Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Mar 2016
    Location
    UK
    Posts
    34

    BBC iPlayer Plugins and VPN restrictions

    Hello

    A slight variation on past queries, so I hope the regular reader will forgive me ....

    Key questions is in bold at foot of this post for those who just want to get to the point (rest is just background)

    I am using LMS 7.9.1 - 1504317335 on a Synlology NAS with the following excellent plug-ins

    BBC iPlayer 1.6.4

    BBC iPlayer Extra 2.3.0

    Whilst I am located within the UK, in an attempt to improve my online privacy I have for a number of years routed all my outbound internet traffic via VPN's with no un-encrypted traffic allowed out via the normal WAN

    I did initially run into issues whereby I was unable to stream the high bit BBC radio streams, but this I overcame by configuring a separate VPN with a UK based IP outlet. This has worked successfully for a considerable period of time.

    More recently, whilst I am still able to stream "live" BBC High bit rate streams via the UK VPN outlet, I am running into problems when trying to play past BBC programs using the above plug-ins. Everything appears normal up to the stage when the program fails to actually play (error along lines of unable to open stream).

    However Its not entirely consistent as sometimes the Plugins will play past programs, other times not ľ who knows, it may be dependent from where the individual stream is being served.

    Viewing my Logitech Media Server Logs I am seeing (by way of example)

    Plugins::BBCiPlayer:ASH::__ANON__ (418) Closing stream - Fetch MPD error HTTP status = 403 Reason: Forbidden

    which I assume is because my UK VPN IP has been blacklisted by the provider.

    I am unaware of a reliable way around this issue (unless anyone knows otherwise?) and I don't want to play "wack a mole" playing around with different VPN's.

    As I am actually domiciled within the UK I can configure rules on my firewall to allow internet access from the NAS via my "normal" WAN link.

    So far I have configured the an Outbound NAT Rule to allow the NAS only to access the WAN interface un-encrypted

    I have also created a rule on the firewall LAN Interface to route outbound HTTP (80) from my NAS via the WAN interface. All none port 80 traffic will continue to be routed via the VPN's

    With these rules in place using the above plugins BBC service play as expected

    I am however anxious to screw this outbound WAN access down as tightly as possible (not got the tin foil hat yet!)

    There are additional firewall rule configurations available eg

    (1) Source Port or Port Range (ie from NAS outbound)

    (2) Destination Address or Network (can be specific IP address or whole subnets)

    (3) Destination Port or Port Range (Currently restricted to just using destination HTTP 80)

    I was wondering if anyone knows if it is possible to identify the destination BBC servers/subnets used by the above plug-ins so i can further restrict the use of my WAN outside of the VPN link.

    As regards outbound ports from LMS I presume these will be random, so it will not be possible to restrict via option (1) above ?

    Thanks

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Location
    Ireland
    Posts
    16,993
    Quote Originally Posted by farrina View Post
    Plugins::BBCiPlayer:ASH::__ANON__ (418) Closing stream - Fetch MPD error HTTP status = 403 Reason: Forbidden

    which I assume is because my UK VPN IP has been blacklisted by the provider.

    I am unaware of a reliable way around this issue (unless anyone knows otherwise?) and I don't want to play "wack a mole" playing around with different VPN's.
    BBC uses two CDNs to deliver their services: Akamai and Limelight. The BBCiPlayer menu "normally" choose akamai. As a test you can try the "Listen Live alt CDN" to use the Limelight CDN. One user of NORD VPN found akamai delivered services blocked but Limelight wasn't.

    I can't offer any other advice on firewall setup as plugin use of http/https is standard (i.e. out on 80). Plugin uses additional connections for metadata. There are "common" names on the CDNs services URLs and the metadata but it can get messy as often they are redirected.

  3. #3
    Member
    Join Date
    Mar 2016
    Location
    UK
    Posts
    34
    Quote Originally Posted by bpa View Post
    BBC uses two CDNs to deliver their services: Akamai and Limelight. The BBCiPlayer menu "normally" choose akamai. As a test you can try the "Listen Live alt CDN" to use the Limelight CDN.
    Hello Bryan and thanks for your swift response to my query.

    Your reference to BBCiPlayer menu "normally" choosing Akamai - is this just for "live" streaming or all streaming (ie including listen again) ?

