How to stream the London 2012 Olympics

gistfile1.md

How to stream the London 2012 Olympics

There have been several HOWTOs posted regarding streaming the 2012 Olympics using HTTP / SOCKS proxies via SSH and other similar methods. None of these actually work using the latest Flash on Mountain Lion (with Firefox, Chrome or Safari). Additionally, the third-party streaming sites don't provide BBC's amazing interface, which lets you quickly skip to individual competitors and events. However, setting up an OpenVPN server does work, with some tweaks. You'll get the exact same UX that people in England receive.

• Get a Linode VM in the UK. The 512MB server for $20 works just fine. (If you want to use my referral link, go for it: http://bit.ly/OuzdVe)

• Follow the standard OpenVPN installation documentation. (Basically, 'apt-get install openvpn' or 'yum install openvpn' and then follow these docs: http://openvpn.net/index.php/open-source/documentation/howto.html). For an OS X client, I prefer Viscosity: http://www.thesparklabs.com/viscosity/ .

• Push the following routes from your OpenVPN server. These are all the IPs the BBC uses for streaming recorded and live Olympics games. You can put this inside your OpenVPN server.conf file:

push "route 212.58.224.0 255.255.128.0"
push "route 68.142.94.242 255.255.255.255"
push "route 68.142.94.239 255.255.255.255"
push "route 69.22.163.44 255.255.255.255"
push "route 77.72.118.168 255.255.255.255"
push "route 66.235.128.0 255.255.224.0"
push "route 23.32.0.0 255.224.0.0"
push "route 141.101.126.37 255.255.255.255"
push "route 80.239.224.0 255.255.255.128"

• Put these entries in your /etc/hosts file:

80.239.224.43 a974.w23.akamai.net bbchdsodsecure-f.akamaihd.net
23.63.98.9 open.bbci.co.uk open-bbci.bbc.net.uk open.bbci.co.uk.edgesuite.net a1638.g2.akamai.net
23.63.99.226 ichef.bbci.co.uk
77.72.118.168 sa.bbc.co.uk
23.62.53.67 static.bbci.co.uk

• Connect to your new VPN and go to http://www.bbc.co.uk/sport/olympics/2012/live-video . All done!

Is this still working?
I got everything set (apparently) right, and I tested that I can open the website from the linode box, but I get a timeout on my desktop.
I know that something changed, because before pushing the routes I would get a response from BBS saying that they don't stream to my area.
Thanks for the tip anyway!

Also, and this works for me in linux.

Go to unblock-us.com and sign up for their vpn.
change your DNS settings to their DNS server (208.122.23.22, 208.122.23.23)
Go to bbc.co.uk and watch olympics

Instead of wasting $20 on a Linode VPS, just spend $4.95 on Wonderproxy VPN https://wonderproxy.com/signup/vpn

Nevermind! It was the firewall who was blocking my connections. In case anyone needs help, Bebop's answer in this forum thread is all you need: http://forums.openvpn.net/topic7762.html
And if I didn't already have a linode server, I would definitely go for a cheaper VPN-only service. But since I do, the VPN is only added cost. :)

Works great. This way you don't have to send all your traffic through the VPN, only the requests that are used to geolocate you.

You can use the same method to bypass MLB.tv blackout restrictions.

Instead of a Linode box, I use a privatetunnel.com VPN (free starter available) and modify the .ovpn config:

route-nopull # (to avoid sending all traffic through)
route outbound-ip netmask # ex: route 8.8.8.8 255.255.255.0

I didn't have to do any of the DNS/hosts stuff.

However, I did have an issue playing back older events. It's possible that's done on different IPs.

which of these has highest bandwidth... I've only used linode for 1 day and I'm at 30% of my quota!

hagope, don't worry too much about the linode bandwidth quota, as it's prorated until the end of the month. This means that, assuming you got the 200GB linode yesterday, your bandwidth was limited to 25GB until the end of July. When August starts, you'll have the full 200GB. In other words, you used 30% of 3 days of bandwidth in one day.

