Route Netflix traffic via VPN

RouterOS General
21

Working from home should not be a problem here. Lets assume, you have several devices, which use Netflix - those devices can be added to a list

/ip firewall address-list
add address=10.0.0.2 comment="local device x" list=NflxLAN
add address=10.0.0.7 comment="local device y" list=NflxLAN
add address=10.0.0.11 comment="local device z" list=NflxLAN

If you have

add action=mark-routing chain=prerouting comment=Netflix dst-address-list=Netflix \
    in-interface-list=!WAN new-routing-mark=t-wg1 passthrough=no src-address-list=NflxLAN

then the traffic of your work device (lets say, a laptop with local IP 10.0.0.4) won’t be affected. Here I assumed LAN devices have their static IP addresses. :wink:

22

yeah in that way it would work, I was thinking about 192.168.10.0/24 and 192.168.30.0/24 where I have devices watching netflix. Literally I wanted all devices in the network to use Netflix using this route without giving them static IPs.

23 
Assuming you are using a third party VPN, add this mangle rule:
[i]add action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn[/i]

If that mangle doesnt resolve MTU problems try a different one........
[i]add action=change-mss chain=forward new-mss=1380 out-interface=wireguard1 protocol=tcp tcp-flags=syn tcp-mss=1381-65535[/i]
[/quote]

@anav
since you mentioned that. I’m experiencing some VPN issues.
When you adding this mangle rules, does MTU of L2VPN is by default, or only you are playing with the mangle rules

24

Hi there nichky, those work arounds are for the client peer (for handshake router) that is trying to out normally send www traffic out a third party VPN provider.
One keeps the default MTU at both ends (both ends should normally have the same MTU setup), whether that applies in other scenarios I dont know.

It is a standalone mangle rule with out-interface=wireguard1