Roku Netflix problem on Merlin Firmware

[Tom P]

I have an AC3200 and after installing Merlin about a week ago and updating to the latest build 384.6, I could no longer access Netflix on my Roku devices in the house (this was the same on both builds).

All were reporting NW-2-5 errors which pointed to network connectivity. I followed the troubleshooter on Netflix's site and called and went through the same process on the phone.

Reset Netflix - didn't work
Reset Roku and restarted hot and cold - didn't work
Connected Roku by wire to router - didn't work
Connected Roku directly to Modem - worked, but not going to give up my network to watch on one TV and didn't want to replace the router

Other things that I tried:
- using google DNS vs. ISP DNS - didn't work
- blocking google DNS as it was set up in Netflix app as alternates - didn't work
- assigning static IPs to my roku's in the network - didn't work
- factory reset the router - didn't work

At this point had a discussion with Netflix, and went through all the same steps. They told me to call ISP (cox) and that it had something to do with DNS and that would do it. Had a pointless discussion with the tech about how that didn't make sense given I could connect the service from computers, other apps worked fine on the Roku, and I could have the Netflix app work by connecting directly to the modem. The tech read the same script to me with a layman's understanding of DNS which I have (but not much more). I asked what to do when that didn't work and the tech told me to call in and ask for a supervisor.

Given I had done all the steps before I was fairly convinced something I did in setting up the Merlin firmware had done it. I reverted to stock firmware and the issue went away immediately -- no changes.

Just to check -- reflashed Merlin Firmware and it stopped working, and went back to stock and Netflix works on my Roku again.

I searched a bunch on this board and others and didn't find anything about this (although a lot about how to have Netflix go through or not go through VPN). I hope this saves someone the hours I spent trying to make this work.

(One thing I noticed and may be the whole thing, but not ready to go back -- the NTP server wasn't connecting and the logs reflected the incorrect date on Merlin and correct with stock ASUS -- I suspect this could be a contributing issue)

Should I just give up at this point and stick with stock?

 

[OMNI619]

That's maybe ROKU blocking you and you can't use Netflix using VPN some of the servers let you stream Netflix most of them will not your not the only facing same problem ROKU has lots of bugs and issues on their current firmware update

Sent from my SAMSUNG-SM-G920AZ using Tapatalk

 

[Zirescu]

Did you reset back to factory defaults and setup the router manually when going to the 384 branch?

 

[sfx2000]

That's maybe ROKU blocking you and you can't use Netflix using VPN some of the servers let you stream Netflix most of them will not your not the only facing same problem ROKU has lots of bugs and issues on their current firmware update

Netflix has been turning up DRM* and geo-restrictions on the network side - if you disable VPN, does the Netflix app still run?

* I have a no-name Shenzen android TV box, and while it has Google Play store, and Netflix, since it has test/demo keys, the netflix app no longer runs (Widevine DRM).

 

[OMNI619]

Yes it does run once you turn VPN off I use the android devices your talking about and definitely if you get Netflix app from play store doesn't work but you can download it from https://www.acmarket.net/ https://en.aptoide.com. https://m.apkpure.com/apkpure-app.html from here you can download a working Netflix apps from the markets[emoji115]

Netflix has been turning up DRM* and geo-restrictions on the network side - if you disable VPN, does the Netflix app still run?

* I have a no-name Shenzen android TV box, and while it has Google Play store, and Netflix, since it has test/demo keys, the netflix app no longer runs (Widevine DRM).

Sent from my SAMSUNG-SM-G920AZ using Tapatalk

 

[Tom P]

Yes -- Did a complete reset in the 384 branch, not at first, but as part of going through troubleshooting.

Did you reset back to factory defaults and setup the router manually when going to the 384 branch?

 

[Tom P]

I wasn't using a VPN at all during the testing.

Netflix has been turning up DRM* and geo-restrictions on the network side - if you disable VPN, does the Netflix app still run?

* I have a no-name Shenzen android TV box, and while it has Google Play store, and Netflix, since it has test/demo keys, the netflix app no longer runs (Widevine DRM).

 

[Darryl]

So you do not use a VPN at all for Netflix? Will Netflix work from a browser connected through Merlin? If you do a dns leak test: https://www.dnsleaktest.com/ where does it think you are located. And what dns servers are being used? How about on stock?

