Netflix and Hulu over VPN

RouterOS General
1

Hi Guys,

So I have a PPTP VPN set up on my Tik.

What I would like to do is route all Hulu and Netflix traffic over the VPN.

I tried to google their IP blocks then add them to Address lists and set a Mangle rule to mark that traffic and then route it from there. I have done this for Ip ranges before and they are working no problem but Netflix and Hulu just doesnt want to work.

Regards

2

I have had limited success with using static routes for netflix, I will post an update that uses a horrible script to handle netflix that is working ok-ish
http://binaryheartbeat.blogspot.com/2014/06/static-netflix-routes.html

Update:
Here is the scripted version:
http://binaryheartbeat.blogspot.com/2015/01/mikrotik-netflix-selective-routing.html

3

Hi!

Do you know if this would work with OpenVPN as well? Just got a subscription from Sneakflix but they only give out ovpn config files.

4

What about the new tls-host matcher. It is possible to use it in the mangle table to set a routing-mark. So maybe, i’m not tested it, you mark all packets which hits the mangle rule with the netflix and hulu domains and route it through the vpn gateway.

Something like this:

/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether2-lan new-routing-mark=vpn passthrough=yes protocol=tcp tls-host=netflix.com
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether2-lan new-routing-mark=vpn passthrough=yes protocol=tcp tls-host=*.netflix.com
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether2-lan new-routing-mark=vpn passthrough=yes protocol=tcp tls-host=*.nflxext.com
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether2-lan new-routing-mark=vpn passthrough=yes protocol=tcp tls-host=*.nflxvideo.net
add action=mark-routing chain=prerouting dst-port=443 in-interface=ether2-lan new-routing-mark=vpn passthrough=yes protocol=tcp tls-host=*.nflxso.net

A possibility where that could fail is, your PC establishes the tcp connection to the netflix server with the 3 way handshake. Next comes the tls handshake and your mangle rule will match and the packets get routed now through the vpn but the netflix server will reject the packets through the vpn because the source ip address changed.