Nordvpn or surfshark with mikrotik through ikev2

foncubierta · May 2, 2020, 7:09pm

Good, recently I acquired nordvpn and configured it with ikev2 and routed all my traffic using nordvpn, everything worked perfectly but some websites such as netflix marked me that it was behind a vpn (Error: M711-5059). At first I thought it was a matter of norvpn and netflix … But I installed the nordvpn client on my computer and connected to the same server and I could discover that netflix was working perfectly … So it was a problem with my mikrotik router configuration, After millions of tests, I gave up and tried surfshark (nordvpn’s competition) and got exactly the same result.
I followed the next tutorial:
https://support.surfshark.com/hc/en-us/articles/360012906220-Mikrotik-router-tutorial-with-IKEv2

/ip firewall address-list
add address=192.168.1.0/24 comment="Toda la red por la vpn" disabled=yes list=\
    DIREPORVPN

/ip firewall nat
add action=accept chain=srcnat comment=\
    "Acepto conexion desde las dirreciones DIREPORVPN a 192.168.10.0" \
    dst-address=192.168.10.0/24 src-address-list=DIREPORVPN
add action=accept chain=srcnat comment=\
    "Acepto conexion desde las dirreciones DIREPORVPN a 192.168.1.0" \
    dst-address=192.168.1.0/24 src-address-list=DIREPORVPN
add action=masquerade chain=srcnat comment=ENMASCARAMIENTO out-interface=\
    pppoe-out1
add action=redirect chain=dstnat comment="REDIRRECION DNS 53" disabled=yes \
    dst-port=53 in-interface=bridge1 protocol=udp
add action=dst-nat chain=dstnat comment="Home Assistant" dst-port=443 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.10.2 to-ports=\
    8123
add action=dst-nat chain=dstnat comment="PUERTA INDEPENDIENTE" dst-port=3460 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.10.20 to-ports=80
add action=dst-nat chain=dstnat comment=OctoPrint dst-port=3000 in-interface=\
    pppoe-out1 protocol=tcp to-addresses=192.168.10.2 to-ports=5000
add action=dst-nat chain=dstnat comment="Home Assistant" dst-port=8123 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.10.2 to-ports=\
    8123
add action=dst-nat chain=dstnat comment="Escritorio Remoto Raspberry" dst-port=\
    3389 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.10.2 \
    to-ports=3389
add action=masquerade chain=srcnat comment=\
    "Assistant, Mosquitto SNAT LOOPBACK PARTE 1" dst-address=192.168.10.2 \
    dst-port=8123,8883 out-interface=bridge1 protocol=tcp src-address=\
    192.168.1.0/24
add action=dst-nat chain=dstnat comment=\
    "Assistant, Mosquitto DNAT LOOPBACK PARTE 2" dst-address=!192.168.10.0/24 \
    dst-port=8123,8883 protocol=tcp to-addresses=192.168.10.2
add action=dst-nat chain=dstnat comment="Letsencrypt DNAT LOOPBACK PARTE 3" \
    dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.10.2 \
    to-ports=81
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.2.1 \
    dst-port=32400 out-interface=bridge1 protocol=tcp src-address=\
    192.168.2.0/24

/ip ipsec policy
add disabled=yes dst-address=192.168.1.0/24 group=ESSF proposal=ESSF \
    src-address=0.0.0.0/0 template=yes
add disabled=yes dst-address=192.168.10.0/24 group=ESSF proposal=ESSF \
    src-address=0.0.0.0/0 template=yes
add dst-address=0.0.0.0/0 group=ESSF proposal=ESSF src-address=0.0.0.0/0 \
    template=yes

/ip proxy
set cache-administrator=""

Comment that if I install the surfshark application on the computer if netflix works too. It only fails when the vpn is installed in mikrotik and it does not fail with all the reproductions, since some series can reproduce them without causing an error.
Can I somehow exclude netflix from my vpn with surfshark? Since I really wouldn’t mind.
If you have any other suggestion do not hesitate to say it. Thank you!

msatter · May 2, 2020, 9:04pm

When you want to use Netlfix then you have to connect in a other way. They have dedicated servers for that and the ones used in the Mikrotik is for general use.

The best you can ask the helpdesk and in your case Surfshark if it possible do it over IKEv2 and not over OpenVPN?

https://support.surfshark.com/hc/en-us/articles/360022838873-How-to-watch-Netflix-with-Surfshark-

https://support.surfshark.com/hc/en-us/articles/360011843860-Netflix-errors-and-common-mistakes-when-streaming

foncubierta · May 2, 2020, 9:40pm

If I am not mistaken I connect through IKEv2, in the post I made reference to the tutorial that followed, anyway as I commented before if there is any way that netflix does not come out through the vpn it would be worth it too. First of all thank you very much for helping me

foncubierta · May 10, 2020, 9:44pm

up.
I still don’t solve the problem ..

Taxarod · July 6, 2020, 6:10am

Following, having the same problem, where using the VPN provider app works and with the tunnel it identifies the VPN/gives errors.

marksmith09822 · August 5, 2020, 9:33am

Its depend for which purpose you are using VPN. For unblocking american netflix i am using surfshark and its working fine for me.

garywilson · May 28, 2021, 7:14am

I think Surfshark is the better choice here. I was reading a blog about and found out that it works better on technologies that are blocking the VPN. Check out by yourself. https://bingecringe.com/

MeadowsR · January 26, 2023, 3:38pm

Surfshark is the best choice honestly. If you want to use a VPN for unblocking websites and streaming, it works flawlessly. I have no trouble unblocking https://howtowatchstreaming.com/vpn/surfshark-netflix/. It works every time.