 

[st3v3n]

Tom P, This is an issue that's been addressed many times but there's never harm in providing enlightenment.
The problem isn't your FW or your RT-AC3200. We use the same FW/router and have never had issues. The problems is address range blocking by streaming services per legal agreements with movie studios, who want to control all content, and make users pay whenever they access it. Streaming providers have become extremely adept at blocking any address range used by any user or VPN service they deem suspicious. If a VPN permits torrents or questionable service, they're blocked. Netflix invested heavily in Roku (check the company address) and subsidized the unit to the point it's difficult to tell where Netflix ends and Roku begins. Other device/content providers do the same with other brands. If you're paying for Netflix, have an account and registered the Roku to a valid email, not necessarily your main email address, if you use the correct VPN service for this purpose, you can make OpenVPN streaming work. All streaming has become tightly controlled and there are days when some users get fed up, then give up, and dump the device to the ISP's servers.

Content providers know all commercial VPN IP address blocks just as ISPs do. Using a VPN tunnel to encrypt your video stream only goes so far; you're protecting your privacy to a certain point, on your end. Your ISP knows which VPN providers you use even though they can't necessarily see what content is in the tunnel. There are a few VPNs who maintain enough resources to provide encrypted video streaming. A few also provide Netflix streaming in a browser window, but it isn't guaranteed for long periods. Geo/co-location services are very invasive and lock the user and device to a certain IP, as well as a physical address; It wouldn't do to have any evil doers trying to stream old TV shows.

Roku boxes can be buggy but so is other equipment; people still use and like it. Netflix/Roku keeps pumping out updates and the video quality is usually quite good. Roku/Netflix privacy policies keep us from watching more. The film industry historically spends millions each year to collect a few pennies in royalties for each viewing. They've been going in this direction for a very long time. When providers suspect abuse/theft, they'll cut off any VPN address used and not ask questions later. Providers don't want users watching anything they aren't paid for. Remember, the ISP may not be able to see the streamed content you watch, but they know where you enter, and sometimes exit, and that you're likely streaming video due to the bandwidth used over a couple of hours.

Once you find a service that delivers what you want, enjoy it while it lasts. Browser streaming doesn't always provide the audio/video fidelity you might have with the Roku. We use several devices to stream video, but there are times when watching a DVD or Blu-Ray is better. Most people are only interested in protecting their LAN from bad actors and ransomware. Use your search-fu to research the better (more expensive) domestic VPN services and don't give up. Good luck.

 

[Xentrk]

I have an AC3200 and after installing Merlin about a week ago and updating to the latest build 384.6, I could no longer access Netflix on my Roku devices in the house (this was the same on both builds).

All were reporting NW-2-5 errors which pointed to network connectivity. I followed the troubleshooter on Netflix's site and called and went through the same process on the phone.

Reset Netflix - didn't work
Reset Roku and restarted hot and cold - didn't work
Connected Roku by wire to router - didn't work
Connected Roku directly to Modem - worked, but not going to give up my network to watch on one TV and didn't want to replace the router

Other things that I tried:
- using google DNS vs. ISP DNS - didn't work
- blocking google DNS as it was set up in Netflix app as alternates - didn't work
- assigning static IPs to my roku's in the network - didn't work
- factory reset the router - didn't work

At this point had a discussion with Netflix, and went through all the same steps. They told me to call ISP (cox) and that it had something to do with DNS and that would do it. Had a pointless discussion with the tech about how that didn't make sense given I could connect the service from computers, other apps worked fine on the Roku, and I could have the Netflix app work by connecting directly to the modem. The tech read the same script to me with a layman's understanding of DNS which I have (but not much more). I asked what to do when that didn't work and the tech told me to call in and ask for a supervisor.

Given I had done all the steps before I was fairly convinced something I did in setting up the Merlin firmware had done it. I reverted to stock firmware and the issue went away immediately -- no changes.

Just to check -- reflashed Merlin Firmware and it stopped working, and went back to stock and Netflix works on my Roku again.

I searched a bunch on this board and others and didn't find anything about this (although a lot about how to have Netflix go through or not go through VPN). I hope this saves someone the hours I spent trying to make this work.

