Mikrotik Hotspot and Netflix apps

novelty22 · May 9, 2016, 5:06pm

Hi,

We are using are using the Mikrotik hotspot for RADIUS authentication and customers are having issues with connecting certain devices to Netflix. (found an older thread with the same symptoms here, http://forum.mikrotik.com/t/hotspot-causing-netflix-services-to-fail/69051/1) Netflix will work on the customer’s PC, but not via the app on PS3/PS4/Xbox/Android.

Playstation actually gives an error of UI-103, but the others just seem to “hang”
If I watch the traffic in torch, the device doesn’t seem to pass any traffic beyond a DNS request to 8.8.8.8 (guessing this is hardcoded in the app because that DNS server is nowhere on the device or any customer CPE equipment)

If I shut off the hotspot, the Netflix app starts working. Turn on the hotspot and it stops.

I’ve seen this on 3 customers behind 2 different routers with the Hotspot enabled

Just curious if anyone else has seen this or possibly knew of a fix.

ZeroByte · May 9, 2016, 5:10pm

And just to be clear - when you try the Netflix app on the devices, the devices are currently authenticated and active on the hotspot, correct?

You could get the MAC addresses of such devices and create bypass bindings in the Hotspot for these devices. I hate these kind of workarounds, though…

novelty22 · May 9, 2016, 5:28pm

The devices are behind a Mikrotik router acting as a standard router (doing NAT) at the customer’s house. That router is what’s authenticated on the hotspot. Adding the MAC addresses of the devices behind that router to the bindings won’t do any good (wish i could use that as a workaround)

ZeroByte · May 9, 2016, 5:59pm

Well, if they’re behind another device that’s authenticated, then the hotspot itself shouldn’t break anything.
Do you have anything added to the pre-hotspot / hs-auth chains of your firewall?

Are you forcing http proxy? Most likely this is the cause.
Check the hotspot profile configuration and if you’ve configured http proxy, try disabling that feature and see if it fixes things - It’s been a while since I had to administer (yes, I say had to) any hotspot configs, so if it doesn’t fix the problem, log out the user and re-authenticate them, just to make sure the proxy doesn’t get applied at login-time.

novelty22 · May 9, 2016, 6:17pm

Nothing added to pre-hotspot / hs-auth chains…

In the user profile of the hotspot, transparent proxy is not checked, not sure if that’s where you meant..

ZeroByte · May 9, 2016, 7:07pm

Yep - that’s what I meant. Try binding a test user’s MAC address as ‘bypassed’ and see if that fixes their problem while the hotspot is working.

mtek · September 6, 2016, 11:32pm

Hi, I was having the same issue but figured it out. I removed the DNS redirect rule that was apart of the hotspot chain under the NAT settings. Then I created a new firewall rule to allow forwarding DNS requests from hotspot users and placed that above the hotspot rules. This solved my issues.

J4000 · June 8, 2017, 6:04pm

mtek – Would you mind posting the CLI or Winbox commands to show exactly what your rule looks like? I used the automated HOTSPOT setup script, and I don’t see any NAT entries for the hotspot…but I’m a newbie, and it could be stated in a way I’m missing. THANKS

AYcoo · October 27, 2017, 7:32am

same problem anyone solve this ?