VPN best practices?

[jimg]

We are hosting a robot competition, streaming live from a high school. The high school seems to block YouTube (but, oddly shows a minimal amount of text). I seem to be able to VPN (KeepSolid VPN Unlimited) without issue. When I 'connect' to broadcast, it senses the broadcast (lists it in OBS) just fine. However, when I try to connect, then need to "Go Live" it fails to find the server. I've bound to every option in OBS's selection of network-bindings to see if that's it. Wasn't.

Only when I connected through mobile data did it fully work.

Does anyone have best practice recommendations for VPN'ing with OBS live?

 

[shansmi]

I have never really used a VPN with OBS but VPNs are a different story. By any chance have you connected to the VPN and tried to ping the server? Do you have the VPN setup to use the VPN gateway as the default gateway or are you using the local network as the default gateway? One requires some static routes and the other does not.

 

[Lawrence_SoCal]

Are you using a SSL VPN client, or an IPSec one? Sounds like a SSL based one, which has all kinds of limitations.
The stream will use its own connection, so you need to make sure that connection is re-routed via the VPN connection. How one does that is VPN client dependent (I've never used KeepSolid, so I can't help there)

 

[shansmi]

Are you using a SSL VPN client, or an IPSec one? Sounds like a SSL based one, which has all kinds of limitations.
The stream will use its own connection, so you need to make sure that connection is re-routed via the VPN connection. How one does that is VPN client dependent (I've never used KeepSolid, so I can't help there)

You can do all of that with static routes...

Route add <network_to_route> mask<mask> <next_hop>
example
Route add 192.168.1.0 mask 255.255.255.0 10.168.20.1
192.168.1.0 /24 (255.255.255.0) is the network I wish to route with an applied mask.
10.168.20.1 is the default gateway or IP of the VPN interface...
*** to add static routes you will need an elevated prompt ***

to see the routing table before an after "route print"

 

[Lawrence_SoCal]

You can do all of that with static routes...

Oh, I know.. but with how targets can change, and asking regular users to go to command line... I figure I'd start with native UI approach first ;^)

 

[shansmi]

I would think this is standard stuff. How do the endpoints change? I only see datafill in OBS for one streaming endpoint. I guess once you choose a service and sign in with an account, the actual endpoint can change as "things happen" in the network. No real way to predict the next endpoint unless they are all on the same subnet. You could then add a route for the entire subnet but they would have to give users that list. Not real sure the service providers for "free" services would ever really care but if the service is paid they will care since that affects revenue. Maybe I will play around with YT streaming a bit.

 

[shansmi]

hahaha... there is always a way to trick the system. This being a VPN you do not actually have to be there to get this working. It will take a little time but it will be working. Worth a try at least. The VPN should be a network adapter. Pull those up and and right click on the VPN adapter then select properties. Look through the list for IPv4 and select the Properties radio button. Look through the options there for anything that says something like "use default gateway on remote network". Now some VPN clients do this in this area while other like Cisco do it in their application settings with a check box that reads "allow local LAN access when using VPN". If these features are in use ALL traffic goes over the remote network once connected to the VPN. If not checked or in use one must add static routes to point the traffic towards the VPN. I described how to do that earlier. Find out which one you are doing...

Now to trick the system turn off the remote default gateway as I described above. From a powershell window ping your streaming services server. This will create a local DNS record. Now run this command from powershell "get-dnsclientcache" to see the local DNS cache. Look through the list and find the domain and IP info for your streaming service.

This is just an example of 1 entry. In this case some ASUS Message Service:
messageapi.asus.com messageapi.asus.com A Success Answer 10710 4 103.10.5.73


Pull up a power shell prompt after connecting to the VPN. Do "ipconfig". look through that list for the VPN connection. Depending on VPN setup there could be a remote default gateway even if you allow local LAN traffic (Cisco) while others have the same IP for assigned and gateway (native Windows L2TP VPN). Once you find the ip info for your VPN, note the default gateway for that connection.


And now for the trick part... add a wide static route so all server rotations are captured. I am making an assumption that all their IPs are in the same range...not one server on 47.x.x.x and another server on 52.y.y.y.

103.10.5.73 is the IP in the example DNS record above. Now from an elevated powershell prompt, add the route.

route add 103.0.0.0 mask 255.0.0.0 <Default_gateway_IP_from_VPN>

This is a wide open class A static route sending ALL 103.x.x.x traffic over the VPN. If not blocked by some other means, this should do the trick.

and no worries, the route gets deleted once you disconnect from the VPN.