What's new

Asuswrt-Merlin Netflix through VPN settings

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Rickyrsx

Occasional Visitor
I'm wondering if there is some setting that I need to change so that Netflix works. I'm running VPN.ac on my router with 380.68 firmware. I'm using OpenDNS servers and my VPN server is in Toronto. I made a policy so that AppleTV goes through WAN but I like to watch Netflix on my phone/tablet as well. Of course, Netflix does not work on my phone when I run it straight on WiFi but the interesting thing is that if I run the VPN.ac app on my phone (on top of the wifi, which is going through the VPN as well), I can access Netflix. Weird isn't it? I choose the Toronto server on my phone as well. Is there some setting I can change so that I can access Netflix on my phone without running the VPN app on my phone simultaneously? I hope I explained myself clear enough. Thanks guys.
 
Did you look at @yorgi vpn client setup guide in the vpn forum?

I suggest you set up static IP for your clients. Then use Policy Rules to determine which clients go thru the VPN vs the WAN. You can go to a site like whatismyipaddress.com to verify you are connecting successfully to the VPN server.
 
Did you look at @yorgi vpn client setup guide in the vpn forum?

I suggest you set up static IP for your clients. Then use Policy Rules to determine which clients go thru the VPN vs the WAN. You can go to a site like whatismyipaddress.com to verify you are connecting successfully to the VPN server.

I just read through it, thanks for the reference to that guide. The problem is not the connection, I can get on the VPN. It's just that there's some setting with the Merlin firmware that is not allowing me to access Netflix directly through the router. It doesn't matter which device I use, laptop, tablet or phone, I get a connection error with Netflix. But the funny thing is, if I use the stock Asus firmware on my router, I can connect to the VPN and access Netflix, no problem. I use the same .ovpn file with both firmwares so I suspect there is some setting on the Merlin firmware that is causing Netflix to detect I'm using a VPN (?), just my guess. Here are screenshots of my setting with Merlin.
 

Attachments

  • Screen Shot 2017-09-05 at 9.10.52 AM.png
    Screen Shot 2017-09-05 at 9.10.52 AM.png
    325.4 KB · Views: 1,091
  • Screen Shot 2017-09-05 at 9.10.27 AM.png
    Screen Shot 2017-09-05 at 9.10.27 AM.png
    210 KB · Views: 1,344
I know NF blocks known VPN provider servers in USA. Not sure about Canada. I have a private IP address to get around the blocks. Are you getting the netflix proxy error when trying to watch a video?

Try the All Traffic setting and see if what happens. That will tell us if the issue with the policy rules.

I know that the setting Accept DNS Configuration = Strict will cause your DNS to leak. Setting it to exclusive usually will resolve it. But I have no choice to use strict with my setting when using Policy Rules. Otherwise, AB-Solution does not work and I want to block ads. Having DNS leak does not cause me issues for my use case. So far!

I found some different behavior when using Policy Rules vs. routing All Traffic thru the tunnel. I have had to set Accept DNS Configuration = Strict as mentioned above. I also have to add this entry in Custom Configuration:
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of your VPN provider'ss DNS Server 1)
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of your VPN provider'ss DNS Server 2)

Try these suggestions and post an update.

I am pinging @yorgi to see if he can spot something that may help you.
 
Last edited:
Thanks, I'll give it a try tomorrow. Kinda tired of fiddling with this the past few days. Right now, I'm just enjoying a "stable" connection with the stock firmware. BTW, my VPN provider told me to set Accept DNS Configuration to Strict but they also told me to use OpenDNS servers. I've tried OpenDNS, Google but I've decided to use Norton ConnectSafe DNS servers for now. Anyways, I'll try out your suggestion tomorrow, thanks again.
 
My VPN provider is TorGuard. They have their own DNS Servers.
 
My VPN provider said this: "It wasn't a firmware problem, but a DNS assignment problem. If the router wasn't using the VPN connection itself, as you were using the policy based routing (only certain IP to use the VPN), so the DNS requests weren't going through the VPN connection.
The solution recommended earlier (assign static DNS servers through DHCP instead of using the router's IP as DNS server in LAN) should have worked, too."

Similar to what you said about changing routing policy to All instead of using Routing Policies?

My VPN provider is TorGuard. They have their own DNS Servers.
 
I tried their solution so I put Norton ConnectSafe DNS on the LAN setup page and it so far it's working. I can get through to Netflix and I my VoIP phone is stable too. I'll see how long this holds up.
 