    My existing live streaming, presumably using Akamai, work fine over my GB VPN whereas listen again frequently does not, which suggests that either Akamai are discriminating between live and listen again feeds or that listen again is served from an alternative CDN.

    I was actually unaware of the "Listen Live alt CDN" option. Interestingly my "live" feeds fail when using my GB VPN and the alt CDN option (presumably Limelight),

    I am probably being over simplistic and failing to appreciate the complexities of the situation/code, but is there a comparable "switch" available for listen again programs ?

    I would also be interested to learn (only at a high level - I'm not a geek!) as to how your algorithms differ between "Listen Live" and "Listen Live - alt CDN" ie how you determine the appropriate connection/destination.

    Thanks

  4. #4
    Senior Member
    Join Date
    Oct 2005
    Location
    Ireland
    Posts
    16,993
    Quote Originally Posted by farrina View Post
    Your reference to BBCiPlayer menu "normally" choosing Akamai - is this just for "live" streaming or all streaming (ie including listen again) ?
    The main menu use akamai for Live and BBC chooses for Listen Again.

    My existing live streaming, presumably using Akamai, work fine over my GB VPN whereas listen again frequently does not, which suggests that either Akamai are discriminating between live and listen again feeds or that listen again is served from an alternative CDN.
    I would find that hard to believe (as if akamai is doing the blocking it would be applied to all services). More likely some LIsten Again are being handled by akamai and some by Limelight.

    I was actually unaware of the "Listen Live alt CDN" option. Interestingly my "live" feeds fail when using my GB VPN and the alt CDN option (presumably Limelight),
    The "alt CDN" menu provide an easy test for VPN blocking as sometime one works and not the other and maybe later vice versa.

    I am probably being over simplistic and failing to appreciate the complexities of the situation/code, but is there a comparable "switch" available for listen again programs ?
    No. IIRC it used to be possible in the plugin (choice in DASH MPD) but I think BBC now do load balancing at top level.

    I would also be interested to learn (only at a high level - I'm not a geek!) as to how your algorithms differ between "Listen Live" and "Listen Live - alt CDN" ie how you determine the appropriate connection/destination.
    The DASH MPD (equivalent to playlist ) holds the info on a program. With MPD DASH can offer different services and rate. The top level URL is a BBC one

    http://open.live.bbc.co.uk/mediaselector/6/redir/version/2.0/mediaset/audio-syndication-dash/proto/http/vpid/b047w54l

    But when a "GET " is done, request is directed to a Akamai or Limelight service - so choice is done by BBC. Plugin just uses the redirected URL which have been provided to it.
    https://aod-dash-ww-live.akamaized.net/usp/auth/vod/piff_abr_full_audio/687b47-b047w54l/vf_b047w54l_bbbc235d-fb6a-4117-b813-faea145d7fc3.ism/pc_hd_abr_v2_nonuk_dash_master.mpd
    https://aod-dash-ww-live.bbcfmt.hs.llnwd.net/usp/auth/vod/piff_abr_full_audio/fd4c5c-m00046q1/vf_m00046q1_b1e24314-51ce-42bb-8b63-baa404653b5d.ism/dash/vf_m00046q1_b1e24314-51ce-42bb-8b63-baa404653b5d-audio_eng_1=96000.dash

    CDN is llnw vs akamaized in url (above URLs nto a great example but only ones I had on hand).

    For live streams the plugin is in control - service provider and region are part of the URL (i.e. ak vs llnw and uk vs nonuk) and speed (i.e. dash_low, dash_full)
    You can compared UK vs non UK MPD by downloag the MPD fdor Radio 1
    http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/nonuk/dash_low/ak/bbc_radio_one.mpd
    http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/ak/bbc_radio_one.mpd
    http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/uk/dash_full/llnw/bbc_radio_one.mpd
    http://a.files.bbci.co.uk/media/live/manifesto/audio/simulcast/dash/nonuk/dash_low/llnw/bbc_radio_one.mpd
    Last edited by bpa; 2019-04-15 at 06:03.

  5. #5
    Member
    Join Date
    Mar 2016
    Location
    UK
    Posts
    34
    Thanks for the swift and full response to my queries.

    As ever, your longstanding efforts in maintaining and enhancing these plugins is much appreciated - if they ever ceased working it would be quite a blow as they are in constant use.

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •