PS3Blog.co.za

Access USA PSN Video Store From EU Playstation 3

Posted on 21. Jul, 2008 by Reckless in News, PSN Network

I was under the impression I could just use my Entropay account and download  movies on the new video store to my hearts content, man was I wrong! Turns out the Sony uses your Ps3′s IP addy to see if you actually reside in the US. (That’s a bugger)

So I did a little digging round on good old Google.com and happend to come across Vgwatchdog.com, who confirms that it is indeed possible to download and buy movies from the USA playstation Video Store.

From what I can gather he’s using a VPN with US based ip address which is something the South African Xbox users do? I think? Well anyway to cut a loooong story short even tho Im kind of tecnically minded this is something I’ve never tried… For me its a case of why go to all the trouble when you can download the movies for free on the net?

Now if your determined and have some time on your hands Vgwatchdog.com details on how to get this going, good luck and if anyone gets this right drop us a comment.

 

This is quite a compicated process and one that isnt for the average computer user. Setting it up looks more complicated than it really is tho.  The hardest part here is having a host in the USA to be the “fake ps3 ip”.  You can use a hosting company that allows you full access to the machine and the kernel (if it is a linux host).  I can tell im starting to loose you already…sorry.

Here is a diagram to show you basically what is happening

As you can see normal internet traffic goes over the black line.  VPN once up goes over the purple line (via the black line) and finally all ps3 traffic goes over the red line.

Dont let the picture scare you.

The Technical Details:

Whats needed:
1 USA host capable of using OpenVPN and the TAP interface.
1 NON User client capable of OpenVPN and the TAP interface.
OpenSSL for making and signing certificates and becoming a CA.
The ability to configure NAT. I use iptables in this example.

My example is based on using Linux servers. This will also work for a Windows environment but I dont know what tools you would use in place of iptables.

The Server Configuration :

mkdir -p /etc/openvpn/gateway # you can replace gateway with whatever directory name you want to use.
cd # go back to your root home directory
# easy-rsa is available under /usr/share/openvpn/easy-rsa
vi /etc/conf.d/local.start # to add echo 1 > /proc/sys/net/ipv4/ip_forward

Windows XP Client

Install openvpn-2.0-install.exe
Install OpenVPN GUI [optional]

Configuration

OpenVPN server configuration file (/etc/openvpn/gateway/local.conf)

Code:
port 1194
dev tap
tls-server
cd /etc/openvpn/gateway
ca ca.crt
cert gateway.crt
key gateway.key
dh dh1024.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 10.22.8.1 255.255.255.0
ifconfig-pool 10.22.8.10 10.22.8.15 255.255.255.0
push “route-gateway 10.22.8.1″
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push “ping 10″
push “ping-restart 60″
push “route 10.22.8.0 255.255.255.0 10.22.8.1″
comp-lzo
log-append /var/log/openvpn.log
verb 4

OpenVPN Linux client configuration (/etc/openvpn/client/local.conf)

vi /etc/conf.d/local.start # to add echo 1 > /proc/sys/net/ipv4/ip_forward

Windows XP Client

Install openvpn-2.0-install.exe
Install OpenVPN GUI [optional]
Copy local.conf to the correct folder.
Use the linux client local.conf below.

Linux Client

Code:

port 1194
dev tap
remote vpnserverpublicipaddress
float
tls-client
cd /etc/openvpn/client <—remove for windows
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
log-append /var/log/openvpn.log <–change path for windows
verb 4

Symbolic linked the configuration files for Linux (server/client)

Code:

cd /etc/openvpn
# foreach sub-directory, we create a symbolic link to the local.conf to the current directory since the new init script don’t scan for sub-directory
# anymore instead it looks for .conf files. With the sample environment defined above, we have:
ln -s gateway/local.conf gateway.conf

Now to create the SSL Certificates

For Setting up your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients you could follow http://openvpn.net/index.php/documentation/howto.html#pki

or here is how I did it.

Code:

openvpn –genkey –secret ta.key

Then I basically copy this file to server and all clients machines via secure channel.

To generate the server certificate and key file for /etc/openvpn/gateway.

