Roku Netflix problem on Merlin Firmware

[Tekneek]

If it were the firmware - it would exhibit symptoms itself. Factory works fine according to OP.

Ask yourself that question - he didn't change the Roku firmware

I have no doubt there is something in there that is the problem but, if the firmware were BAD, why would it not be BAD for everyone? My point is there is something specific to a few use cases that appears to be a problem. Same hardware devices in other environments are not presenting the same problems. The lack of specific information regarding what causes this error (which servers/ports it cannot communicate with), doesn't make it any easier to troubleshoot.

And maybe you're talking about Roku firmware, while I am talking about the router firmware. He did change the router firmware. There is no way to rollback Roku firmware.

 

[bootweed]

I've experienced a related problem: Newer versions of Merlin/Asuswrt for AC3200 has "inherited" a problem from Asuswrt. It will only allow 10 devices simultaneously. See discussion: https://www.snbforums.com/threads/c...after-upgrading-ac3200-to-merlin-384-5.47159/
I had do downgrade to Merlin version 384.3, where there is no limit on number of devices.

 

[Tekneek]

I've experienced a related problem: Newer versions of Merlin/Asuswrt for AC3200 has "inherited" a problem from Asuswrt. It will only allow 10 devices simultaneously. See discussion: /https://www.snbforums.com/threads/roku-netflix-problem-on-merlin-firmware.48086/
I had do downgrade to Merlin version 384.3, where there is no limit on number of devices.

I had this problem with 384.5, but not 384.6.

 

[SawKyrom]

I'm late to this forum topic, but if Tom P had any success with this issue, I would be grateful for an update. I'm very confident that my problem is related to the original post and maybe the similarities can help resolve this issue.

I too am having Netflix connectivity issues and have gone down the same useless NF/ISP technical support road that Tom P has, except I'm using an AFTV with Asus Merlin 384.8.2 on AC86U router. Much like Tom, I'm NOT using a VPN tunnel and have isolated the issue to the router and this one particular device (AFTV 1st gen). I have other peripheral on this network that stream NF without issue, including a 2nd generation AFTV. When I connect to Netflix, I only intermittently get a stream (1/10) on this one device and it appears to be content specific (i.e. documentary's play more frequent that movies). The connection type (ethernet vs wireless) has no bearing on the results. If I connect to the ISP stock wireless router, the device works flawlessly. I suspect it's a firewall or DNS routing issue.

Hopefully someone can shed some light on this problem.

 

[unclebuk]

I'm late to this forum topic, but if Tom P had any success with this issue, I would be grateful for an update. I'm very confident that my problem is related to the original post and maybe the similarities can help resolve this issue.

I too am having Netflix connectivity issues and have gone down the same useless NF/ISP technical support road that Tom P has, except I'm using an AFTV with Asus Merlin 384.8.2 on AC86U router.

Hopefully someone can shed some light on this problem.

What is an AFTV?

 

[SawKyrom]

Amazon Fire TV. I'm going to flash my router and reinstall Merlin. I'll try to clear the NVRAM and JFFS. Maybe there was some odd policy stored in the router memory.

 

[Xentrk]

Amazon Fire TV. I'm going to flash my router and reinstall Merlin. I'll try to clear the NVRAM and JFFS. Maybe there was some odd policy stored in the router memory.

AFTV has hard coded google DNS 8.8.8.8 and 8.8.4.4. I am currently fighting my Amazon Echo on my pfSense and got it working for awhile by selecting Advanced Settings and manually entering the router loop back address 127.0.0.1 for DNS1 and the router IP address e.g. 192.168.1.1 as DNS2. But it dropped again and am about ready to take a hammer to it as I can not seem to get it to stick. This is on my pfSense appliance and I have rules to redirect all DNS requests to unbound DNS revolver. I have no issues getting it to connect on the Asus Merlin router though.

http://www.aftvnews.com/how-to-manu...server-on-an-amazon-fire-tv-or-fire-tv-stick/

 

[Xentrk]

The other trick that worked for me and others on some forums I read is to connect the device to another WiFi network if you have one available. Or take it to a friends house and connect it there. Then, try to connect it back to your home network. This worked for me when my Echo refused to connect to my pfSense network. I connected it to my Asus router and it connected fine. I was then able to connect it to the pfSense router with no issues.

 

[SawKyrom]

Amazon Fire TV. I'm going to flash my router and reinstall Merlin. I'll try to clear the NVRAM and JFFS. Maybe there was some odd policy stored in the router memory.

