New install breaks Netflix on Nvidia Shield TV
This is strange problem and I only ask here because I'm not sure what real issue is. I have just replaced old DDWRT router with PfSense machine. I have all services and network is behaving as I need, but I notice one strange thing. Netflix will not connect to Netflix server on my android TV. I checked by the app that it will not connect to either netflix servers, or even Internet. All other apps (Hulu, YouTube, Play Store, Play Music & everything else) connect to Internet just fine, behavior is normal in this case.
I notice since my new PfSense install, all devices now have IPv6 addresses. This should be fine, but I tried disabling IPv6 on my android TV, then suddenly no apps could reach Internet. I checked that the android TV is using the proper local IPv4 address that I assigned from PfSense DHCP (192.168.1.74 in my case). So, I do not know why android system loses connection without IPv6, because always IPv4 is fine before and when I disable IPv6 on android TV, the system still has expected IPv4. android TV is wired to a switch downstream PfSense. Another thing is that since I notice this behaviour, the chromecast inside the android TV is not visible to devices on the wifi network. I use Ubiquiti APs that are on the same switch as the android TV for wifi.
Over my local wifi, apple and android devices can all use Netflix via app. Windows 10 machines on same switch as android TV and all on same LAN can also view Netflix.com stream normally.
I tried disabling IPv6 connections in PfSense, but this just creates a firewall rule to block IPv6 traffic, so this just breaks everything android TV and does not allow my wireless APs to access Internet.
I know there must be setting I am missing, but after much research and experiments, I am not sure what could cause single app to loose connection to Internet and device to be not available to devices on the wifi network. Seems something is blocked somehow. Does anyone have idea of things I could investigate? Thank you!!
bfeitell last edited by bfeitell
You are probably using an IPv6 tunnel broker. Netflix bans this as a prohibited VPN. The solution is to create an alias for Netflix' IPv6 networks and create a REJECT rule for TCP IPv6 traffic to the alias as a destination from your lan. That will cause a fail-over to IPv4 for Netflix sources.
bfeitell last edited by
These networks are what I used for a friend with this problem, and the list may be incomplete.
Thank you for your reply!
I did as you mentioned and still got same connection error. I also added following networks to Netflix alias based on other thread:
Even so, I still have same connection error. I checked the tunnel broker issue you mention and I can see the error for that is different then behaviour I see. In the tunnel broker case, it is streaming error for using suspected proxy/vpn, but what I get is a complete connection error. The app has a network check feature which checks 3 Netflix servers, and the Internet generally. The network check fails all of these. Plus all other devices on PfSense router can stream Netflix just fine. So the app cannot even reach WAN. All other apps on device can reach WAN. All other devices on same LAN that have Netflix app can.
This situation is not making sense to me at the moment.
bfeitell last edited by
Are you sure that IPv6 name resolution is working? Try looking up and pinging ipv6.google.com using the tools under Diagnostics.
i actually just think I figured the problem. I run PfBlockerNG and have a LAN firewall rule to block external DNS to force PfSense DNS from any LAN . When I disable this, the Netflix app can connect. I suspect the Netflix app from android TV forces an external DNS.
My solution was to add an exception to this firewall rule for the android TV. Everything works fine now!!
Thanks for all help!
Gertjan last edited by
I suspect the Netflix app from android TV forces an external DNS.
Of course - and quiet normal : it doesn't want you to shortcut their DNS, so they can add and remove servers at their will, and all TV Apps will follow without delay.
Try this : you make a firewall rule + internal NAT rule that redirects all non-local DNS traffic to pfSense. (as seen elsewhere on the forum)