Setting up VPN on Mikrotik

momon · July 1, 2015, 4:21pm

Hello all, I’m very excited to be posting here for the first time. A few weeks ago I purchased my first Mikrotik mainly so I can learn more and poke around networking since it is the one thing in IT I’ve neglected to get deep in.

I purchased Mikrotik RB750GL Mini-Router 5 Gigabit Ethernet Ports and I’ve been extremely happy with it and already learned some new things I did not know. This is such a great platform for people like me, so thank you for making such a beast at an affordable price.

Let me explain you my setup and what I am trying to achieve and perhaps someone might be able to offer some insights.

This is my setup:

ISP Router on 10.0.0.1 on LAN plugged into my WAN port on Mikrotik
Mikrotik’s Wan port is setup as static on 10.0.0.2 and all other LAN ports use that port to get out to the internet.
Several Wireless routers around the house for max coverage, all connected to lan on Mikrotik.

On Mikrotik I’ve setup custom nameserver IPs (mainly to access Netflix, Hulu and Prime outside of the USA). For that I am using unblock-us nameservers.

Everything works perfectly with this setup and I have not had a single issue. But last week I started exploring creating a VPN on Mikrotik so I could access my house network from a different connection.

This was very simple to achieve and it is working nearly perfect, except for one small detail. Once I am connected to the VPN, if I try to access netflix, hulu or prime, I am getting content blocked. This is only happening when I am in the network via the VPN, it does not happen if I am in the network physically.

I’ve been reading about it through several blogs and I believe my issue is with routing… however, most guides that explain this are pushing traffic through a VPN which is not the same setup I have. Meaning they setup a VPN connection from Mikrotik to a given provider (instead of using DNS) and setup routing to the VPN. In my case, I have a VPN server setup on Mikrotik which I use to connect to my local network and even though I get the correct nameservers applied I am still getting flagged by netflix, hulu or prime as not connecting from the USA.

So ideally I would like to first understand why this is happening if someone can offer some theories and secondly a working alternative perhaps? I’m not entirely sure routing is my problem although all I have found leads me to that so far but I figured since I am getting the right nameservers I don’t understand how netflix reads my connection from the VPN any differently from what it is when I am physically on the same network.

Thanks!

momon · July 4, 2015, 3:01pm

I do not mean to bump the thread so I apologize in advance if that is against the rules… I just wanted to offer a bit of follow up or progress that I’ve made since in my testings.

I have since originally posted added the VPN to my default subnet (same as all the other computers) 192.168.88.0/24 which also sets the correct DNS serers etc as for my correctly working devices on the local network.

I have also manually added the nameservers on my mobile phone to unblock-us (same as my local network) just in case it was somehow skipping nameserver assignments and using the LTE for my mobile instead.

I’ve also added the VPN to my LAN bridge (not sure exactly what that is supposed to do) but I wasn’t able to access LAN computers from within the VPN before I did that and configured the bridge with proxy-arp. Now I can access the LAN from within the VPN without issues.

All that said, Netflix is still flagging me as outside of the USA and I am starting to wonder if this is a limitation of accessing from my mobile connection rather than a wrongful VPN setup?

On monday I might try going to the office where I can test the VPN from a different Internet connection which might confirm if the issues are tied to the way mobile network works instead of the VPN itself but I wanted to document my situation further in case someone had any ideas until then.

Cheers,
Jose R. Lopez