Code:
cd ~easy-rsa

vi vars # update the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to appropriate value

. ./vars
./clean-all
./build-ca

On Windows:

vars
clean-all
build-ca

The final command (build-ca) will build the certificate authority (CA) certificate and key by invoking the interactive openssl command:

ai:easy-rsa # ./build-ca
Generating a 1024 bit RSA private key
…………++++++
………..++++++
writing new private key to ‘ca.key’
—–

Note that in the above sequence, most queried parameters were defaulted to the values set in the vars or vars.bat files. The only parameter which must be explicitly entered is the Common Name.

Generate certificate & key for server

Next, we will generate a certificate and private key for the server. On Linux/BSD/Unix:

./build-key-server server

On Windows:

build-key-server server

As in the previous step, most parameters can be defaulted. Two other queries require positive responses, “Sign the certificate? [y/n]” and “1 out of 1 certificate requests certified, commit? [y/n]“.
Generate certificates & keys for 3 clients

Generating client certificates is very similar to the previous step. On Linux/BSD/Unix:

./build-key client

On Windows:

build-key client1

If you would like to password-protect your client keys, substitute the build-key-pass script.

copy the dh1024.pem
ca.*
ta.*
server.crt & server.key to /etc/openvpn/gateway
client.crt & client.key to your client in /etc/openvpn/client

To verify the server certificate is valid, you can use the following:

Code:
openssl verify -CAfile ca.crt -purpose sslserver gateway.crt

To verify the client certiciate(s) is(are) valid, you can use the following:
Code:
openssl verify -CAfile ca.crt -purpose sslclient client.crt

Once you have all the configuration file in place, do the following on the server or Linux client.
Code:
/etc/init.d/openvpn start

You should now be able to ping the remote endpoints 10.22.8.1 and 10.22.8.10….

So that was the hardest part really. Making the VPN work , now for the easy bit.

Routing PS3 traffic

What we want to do now is route all the traffic from the internal PS3 lan down the VPN and make the traffic go out to the USA PSN via the SERVER Internet access.

On the Linux client :-

echo “1″ > /proc/sys/net/ipv4/ip_forward # this allows routing over nics

iptables –table nat –append POSTROUTING –out-interface tap0 -j MASQUERADE
iptables –append FORWARD -s 172.16.0.2/24 -j ACCEPT
route add servervpninternetaddress netmask 255.255.255.255 your-internal-lan-ip-address
route del -net 0.0.0.0 gw your-internal-lan-ip-address
route add 0.0.0.0 gw 172.16.1.1

on the Linux Server :-

echo “1″ > /proc/sys/net/ipv4/ip_forward # this allows routing over nics

iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface tap0 -j ACCEPT

On the PS3

Change the network settings

ip address : 172.16.0.2

mask : 255.255.255.0

def gw : 172.16.0.1

nameserver : 158.43.240.4

I have had may questions on how to do this with a windows client. OK heres how :

If you can emulate the picture above then yes you can also do that in place of the Linux client shown in the examples above.
To enable TCP/IP forwarding in windows, follow these steps:
1. Start Registry Editor (Regedit.exe).
2. In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Set the following registry value:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value Data: 1

A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer.
4. Quit

So the registry change helps the pc to forward traffic for the ps3.

Now you bring up your Openvpn connection that you know works.

you will need to add a static route to the PC for the VPN connections end point (otherwise it will drop the VPN)

you will now need to add a new default route with the gateway being the ip address of the VPN adapter.

route add -net 0.0.0.0 gw “tap0ipaddress”

That will basically forward all traffic no detined to the VPN server over the actual VPN and thus acheiving what we are doing in the linux client.

The process of purchasing involves having a valid credit card / entropay / playstation card to be able to debit funds as needed.

You browse the store, select your content and purchase the item(s).
The content is activated as per any other PSN Game download/purchase.

Once the content is “downloading” you can play it as it downloads and also more importantly you can switch user (not american details with no PSN setup in this case) and watch the video.

I have also managed to move away from having the Virtual NIC alias 172.16.0.0 network for the ps3 and have left the ps3 as part of my normal network range. I substitute the iptables NAT rule for 172.16.0.0 to be my static ip of the ps3 and thus it only routes based on that ps3 ip address. All I have to do is change the default gateway on the ps3 to reflect what network gateway I want to use.

Tags: Playstation 3, PSN Video Store, UK, USA