You can’t always get what you want .. or can you?!

Posted on August 10, 2013 by RayF
disclaimer: this is a (technical) article to show how to get AppleTV access to the much better stocked US iTunes from anywhere outside of the US. The main purpose of this post to satisfy my curiosity on how stuff works and to help others understand. It is by no means an encouragement to break laws or to support/do piracy. I have a paid subscription to Netflix and others, always pay for your stuff!

That said, let’s get to it.

I am a US sports fanatic. Baseball, basketball, NASCAR, you name it, I love it. As I do not live in the US, I was fortunate that ESPN America was provided by my local cable company to quench my thirst. Emphasis on was. ESPN America has quit broadcasting to Europe (or as they prolly call it “everything outside US”)… Now what?!

Well, the AppleTV in the US does provide ESPN and also other goodies like Netflix. There are a few limitations:

  • You need an US iTunes account
  • You need to be in the US
  • You need an US subscription to ESPN, Netflix, etc

I will use a 2nd generation AppleTV purchased outside of the US and which is, of course, not jailbroken. Generation doesn’t matter, it will essentially work with any version.

Scoping and activities:

  1. Make it appear as if we’re in the US so obtain an US IP address. This requires the use of a VPN/proxy service.
  2. Make it network based (you do not want to go through a 15 minute “startup procedure” or “mess with computer-VPN-wifi-sharing” every time you want to watch a game to make it work. Point and click)
  3. Create an account in the US iTunes store without using an US creditcard
  4. Register an account and subscription to the service, say Netflix.

Networking
My network is probably totally different than yours so I assume you know what you’re doing.

By designing this solution to be networkbased it will make it instantly available to be used by my normal TV, iPad, AppleTV, etc by just changing the default gateway on those devices. Connectivity will be on-demand šŸ™‚

I will be using inexpensive hardware, a Mikrotik Routerboard 750GL (thx for the cool hardware tip NielsvB!) which is highly configurable and does the trick perfectly. It cost me around $45 shipped, your mileage may vary.

Here’s a simplified logical drawing of placement and connectivity.Ā The IP addresses listed here are fictitious and for illustration and reference purposes (replace where necessary)!

    • DSL/WAN IP address: 10.0.0.1
    • Internal LAN IP range: 172.16.232.1 /26
    • Internal LAN gateway: 172.16.232.33
    • Internal DNS servers: 172.16.232.4 + 172.16.232.5
    • Routerboard IP address (US gateway): 172.16.232.44
    • Clients allowed to access US gateway: 172.16.232.1 /26

VPN / proxy service
There are many free and paid VPN services you could use, so take your pick. As I require stability and performance for streaming my personal preference is the VPN service provider hidemyass.com … and seriously, you can’t beat the name šŸ™‚

Bottomline
So the trick is to have the AppleTV connect to the routerboard which will start a VPN tunnel to the VPN/proxy service and provide an exit point in the USA and connect to Netflix/ESPN/whatever to stream the content back to the AppleTV.

Automatically, on-demand and girlfriend-friendly. So let’s go…

1. Register with a VPN/Proxy provider

Like I said, I’ve created an account with hidemyass.com. Really for $6 bucks you can’t go wrong and I’ve found that the connection is stable and performs well for streaming content but you can pick another provider, free or paid.

  • Register an account/plan at hidemyass.com
  • Login in to hidemyass control panel
  • Click in the menu on the left on PPTP servers

The login details for a router based tunnel are different than the login details when using the HMA Pro software on a computer.

  • Locate your details on that page as shown in the picture below.

Lastly, the server list table shows all possible VPN exit points. Make sure you select an exit point which is in the USA. It is a bit trial and error to find the fastest one, I’ve selected one in New Jersey.

  • Make a note of the IP address of your choice (yes yes, I’ve cut off the actual IP addresses list for privacy… get your own šŸ˜‰ )

Now that you have the login details and an VPN/proxy exit point, let’s configure the routerboard.

2. Configuring the Mikrotik Routerboard 750GL

Basically you only want the AppleTV to connect through the VPN tunnel to the US and all your other devices to remain as-is exiting in your own country. This means that the routerboard will act as a 2nd gateway on your network.

  • Ā Plug a network cable into port #2 on the routerboard
  • Configure your laptop/desktop into the same subnet as the routerboard (e.g. give it an IP address of 192.168.88.10)
  • Open a browser and go to 192.168.88.1 which is the IP address of the web management interface of the routerboard (version WebFig v.5.23 at the time of writing)
  • The default username is admin , there is no password

First I’ll change the IP address of the routerboard to 172.16.232.44 which fits my network and will be used as the gateway address on the AppleTV.

  • Go to IP –> Addresses
  • Double-click on the default configuration and change it as shown in the screenshot

Once you click apply, you can change the IP address of your laptop/desktop back to normal and access the routerboard on it’s new IP address of 172.16.232.44

The basics: DHCP/DNS/Default gateway
As I already have an existing DHCP server, I will disable the one on the routerboard

  • Go to IP –> DHCP Server
  • Select the DHCP Server and click the D button at the beginning of the line (it wil turn into an E button and the line will be greyed-out)

Next is DNS. I run two DNS servers in my network 172.16.232.4 and 172.16.232.5 , you would probably enter the DNS servers from your Internet provider here.