Attachments

  • Screen Shot 2017-09-06 at 7.05.45 PM.png
    Screen Shot 2017-09-06 at 7.05.45 PM.png
    17.5 KB · Views: 792
I tried their solution so I put Norton ConnectSafe DNS on the LAN setup page and it so far it's working. I can get through to Netflix and I my VoIP phone is stable too. I'll see how long this holds up.
Good news!
I have a how to set up guide for TorGuard here (I need to update it! Ouch)

 
Can anyone use TorGuard servers? What is the advantage of using theirs over OpenDNS?
 
Can anyone use TorGuard servers? What is the advantage of using theirs over OpenDNS?
They are public and anyone can use them. They support DNSSEC and support against malware.

OpenDNS has advantages with the extra services they offer, such as web filtering.

I use the OpenDNS web filtering service on the routers at a children's home and school I support as a volunteer. But for my home routers, I use TorGuard's DNS Servers.
 
They are public and anyone can use them. They support DNSSEC and support against malware.

OpenDNS has advantages with the extra services they offer, such as web filtering.

I use the OpenDNS web filtering service on the routers at a children's home and school I support as a volunteer. But for my home routers, I use TorGuard's DNS Servers.

I want the web filtering with OpenDNS but I can't get it to work with the VPN. Are you using these under WAN DNS Setting?
  • 208.67.222.123
  • 208.67.220.123
I tried them but my VPN wouldn't connect. Also, I thought I was getting web filtering by using Norton ConnectSafe DNS servers on the VPN but I was wrong. It blocked the adult sites the first time but it would allow it through the second time.
 
Could it be the rule 192.168.1.1/24 that cause the problem ? Every device including the router will use the vpn tunnel and dns.

Using opendns and vpn will create dns leak but might be possible with dnsfilter.
 
Could it be the rule 192.168.1.1/24 that cause the problem ? Every device including the router will use the vpn tunnel and dns.

Using opendns and vpn will create dns leak but might be possible with dnsfilter.
I turned off the policy rule and set All to go through VPN now but adult sites are still not blocked. I read somewhere that it's not possible to filter those sites on a VPN. Is that true?
 
You could set all to VPN, ignore VPN client DNS, and then use OpenDNS. This will be a leak in the sense that DNS will be outside the VPN. You could use dnscrypt to encrypt the DNS traffic to OpenDNS, but this isn't a replacement for a VPN, as whilethe dns requests would be encrypted, they would still be traceable to you.

I'm not 100% sure on this however. Setting your own DNS but redirecting all traffic may still send it over the tunnel. Someone with more knowhow will be able to confirm/correct me!
 
I want the web filtering with OpenDNS but I can't get it to work with the VPN. Are you using these under WAN DNS Setting?
  • 208.67.222.123
  • 208.67.220.123
I tried them but my VPN wouldn't connect. Also, I thought I was getting web filtering by using Norton ConnectSafe DNS servers on the VPN but I was wrong. It blocked the adult sites the first time but it would allow it through the second time.
The OpenDNS nameservers I use are 208.67.222.222 and 208.67.220.220. Could be you have different ones assigned to you based on your geo location?

Did you put this entry in the Custom Configuration section of the VPN Client? That may force the VPN traffic to use the OpenDNS servers:
Code:
dhcp-option DNS 208.67.222.222
dhcp-option DNS 208.67.220.220

I don't use OpenVPN client on the two routers I support that utilize OpenDNS web content filtering. So, I can test on my end.
 
Last edited:
The OpenDNS nameservers I use are 208.67.222.222 and 208.67.220.220. Could be you have different ones assigned to you based on your geo location?

Did you put this entry in the Custom C
  • 208.67.222.123
  • 208.67.220.123
onfiguration section of

.

Those IP addresses are for OpenDNS Standard; the ones Rickyrsx quoted (208.67.222.123 and 208.67.220.123)
are for OpenDNS FamilyShield:
"a new service called FamilyShield and it’s the absolute simplest and most straightforward way for parents to protect kids from the bad stuff online. "
 
Last edited:
I turned off the policy rule and set All to go through VPN now but adult sites are still not blocked. I read somewhere that it's not possible to filter those sites on a VPN. Is that true?

To set dns filtering while using vpn, you need to set accept dns configuration to disable in vpn client page. Then set opendns in wan page
It should work as you want but you will have dns leak. There is no point to use a vpn if you create leak with your config.

The way I setup mine is ...

policy rules for the computer using vpn. Accept dns configuration to exclusive so only this computer use vpn dns, so no filtering for this one. Other computers goes directly to wan and use wan dns which are opendns family.
 
I turned off the policy rule and set All to go through VPN now but adult sites are still not blocked. I read somewhere that it's not possible to filter those sites on a VPN. Is that true?
You could try parent control built in the router
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top