Good news! Reverting back to stock firmware by selecting Factory Default in the Systems page appears to have fixed the problem. I then tried to clear the NVRAM on my ASUS AC86U by unplugging the router and holding the WPS button for 30 seconds as described in other forums. When the router rebooted, it was displaying the stock firmware. After the initial setup and reboot, I logged into the router to discover that the Merlin Firmware 384.8_2 was still loaded with previously assigned manual DHCP IP addresses in memory as static(???). The only change was that all the settings were back to stock. I systematically added features (i.e. Ai Network protection, VPN tunnel for PCs, etc.) and checked after every single change for NF connectivity issues. So far, everything is working.

I recall adding some routing policies a long time ago in JFFS when I was trying to selectively route NF traffic through WAN vs the established VPN to avoid connectivity issues when using a VPN with Netflix IP addresses. I wonder if the reset to Factor Default cleared this memory. I know that the issue was specific to the MAC address of this device and that the intermittent connectivity issues were media selection specific (possibly different NF IP source that was not covered in the old routing policy). When I logged the NF IP connection addresses, only a certain range of addresses would be established, whereas most would show TIME_OUT. Again and just to clarify, I was not routing any traffic on this device through the VPN client established in Merlin at the time of these issues. I also wonder if previous DNS changes were stored in memory and would not revert back to the default settings despite making the changes. A routine router reboot did not fix this issue. Maybe someone with advance networking skills can shed some light on how to clear routing polices in JFFS and why the DHCP manual addresses were retained on the ASUS AC86? Whatever the case, the steps above appear to have resolved the problem at this moment.

Hopefully this will help someone with similar Netflix issues on other peripheral devices while using ASUS Merlin.

 

[SawKyrom]

The other trick that worked for me and others on some forums I read is to connect the device to another WiFi network if you have one available. Or take it to a friends house and connect it there. Then, try to connect it back to your home network. This worked for me when my Echo refused to connect to my pfSense network. I connected it to my Asus router and it connected fine. I was then able to connect it to the pfSense router with no issues.

@Xentrk, Good suggestion and thanks for the advice. I did connect the AFTV to the stock ISP wireless router without any NF issues. This is how I determined it must be a router issue vs the AFTV device. I then attempted to reestablish NF connectivity on my wired and wireless network, but unfortunately it did not resolve the problem. NF would load, but once a certain program was selected, it would fail to play the media. See my previous reply for status update. Thanks again.

 

[Tekneek]

The best way to handle these hardcoded DNS instances, in my experience, is redirecting that IPv4 traffic, using iptables at the router. The device has no idea it isn't actually talking to Google/whatever. Dropping/rejecting those connection attempts makes them freak out.

 

[SawKyrom]

AFTV has hard coded google DNS 8.8.8.8 and 8.8.4.4. I am currently fighting my Amazon Echo on my pfSense and got it working for awhile by selecting Advanced Settings and manually entering the router loop back address 127.0.0.1 for DNS1 and the router IP address e.g. 192.168.1.1 as DNS2. But it dropped again and am about ready to take a hammer to it as I can not seem to get it to stick. This is on my pfSense appliance and I have rules to redirect all DNS requests to unbound DNS revolver. I have no issues getting it to connect on the Asus Merlin router though.

http://www.aftvnews.com/how-to-manu...server-on-an-amazon-fire-tv-or-fire-tv-stick/

I too was about to take a hammer to the AFTV. If the issue recurs, I'll try your suggestion "manually entering the router loop back address 127.0.0.1 for DNS1 and the router IP address e.g. 192.168.1.1 as DNS2". Currently, the AFTV sees the ASUS router as the DNS, which passes through traffic request to the default ISP DNS (whatever ATT UVerse uses???). I have not manually changed it at this point, unlike prior to the Factory Reset where I was using google DNS.

 

[SawKyrom]

The best way to handle these hardcoded DNS instances, in my experience, is redirecting that IPv4 traffic, using iptables at the router. The device has no idea it isn't actually talking to Google/whatever. Dropping/rejecting those connection attempts makes them freak out.

I think that maybe what was causing the issue. I had previously establish iptables to direct a range of known NF IP addresses to WAN vs VPN since NF is know to block most VPN connections. Once I discovered it is impossible to capture all of NF's ever changing IP addresses, I abandoned trying to route any traffic on this device through VPN and changed the router policy to exclude this device on the VPN client. I wonder if retained iptables were causing the issue. I will have to research how to log/print current iptables on a router, although I may have cleared them with my Factory Reset. Also, it may be completely unrelated since I can't recall if the iptables policies I submitted were on this router or a previous ASUS66. Thanks again for the feedback.

 

[Xentrk]

I think that maybe what was causing the issue. I had previously establish iptables to direct a range of known NF IP addresses to WAN vs VPN since NF is know to block most VPN connections. Once I discovered it is impossible to capture all of NF's ever changing IP addresses, I abandoned trying to route any traffic on this device through VPN and changed the router policy to exclude this device on the VPN client. I wonder if retained iptables were causing the issue. I will have to research how to log/print current iptables on a router, although I may have cleared them with my Factory Reset. Also, it may be completely unrelated since I can't recall if the iptables policies I submitted were on this router or a previous ASUS66. Thanks again for the feedback.