Has anyone tried doing this without a VPN? Simply setup your Linode in Europe and SSH/Socks tunnel to it?

ssh -d <port> mylinodeserver.com

Then setup your browser/computer to proxy thru localhost:<port>

I get an error with the first route,

Sun Jul 29 17:27:01 2012 TUN/TAP device tun0 opened
Sun Jul 29 17:27:01 2012 TUN/TAP TX queue length set to 100
Sun Jul 29 17:27:01 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jul 29 17:27:01 2012 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sun Jul 29 17:27:01 2012 /sbin/route add -net 212.58.224.0 netmask 255.255.128.0 gw 10.8.0.5
route: netmask doesn't match route address
Usage: route [-nNvee] [-FC] [<AF>]           List kernel routing tables
       route [-v] [-FC] {add|del|flush} ...  Modify routing table for AF.

       route {-h|--help} [<AF>]              Detailed usage syntax for specified AF.
       route {-V|--version}                  Display version/author and exit.

        -v, --verbose            be verbose
        -n, --numeric            don't resolve names
        -e, --extend             display other/more information
        -F, --fib                display Forwarding Information Base (default)
        -C, --cache              display routing cache instead of FIB

  <AF>=Use '-A <af>' or '--<af>'; default: inet
  List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) 
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) 
    x25 (CCITT X.25) 
Sun Jul 29 17:27:01 2012 ERROR: Linux route add command failed: external program exited with error status: 4
Sun Jul 29 17:27:01 2012 /sbin/route add -net 68.142.94.242 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 68.142.94.239 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 69.22.163.44 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 77.72.118.168 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 66.235.128.0 netmask 255.255.224.0 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 23.32.0.0 netmask 255.224.0.0 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 141.101.126.37 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 80.239.224.0 netmask 255.255.255.128 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Sun Jul 29 17:27:01 2012 Initialization Sequence Completed

I think there are more blocks to route, as some streams were working and others were not. I did have good luck with routing everything via:

push "redirect-gateway def1"

Thanks Dan - this worked perfectly for me. I switched the routes from the server to the client. I also added a couple more routes:

route 212.58.224.0 255.255.128.0 vpn_gateway
route 68.142.94.242 255.255.255.255 vpn_gateway
route 68.142.94.239 255.255.255.255 vpn_gateway
route 69.22.163.44 255.255.255.255 vpn_gateway
route 77.72.118.168 255.255.255.255 vpn_gateway
route 66.235.128.0 255.255.224.0 vpn_gateway
route 23.32.0.0 255.224.0.0 vpn_gateway
route 141.101.126.37 255.255.255.255 vpn_gateway
route 80.239.224.0 255.255.255.128 vpn_gateway

route 87.248.209.0 255.255.224.0 vpn_gateway # iplayer/live
route 178.79.195.0 255.255.224.0 vpn_gateway # iplayer/live

Thanks!
--Josh

For what it's worth, I've played with 3 setups today and I think the OpenVPN is overkill.

SOCKS proxy via ssh -D is very quick:

ssh -D 2001 user@server_host <- run this then set SOCKS proxy to localhost:2001

Alternatively, tinyproxy is quick and easy to setup and then requires only changing your web proxy setting.

The only way I could get the VPN to be reliable was to route ALL traffic, and that's not exactly ideal.

My 2 cents.

Personally, I like the OpenVPN route because tomorrow, when I'm at work trying to catch up on a couple Olympic events, I won't be in a browser/proxy hell which will interfere with my development. OpenVPN can be pretty confusing though and the ssh SOCKS proxy is much easier and quicker to get rolling. You could even throw the dynamic route option into ~/.ssh/config or (got all out and) create a persistant ssh daemon to keep the dynamic proxy alive 24/7 with something like:

ssh -o ServerKeepAliveInterval 5 -o ServerAliveCountMax 2 -D 2001 -i /PATH-TO-SSH-PRIVATE-KEY -TNCv username@linodebox

Again, that's probably overkill as well :)

unblock-us.com is a much better alternative, since it doesn't force all your traffic through a potential bottleneck.

Does adding a -carcfour to the ssh improve performance?