtitles, in Mexico with Spanish subtitles, and the selection is different. It depends on which movies/TV shows that Netflix has licensing rights to and that varies by country.


----------



## Meritorious-MasoMenos (Apr 17, 2014)

About two years old, CEO of Netflix said publicly they actively would never block VPN use, then started to vigorously about six months ago.
I used to love going to Netflix sites around the world. You'd get such an array of different movies and TV series, especially the British vs the U.S.
My VPN comes up with continual workarounds to allow access to U.S. netflix, which of course has the greatest the of offerings of any netflix site.
The local netflix is still useful, often carrying movies and shows U.S. netflix dropped. I imagine they have work arounds for other major countries but haven't prompted them. What a wonderful concept netflix is, especially inventing binge watching.
Alas, until a year ago, I was able to watch all BBC channels live via VPN. What a wonderful resource, five or six different channels. They started blocking, and I haven't investigated whether my service has workarounds.
VPNs are still useful for watching a lot of videos from U.S. digital newspapers. NBC also puts a lot of its programing online free, but only to U.S. web addresses. This is different from the many stations that require your U.S. cable information.
Trying to get into a pay site without paying is one thing, but being blocked by government regulations is completely different.


----------