  • Go to IP –> DNS
  • Click on STATIC
  • Click on ADD NEW

Ā 

 

Once you’ve added the static DNS servers, it should look like this:

  • Click CLOSE
  • On this page click the triangle next to servers
  • Add the IP addresses of both DNS servers here too

The routerboard itself also needs a default gateway to be able to connect to the Internet

  • Go to IP –> Routes
  • Click on ADD NEW
  • Put a tickmark at enabled
  • Enter the Dst.Address of 0.0.0.0/0
  • Enter the normal Gateway address of your network, in my case 172.16.232.33
  • Type is unicast
  • Click APPLY

The VPN/Proxy configuration
Now that the routerboard itself has connectivity, the next step is to configure the VPN/Proxy with the account info.

  • Go to PPP
  • Click on the ADD NEW button and select PPTP CLIENT

  • In the name field, give this connection a name (mine is HMA for HideMyAss)
  • Change the Max MTU to 1460
  • Change the Max MRU to 1460
  • In the connect to field, type the IP address of your VPN exit point (the one in the US). I don’t disclose my exit point hence the .x.x in the IP address
  • In the user and password field, type your login details from your VPN/Proxy provider
  • Put a tickmark at Dial On Demand
  • Put a tickmark at Add Default Route
  • Click on OK

If all went well, it should look something like this:

And yes, the connect to IP address is incorrect as stated in list above šŸ˜‰

We’re almost done…

Firewall, NAT, Mangle and routes configuration
The router board now needs to know who can access this VPN tunnel and how to handle this traffic.

  • Go to Firewall –> select the NAT tab
  • Click ADD NEW
  • Put a tickmark at Enabled
  • In the Chain field, select SRCNAT
  • In the Out.Interface field, select HMA (or the name you gave the connection previously)
  • Scroll all the way down and in the Action field, select MASQUERADE
  • Click OK

It should look like this:

The next step is to determine which device on your network is allowed to access the VPN tunnel. You can limit it to only the IP address of the AppleTV but in my case I’ll allow my entire internal LAN subnet. This is to allow the option of per-device settings.

On the routerboard this is done through the Mangle option.

  • Go to Firewall –> select the MANGLE tab
  • Click ADD NEW
  • Put a tickmark at Enabled
  • In theĀ ChainĀ field, select PREROUTING
  • In theĀ Src.AddressĀ field, type the subnet which is allowed to access the VPN tunnel. In my case 172.16.232.0/26
  • Scroll all the way down and in theĀ ActionĀ field, select MARK ROUTING
  • In the New Routing MarkĀ field, give this mangle a name (mine is HMA out for HideMyAss Outbound)
  • Put a tickmark at Passthrough
  • Click OK

The Mangle configuration should look like this:

The final step for configuring the routerboard is to add a route for all allowed devices towards the VPN tunnel. This will tie the previous steps together.

  • Go to IP –> Routes
  • Click ADD NEW
  • Put a tickmark at Enabled
  • In theĀ Dst.AddressĀ field, type 0.0.0.0/0
  • In theĀ GatewayĀ field, select the gateway you’ve created earlier. In my case, I select HMA
  • In theĀ Routing MarkĀ field, type 0.0.0.0/0, select the mangle you’ve created earlier. In my case, I select HMA Out
  • Click OK

AppleTV
Now every device on my network has the possibility to redirect its traffic to the exit point Ā in the US on-demand. Meaning the VPN tunnel will only be created and used if there is actual traffic that needs it.

In the network configuration settings page on the AppleTV change the gateway to the IP address of the routerboard, e.g. 172.16.232.44

Now you’re only two steps away from enjoying US AppleTV content!

1. Obtain an iTunes giftcard

This is really easy but for those of you who struggle .. click the following link

Just make sure you buy the iTunes giftcard FOR THE US ITUNES STORE (yes they are country specific!)

2. Register an account at the US iTunes Store

As I’ve allowed my entire LAN IP range to make use of the newly created VPN tunnel I can create my US AppleID. This is the culmination of our efforts, the home stretch, where the fat lady sings … oh well, you get it šŸ™‚

  • On your desktop, in the network settings temporarily change the gateway to the IP address of the routerboard
  • Open iTunes
  • Log yourself out of your current iTunes account
  • Scroll all the way down, in the bottom right corner you see a button with your country flag. Click on the button
  • Choose the country: United States
  • Click on the Sign In Button
  • Click on Create Apple ID
  • Go through the process until you reach the credit card screen
  • Select iTunes gift card and enter the number of the card you’ve just purchased
  • Finish the process
  • Don’t forget to change the gateway on your desktop back the way it was.

You’re now the owner of a spiffy new US Apple ID. Go to your AppleTV and sign in with the new ID to enjoy the new content.

Netflix
You can use your iTunes giftcard credits to pay for the monthly Netflix usage as well. I can only tell you it is worthwhile to do that. Not only do you get access to all the latest TV series but also all episodes of all seasons.

ESPN
Most importantly, to me anyways, I have ESPN back ..

This entry was posted in Technotes and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.