(One thing I noticed and may be the whole thing, but not ready to go back -- the NTP server wasn't connecting and the logs reflected the incorrect date on Merlin and correct with stock ASUS -- I suspect this could be a contributing issue)

Should I just give up at this point and stick with stock?

I am very familiar with Netflix blocking of known VPN servers. But you are not using a VPN.

If you have entware installed, install the package drill. Use it to query netflix.com using your current DNS servers and perhaps quad 9 and cloudfare to see what response you get:

# drill @1.1.1.1 netflix.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6715
;; flags: qr rd ra ; QUERY: 1, ANSWER: 8, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;; netflix.com. IN      A

;; ANSWER SECTION:
netflix.com.    60      IN      A       34.250.41.147
netflix.com.    60      IN      A       54.76.92.243
netflix.com.    60      IN      A       52.209.79.186
netflix.com.    60      IN      A       54.154.229.184
netflix.com.    60      IN      A       54.171.116.69
netflix.com.    60      IN      A       54.194.155.146
netflix.com.    60      IN      A       52.208.135.54
netflix.com.    60      IN      A       54.76.159.18

;; AUTHORITY SECTION:
netflix.com.    10853   IN      NS      ns-1372.awsdns-43.org.
netflix.com.    10853   IN      NS      ns-1984.awsdns-56.co.uk.
netflix.com.    10853   IN      NS      ns-659.awsdns-18.net.
netflix.com.    10853   IN      NS      ns-81.awsdns-10.com.

;; ADDITIONAL SECTION:

;; Query time: 38 msec
;; SERVER: 1.1.1.1
;; WHEN: Wed Aug  1 08:00:09 2018
;; MSG SIZE  rcvd: 293

drill @9.9.9.9 netflix.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 10018
;; flags: qr rd ra ; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; netflix.com. IN      A

;; ANSWER SECTION:
netflix.com.    60      IN      A       52.30.238.17
netflix.com.    60      IN      A       52.19.113.209
netflix.com.    60      IN      A       52.214.179.84
netflix.com.    60      IN      A       52.31.109.246
netflix.com.    60      IN      A       52.17.27.129
netflix.com.    60      IN      A       52.17.14.18
netflix.com.    60      IN      A       54.171.187.60
netflix.com.    60      IN      A       52.17.227.174

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 41 msec
;; SERVER: 9.9.9.9
;; WHEN: Wed Aug  1 08:00:18 2018
;; MSG SIZE  rcvd: 157

You can also capture the domain names Netflix is calling from dnsmasq.log file. Then, do a nslookup on them to see what kind of reply your DNS is providing.

The method I use is to assign a static IP address to the client device, say 192.168.1.100

Capture dnsmasq.log traffic to a separate log file.

tail -f dnsmasq.log > netflix_dnsmasq.log

Now, go to the device and generate Netflix traffic.

After some time, hit ctrl-c to stop logging to netflix_dnsmasq.log

run this script below to generate a sort list of unique domain names

e.g. sh /jffs/scripts/getdomainnames.sh netflix_dnsmasq.log

#!/bin/sh
#set -x
# This script will format the output of tail -f dnsmasq.log > logfile
# where logfile is the output of tail -f dnsmasq.log
#  1. extract records whose contents contain the word "query"
#  2. output only the domain name
#  3. sort file for unique contents to elimnate duplicates
#  4. save to $1_output
#
# Parameters Passed
# $1 = provide the name of the source file when running the script
#     e.g. ./getdomainnames.sh logfile
#
source_file=/tmp/mnt/absolution/adblocking/logs/$1
output_file=$source_file"_output"

cat $source_file | grep query | grep 192.168.1.100 | awk '{ print $6 }' | sort -u > $output_file

I spent two minutes on NF and generated these names. You can try an nslookup on your end to see what kind of reply you get from your DNS.

