Netflix issues with iOS devices
-
Hi,
Hoping someone can help point me in the right direction here... first issue I've come across that I've not been able to self-resolve with google :)
A couple of weeks ago, I noticed that I was unable to consume a large amount of Netflix content using my iPad. I subsequently noticed that the same was true on my iPhone.. and after checking a few other devices (wife + kids iOS devices) it seems that all iOS devices are having trouble with Netflix.
There are other devices in the house (windows PCs, Amazon Fire TV's) that are able to consume Netflix content without issue..
I'm not exactly sure when the issue started - it could have been there for a while since we don't tend to use the iOS devices for streaming Netflix all that much..
All of the devices (PCs, fireTV, ios, etc..) reside in the same VLAN so, in theory at least, are taking the same path out to the internet.
When I try to load a video up on Netflix from one of the iOS devices, it starts to load it up, but the spinning buffering circle never disappears and the video never starts.. Some videos will start up fine, but it's consistently the same ones - i.e. it's not unpredictable, I know that I cannot start an episode of The Crown, but if I start the trailer for The Crown, it will start fine every time.
Furthermore, my iPad has a 4g connection, if I browse and start any content using the 4G connection, and then subsequently disable the 4G connection and revert to WiFi, the video will continue to play without issue.
I have made no changes to my pfSense configuration recently and this has never been a problem in the past - something in the last 4 - 6 weeks (estimate) though has resulted in Netflix being basically unusable on any iOS device.
I replaced the pfSense gateway with a nasty old Apple router to do some testing, and it all worked fine.
I then decided to try pfSense with an out of the box configuration to rule out anything that I had done in the configuration and it stopped working again..
I then tried a previous version of pfSense, to try to find out if it was an issue with the version I was using, so I installed 2.4.4-p3 and it still isn't working..I am running a pfSense install on a ~5 year old mini-pc with a couple of intel NICs. I am going to install Sophos XG to see how that works, but I really don't want to migrate to Sophos, I really like pfSense..
any help/thoughts on where I can go next with this would be much appreciated..
-
I just fired up the crown on my ipad air 2 (has no cell connection).. running 14.1 through my pfsense.. loads fine.. I can skip around pretty much instantly..
Pfsense has no clue to if its your iphone or ipad or your amazon TV, or a windows pc..
So your not using any sort of vpn on pfsense? Captive portal? What are you using for wireless? Are you doing anything with pfblocker, ips?
This is a default install of pfsense, and using the resolver? Not forwarding?
-
@johnpoz
Thanks for the reply.Nope, no vpns running (I did have a vpn active, but it’s only for some very specific traffic which is intercepted and routed based on policy, Netflix definitely not included and had been running fine for 12+ months).
That said, I did a completely fresh install of pfsense and ran it with the default out of the box configuration and it still wasn’t working.
Agree that pfsense doesn’t care what the client is but from the little reading I’ve done it seems that the iOS Netflix app does behave differently to other methods of connecting to Netflix - it uses “http byte range” to request specific portions of the files it’s playing..
I’m beginning to wonder if it’s perhaps more fundamental, like the drivers used for my Intel NICs or something.. I installed OPNsense and it exhibits the same problem.. I am in the process of installing a Linux based solution at the moment (untangle) to see how that behaves...
For wireless I’m running unifi ap-pro’s and it’s all connected together using cisco switches both the wireless config and the switch confogs are fairly vanilla, nothing too complex going on there..
So, no captive portals, no vpns.
-
Well we are very comparable setups then.. I also have unifi AP.. Pro, LR and a lite - not having any issues on any of them. And cisco sg300s for switching.
I have iphones to play with X and wifes 8.. And ipad - none of them are showing any issues with netflix, or anything else for that matter.
My pfsense is running on a sg4860, 2.4.5p1, I also watch netflix from my PC, and a tcl roku tv, and roku stick (premiere).. Have another stick in the kitchen tv - but haven't done anything with it long time.
What version of the app are you running on your ipad? I just looked and mine is 13.2 - and don't show any updates to it.
When you used your apple router - your ipad connected to it for wireless, or was it still going through your unifi APs? What firmware you running on your APs? I am on latest beta 5.40.3, using controller 6.1.20, you doing anything special in your wifi settings?
-
yeah pretty much identical setup - also have a pair of sg300s :)
App version is the same - 13.2.0
The "difference" i suppose, is that I am using a cheap-o x86 (celeron) PC that I purchased a few years ago - it has been pretty much bulletproof up until this issue with Netflix.. Whereas you're using a proper netgate device.
For what it's worth, Untangle has completed its install and is now acting as my gateway, and it's all working perfectly... which is just compounding my belief that it has something to do with the driver/hardware under bsd..
Everything was identical when using the Apple router (and Untangle now..) still running through the Unifi APs, switched WiFi off on the apple router.. I'm running the same controller version as you but AP firmware version 4.3.21.11325 (latest stable, I believe - at least the latest one offered to me using the standard release channels)
-
Yeah but I don't buy it - pfsense doesn't give two shits what port the tcp traffic is on.. tcp is tcp - it has nothing to do be it https, http or ssh or xyz...
There is a piece of the puzzle that is missing... But have never in my life, 30 some years working with this sort of stuff have seen a driver of some nic only have issues with protocol xyz and nothing else..
-
Yeah I don’t disagree, I guess at this stage I’m just clutching at straws...
So interestingly, untangle started to exhibit the same problems after a couple of hours, first few streams were fine, then the issue resurfaced.
I’ve put pfsense back on now and I’ve tested routing all traffic via a vpn to a dedicated server I own ( the termination point is also a pfsense box) and everything works perfectly. This is a decent workaround for now (I’ll just have to put up with the family moaning about having to use a different ssid for Netflix heh) but I still want to get to the root cause.
I did some packet captures last night and there’s definitely something not right, I’m wondering if there’s an issue with my isp’s Netflix cdn nodes - though I’d expect there to be more noise about this from other customers if that was the case...
I’m hitting the limits of my knowledge now tho, and deciphering tcp streams in wireshark might just break me ;)
Thanks for your input tho, appreciate you taking the time to respond...
-
Thought it might be useful to provide an update on this..
I did some more investigation (mostly packet captures), and it seems that I am unable to connect to a handful of Netflix CDN servers that my iOS devices are pointed at when initiating a stream - the CDN servers in question are hosted by my ISP.
It doesn't appear to be a routing problem as I am able to connect to some servers that are in the same subnet as others that I am unable to connect to (well, I assume that they are in the same subnet, I can connect to one ending .25 but not one ending on .21) so perhaps some rogue ACL or badly configured IDS /shrug (i am able to open a session to the .21 address from outside my ISP's network, so it's definitely there and responding, just not to me when i am on my ISPs network...)
I've managed to find a handful of other users who are having almost identical issues at my ISPs support forums so will follow up there
The likelihood of getting hold of someone on the phone that can actually troubleshoot this at their end is pretty much zero, so I'll just keep hammering the forums over there in the hope that someone responds :)
Thanks again for the responses.