Actually, the Netflix addresses are static from testing I have done. NF hosts on Amazon USA region servers and must also be included. My project will help you selectively route NF project to WAN or VPN tunnel. Please see
https://github.com/Xentrk/netflix-vpn-bypass.

For redirecting DNS, I post the iptables command on the README page of the Stubby Installer project
https://github.com/Xentrk/Stubby-Installer-Asuswrt-Merlin

 

[st3v3n]

Xentrk, Good to see new info on this thread, earlier posts date to last August. Hope to work with your info on our PfSense box. We've had recent issues with our AFTV devices and Amazon streaming in general. (Netflix and Amazon's Fire support has always been abysmal). We use TG's VPN which has always served us well, and our 2017 AFTV and last year's Fire stick once performed as well as our other devices running over the AC3200 then our AC86U. The AFTV became too balky a couple of months ago soI disconnected them, though the AFTV isn't to blame. What I've read lead me to believe it has more do with Amazon discouraging those using non-Fire FW and who don't allow the units to update. Our devices used original/updated FW and always routed over VPN, not the ISP's service.

Without straying too far, I talk with a high-level contact at the ISP's technical division every few months re streaming, data privacy and other issues. Regarding our own AFTV issues, he mentioned that they receive very few complaints regarding Netflix streaming, as NF provides their content servers, and they receive countless gripes from customers with AFTV or who stream Amazon video on other devices. The ISP always refers those customers to Amazon's support. The ISP was a cable company first, an ISP second and last year began providing phone service in some areas. They're hoping to make up losses from cord-cutters when the larger cable companies begin their own streaming content, competing directly with NF and Amazon. The fellow was less concerned with the upcoming roll-out of verifiable caller ID to ISP and phone customers, to halt robo-calls, as opposed to giving content providers more precise control and leverage over devices, much as they now enforce against VPNs. While it won't affect our streaming, it will have an impact on which devices are acceptable or authorized to receive tiers of content or speed, and huge problems for VPNs. Good luck to us all, Cheers.

 

[Xentrk]

Xentrk, Good to see new info on this thread, earlier posts date to last August. Hope to work with your info on our PfSense box. We've had recent issues with our AFTV devices and Amazon streaming in general. (Netflix and Amazon's Fire support has always been abysmal). We use TG's VPN which has always served us well, and our 2017 AFTV and last year's Fire stick once performed as well as our other devices running over the AC3200 then our AC86U. The AFTV became too balky a couple of months ago soI disconnected them, though the AFTV isn't to blame. What I've read lead me to believe it has more do with Amazon discouraging those using non-Fire FW and who don't allow the units to update. Our devices used original/updated FW and always routed over VPN, not the ISP's service.

Without straying too far, I talk with a high-level contact at the ISP's technical division every few months re streaming, data privacy and other issues. Regarding our own AFTV issues, he mentioned that they receive very few complaints regarding Netflix streaming, as NF provides their content servers, and they receive countless gripes from customers with AFTV or who stream Amazon video on other devices. The ISP always refers those customers to Amazon's support. The ISP was a cable company first, an ISP second and last year began providing phone service in some areas. They're hoping to make up losses from cord-cutters when the larger cable companies begin their own streaming content, competing directly with NF and Amazon. The fellow was less concerned with the upcoming roll-out of verifiable caller ID to ISP and phone customers, to halt robo-calls, as opposed to giving content providers more precise control and leverage over devices, much as they now enforce against VPNs. While it won't affect our streaming, it will have an impact on which devices are acceptable or authorized to receive tiers of content or speed, and huge problems for VPNs. Good luck to us all, Cheers.

I've got a mix of AFTV devices in the family circle I support and my computer club members. The only issue I and one other club member experienced was getting a title unavailable message for a few days off and on. Reloading the app appeared to help. I found the AFTV is notorious caching previous watched content which can be an issue if you turn off. When coming back to the channel, it wants to pick up where you left off. This can be good or bad depending on the situation. Let me know if your issues persist though.

If using a VPN, then there will be issues unless you use the VPN service we use, especially since Amazon Prime went down the same path as the other streaming services and now block known VPN servers. At first, the down side of the netflix by-pass script was it also sent Amazon Prime traffic to the interface. But that is actually a good thing not that they have joined the VPN block club.