Spoiler: Netflix Domain Names

api-global.netflix.com
cdn-0.nflximg.com
cognito-identity.us-east-1.amazonaws.com
customerevents.netflix.com
ichnaea.netflix.com
ipv4-c003-lax004-ix.1.oca.nflxvideo.net
mobileanalytics.us-east-1.amazonaws.com
nrdp.nccp.netflix.com
nrdp50-appboot.netflix.com
occ-0-1077-1062.1.nflxso.net
pinpoint.us-east-1.amazonaws.com
push.prod.netflix.com
secure.netflix.com
spectrum.s3.amazonaws.com
admin@RT-AC88U-824

 

[elorimer]

Over on the Roku forums nearly two years ago there was someone in Florida who had the exact same problem, same error, Roku, Netflix, and Merlin. Obviously not .6, and there wasn't a solution (or much response). Someone suggested turning of QoS, but that wasn't it. Someone suggested changing to a public DNS, and that wasn't it. Going back to stock doesn't seem to have entered into the effort.

There is also someone who had the same problem with updated firmware on a Ubiquity ERL, rolling back fixed it.

You might try rolling back to an earlier Merlin.

Also, you might investigate the NTP problem further. That seems like a hint.

 

[Xentrk]

Another thought, make sure IPv6 is disabled, check the system log for messages and update entware packages if you have entware installed e.g. opkg update.

On another forum, the solution was to disable parental controls the ISP had on the account .

 

[st3v3n]

Xentrk, Netflix without a VPN isn 't nearly as easy as it used to be, tried everything that others had done and suggested. The NTP behavior on our 3200 was odd, and though we finally resolved it, could run NF in a browser window but didn't care for watching TV on a browser thrown up on a screen. Discussing the problem with NF/Roku or our ISP turned out to be a waste of time and a non-starter. They didn't come out and say so but even when we dropped a Roku to the ISP, because we used multiple VPN streams on a private assigned address range, their equipment tagged us as suspicious so the box tagged our address, and the RoKU wouldn't work. We finally went around using a certain VPN,and it has worked ever since . Paying for another IP was the only answer for us, and we received access to other server addresses as well so it was money well spent.

What elorimer mentioned in #11 was an issue. (Xentrk is very well versed in this subject, and am glad he's responded to OP). The equipment/hardware NF co-locates with the ISP was probably the culprit. Our box is registered but we don't pay for that service through that particular box. Our NF fee is paid directly to NF, so in theory (and practice) we can watch NF on any of our devices, and after we resolved the NTP issue it just worked through the VPN, on any of our devices. Taking the Roku box elsewhere to plug in didn't work, no great loss. If one subscribes through the Roku box, then it's a different horse and should run no matter what ISP/service you plug it into; 'should' is the word.

As for problems on our 3200 re NTP; we finally assigned it to an single regional time server and that took care of it; we never discovered why. Now the NTP syncs and shows the correct time. Before it would occasionally reset itself to the wrong time, which caused copious errors and other issues. Whatever the reason, it stopped this behavior; the router always boots up with correct time and no errors or issues. Hope that makes sense, not the same problem OP described but the NTP issue was a problem for us which we had to resolved a different way. Cheers.

 

[unclebuk]

I have an AC3200 and after installing Merlin about a week ago and updating to the latest build 384.6, I could no longer access Netflix on my Roku devices in the house (this was the same on both builds).

All were reporting NW-2-5 errors which pointed to network connectivity. I followed the troubleshooter on Netflix's site and called and went through the same process on the phone.

Reset Netflix - didn't work
Reset Roku and restarted hot and cold - didn't work
Connected Roku by wire to router - didn't work
Connected Roku directly to Modem - worked, but not going to give up my network to watch on one TV and didn't want to replace the router

Other things that I tried:
- using google DNS vs. ISP DNS - didn't work
- blocking google DNS as it was set up in Netflix app as alternates - didn't work
- assigning static IPs to my roku's in the network - didn't work
- factory reset the router - didn't work

At this point had a discussion with Netflix, and went through all the same steps. They told me to call ISP (cox) and that it had something to do with DNS and that would do it. Had a pointless discussion with the tech about how that didn't make sense given I could connect the service from computers, other apps worked fine on the Roku, and I could have the Netflix app work by connecting directly to the modem. The tech read the same script to me with a layman's understanding of DNS which I have (but not much more). I asked what to do when that didn't work and the tech told me to call in and ask for a supervisor.

