Failure to connect to Netflix
I have a strange situation. I have 3 Roku Ultras running thru Cisco SG 200 then to a SG-1100, that connects to a cable modem. Eeverything works and streams well with the exception of Netflix. I can remove the Netflix channel and reinstall it with no problems, until it comes time to connect to their servers. I get a message that reads:
tvq-st-106 which means your device may not be connected to the internet
However, all other streaming services work. The strange part, to me, is I can connect to Netflix if I connect A Roku directly to the cable modem plus I can connect to Netflix from a desktop with no problems. The SG-1100 is pretty much untouched from coming out of the box. I used Tom Lawrences Yt video as a guide. Any help would be most appreciated.
Are you using a vpn? I have multiple roku devices on my network.. None of them have any issues and stream netflix just fine..
Unless you are using pfblocker or ips or something.. Pfsense doesn't give 2 shits if your going to amazon or netflix or hulu, etc. The default rules are any any for outbound..
@johnpoz No VPN, no pfblocker,, Yeah, I'm thinking the same thing yet it won't connect unless the Roku connects directly to the cable modem. I'm stymied. Thanks for reading my post.
What are you using for dns.. To troubleshoot I would sniff on pfsense for the roku IP and see what its trying to do that is not working.. Be it a dns query that doesn't get answered or connection (syn) that doesn't get a syn,ack back
Are you using Ipv6? Say Hurricane electric? Some known issues with HE electric IPv6 I do believe.. While I use HE tunnel for my ipv6.. My iot vlan doesn't have ipv6 enabled.. Which is where my roku's sit..
There was thread many moons ago that was about that - and doing filtering of AAAA for netflix so devices would not use ipv6 to talk to netflix.
That could explain why it works on your cable modem (no he tunnel) and then with pfsense he tunnel.
@johnpoz Open DNS, but I'll give Google and Cloud Flare a shot. Thanks again
@johnpoz No IPV6. Not sure what AAAA filtering is.
No IPV6. Not sure what AAAA filtering is.
When you visit a site using IPv4, the host name gets resolved with a A request. This 'A' means
a-web-site.tld = A = a.b.c.d
Your browser, or any internet based software uses these IPv4 = A addresses, as they don't understand host names. Host names exists mostly for humans, as dealing with a.b.c.d etc is .... annoying.
AAAA records are the same thing, and used to resolve host names into IPv6 addresses like "2001:470:aabb:5c0::1"
Take note : Most modern OS"s, routers , etc prefer IPv6 over IPv4. They still work, as they fall back to IPv4 if IPv6 is unavailable.
edit : to relate all this back to your issue : If your devices were using IPv6 and your were using he.net as your IPv6 gateway, their might be an issue, as johnpozz mentioned.
This is not your case.
Are you using Ipv6? Say Hurricane electric? Some known issues with HE electric IPv6 I do believe.. While I use HE tunnel for my ipv6..
I tried to access Netflix this morning without any AAAA filtering - native IPv6 from he.net to Netflix.
Open DNS, but I'll give Google and Cloud Flare a shot.
What about using the official, default Internet's root servers ?
These are the ones pfSense s using out of the box. There is no need to enter ANY DNS info to get pfSense to work. There is no need to hand over your DNS records to some company or other organisation.
So your using opendns? Are you using opendns when you connect direct to your modem?
Yeah, it pretty has to be DNS with a vanilla setup otherwise.
I would try just using Unbound in pfSense (in resolving mode) directly as a test.
No connectivity to NETFLIX when using ROKUs through the SG 1100, all other streaming functioned.
Was able to connect to NETFLIX via a desktop when using the SG 1100. Was able to connect to NETFLIX via ROKU if the ROKU was connected directly to the cable modem.
Well, here's what I did.
Removed the SG 1100 and went back to the ASUS RT-N16 using TOMATO Firmware, and the ROKUs all connected to NETFLIX.
Installed pfsense on a DELL desktop with an i5, using an Intel 4 port NIC. Same story all the ROKUs are able to connect to NETFLIX straight away. I'll see if there is a way to reset the SG 1100 to defaults, it's not running now, or reinstall pfsense. I have no idea why only NETFLIX on the ROKUs wouldn't connect previously. Not having NETFLIX isn't that big of a deal, it's the WHY that becomes the driving force.
Anyway, thanks to all who replied. Through those I started to dig a bit into the IPV6 protocol, kind of a lemons to lemonade thing for me. Thanks again
Thanks, for the information, and all your help,