 

[st3v3n]

Xentrk, yes. we're using the same htrsy VPN service you refer to. If the time comes they're no longer able to help us access our US NF/Amazon content, (though we're in the US), it might be time to reinvest in additional blue-rays, or the coming cable streaming competition may even be competitive for a time. The cable and telecom industries are still to be reckoned with. We briefly used a cable channel provider for local TV 20 years ago, and they were extremely invasive, with no regard for customer information/data privacy. The same is true for small dish providers. We were pleased the day we terminated those services and never looked back.

The Fire devices always seemed more quirky, more often than any other device we've run on the Asus routers, except for the Fire 10HD tablet we snagged last year; it's done a good job of streaming Amazon's prime video. We never recorded any content to AFTV for offline playback, the exception being Amazon Music/Unlimited offline on iPad and Fire tablet, which has been better for us that Apple ever was, especially since Amazon stopped restricting owners to only 4 devices. If they could do the same with their video and FW, to remain as user-friendly as it once was, would keep them relevant for a long time. We like their video content more than the direction NF has gone recently. All devices are powered down at night, so if any data was cached it's long gone by the next day's boot..

Only a couple of VPNs still claim they can provide OpenVPN work-arounds for our US service. What research I've performed indicates questionable ownership problems and that both services are far less reliable than the current provider. It's always good to know someone who will vouch for a particular provider as you have done. We hope for the best for all of us going forward. Thanks and Cheers.

 

[SawKyrom]

Actually, the Netflix addresses are static from testing I have done. NF hosts on Amazon USA region servers and must also be included. My project will help you selectively route NF project to WAN or VPN tunnel. Please see
https://github.com/Xentrk/netflix-vpn-bypass.

@Xentrk, thank you for the links and project information. I will definitely incorporate this at a future date.

For redirecting DNS, I post the iptables command on the README page of the Stubby Installer project
https://github.com/Xentrk/Stubby-Installer-Asuswrt-Merlin

Again, thanks! Both excellent resources.

Update on the AFTV NF connectivity issue reported previously and similar to original Roku post: As you may recall, I had success restoring factory setting and then systematically added back the custom settings/functions. Well, last night I discovered a source (if not the source) of my issues. If the Firewall Keyword Filter is enabled with some choice pornographic terms, NF will fail to load certain programs. There is no clear connection between the movies/shows and the blocked terms, but I can easily replicate this behavior time and time again by enabling or disabling the firewall. Examples of affected media include The Avengers, Fyre Documentary, and Free State of Jones. What is odd is that this only effects my 1st Gen AFTV and not the 2nd Gen AFTV or any other streaming device on the network. Anyone reading this may want to know, I would receive the tvq-pm-100(3.1.-62 or -60) error with NF.

Recommendation to others: Disable Firewall Keyword Filter and recheck to see if it is interfering with NF streams.

 

[st3v3n]

SawKyrom; Xentrk is great isn't he? Very interesting information and food for though. Blocking the Avengers, clearly infers that 'Iron Man' in any of the Marvel films would of course be off-color, but by the same token, Patrick Macnee's character, 'John Steed' in the UK's 'The Avengers' series (and not on NF), would also be nixed by simple association with a horse. 'State of Jones' (a character, show or colloquial physical expression) is downright funny. The number of ordinary words that can be associated as something naughty as applied by the keyword filter, has me reconsidering our senior citizen's version keyword filters (not). It does eaves everything to the filter's imagination what any human might find offensive. Tsk, leading those poor older AFTV generations astray. On a serious note, do later version of AFTVs, tablets or other devices run into similar problems? Thanks for an uplifting moment and close to a long day; no pun intended.

 

[coxhaus]

AFTV has hard coded google DNS 8.8.8.8 and 8.8.4.4. I am currently fighting my Amazon Echo on my pfSense and got it working for awhile by selecting Advanced Settings and manually entering the router loop back address 127.0.0.1 for DNS1 and the router IP address e.g. 192.168.1.1 as DNS2. But it dropped again and am about ready to take a hammer to it as I can not seem to get it to stick. This is on my pfSense appliance and I have rules to redirect all DNS requests to unbound DNS revolver. I have no issues getting it to connect on the Asus Merlin router though.

http://www.aftvnews.com/how-to-manu...server-on-an-amazon-fire-tv-or-fire-tv-stick/

I can tell you my daughter gave me the latest version AFTV for Christmas, to run with our original Amazon Echo and our latest Amazon Dots. I use a Cisco RV340 router and I block all UDP DNS traffic including 8.8.8.8 and 8.8.4.4 on my router. I only allow my ISP and QUAD9. My devices seem to work fine. I bet your problem is related to pfsense. I ran pfsense a few years ago and I had issues with Hulu commercials for a while after one of pfsense's updates. The commercial would freeze when using an AppleTV. The program would run fine and then when it ran a commercial it would freeze sometimes.

I took the defaults when I setup the AFTV on Christmas eve. We were drinking a lot.