Given I had done all the steps before I was fairly convinced something I did in setting up the Merlin firmware had done it. I reverted to stock firmware and the issue went away immediately -- no changes.

Just to check -- reflashed Merlin Firmware and it stopped working, and went back to stock and Netflix works on my Roku again.

I searched a bunch on this board and others and didn't find anything about this (although a lot about how to have Netflix go through or not go through VPN). I hope this saves someone the hours I spent trying to make this work.

(One thing I noticed and may be the whole thing, but not ready to go back -- the NTP server wasn't connecting and the logs reflected the incorrect date on Merlin and correct with stock ASUS -- I suspect this could be a contributing issue)

Should I just give up at this point and stick with stock?

I had a similar experience with Roku since I was trying to set it up from SE Asia. I had to create a new Roku account while connected only to a USA vpn and then factory reset the Roku player and reactivating it while also connected to the US vpn.

May want to try that.

 

[agilani]

I have an AC3200 and after installing Merlin about a week ago and updating to the latest build 384.6, I could no longer access Netflix on my Roku devices in the house (this was the same on both builds).

All were reporting NW-2-5 errors which pointed to network connectivity. I followed the troubleshooter on Netflix's site and called and went through the same process on the phone.

Reset Netflix - didn't work
Reset Roku and restarted hot and cold - didn't work
Connected Roku by wire to router - didn't work
Connected Roku directly to Modem - worked, but not going to give up my network to watch on one TV and didn't want to replace the router

Other things that I tried:
- using google DNS vs. ISP DNS - didn't work
- blocking google DNS as it was set up in Netflix app as alternates - didn't work
- assigning static IPs to my roku's in the network - didn't work
- factory reset the router - didn't work

At this point had a discussion with Netflix, and went through all the same steps. They told me to call ISP (cox) and that it had something to do with DNS and that would do it. Had a pointless discussion with the tech about how that didn't make sense given I could connect the service from computers, other apps worked fine on the Roku, and I could have the Netflix app work by connecting directly to the modem. The tech read the same script to me with a layman's understanding of DNS which I have (but not much more). I asked what to do when that didn't work and the tech told me to call in and ask for a supervisor.

Given I had done all the steps before I was fairly convinced something I did in setting up the Merlin firmware had done it. I reverted to stock firmware and the issue went away immediately -- no changes.

Just to check -- reflashed Merlin Firmware and it stopped working, and went back to stock and Netflix works on my Roku again.

I searched a bunch on this board and others and didn't find anything about this (although a lot about how to have Netflix go through or not go through VPN). I hope this saves someone the hours I spent trying to make this work.

(One thing I noticed and may be the whole thing, but not ready to go back -- the NTP server wasn't connecting and the logs reflected the incorrect date on Merlin and correct with stock ASUS -- I suspect this could be a contributing issue)

Should I just give up at this point and stick with stock?

Have you tried enabling traffic logging and looking at the traffic from the roku?
Have you tried a different ntp server?

 

[st3v3n]

uncle, wondered if the new user/privacy policies had any effect after you created your new account? We already had accounts with the service we use, and never had any issues afterwards. Was thinking about making a change to a different IP/server, thought Roku might mistake it for something untoward; thanks.

 

[Robaye]

Not sure if you may wish to try a different router for test purposes, if you have access to one, to see if it makes any difference.

I had Netflix issues especially w/ my Roku, but a little with my Fire TV as well a couple years ago. Luckily I happened to be moving, and have not had any issues since the move!
Out of curiosity I still swapped out everything one by one to no avail. Even the modem. Cable guy said things were fine, too. Probably something with the node/ ISP, possibly upstream wiring in that case, who knows? I don't think is anything Netflix or Roku will be able to help you with, unless the Roku is on the fritz, perhaps, but unlikely I'd say.
If really serious you may consider using a raspberry pi setup to monitor your ISP for spikes/ consistency, etc.
https://lifehacker.com/monitor-the-consistency-of-your-broadband-speeds-with-a-1756684209

Come to think about it, I think I would see a quick initial high spike when I started a movie stream. Then it would level back off. (Done rambling, I'm no expert, btw.) Good luck..

 

[st3v3n]

After long thought about this, If nothing was different in OPs router in either FW build, except for NTP not connecting and showing the wrong time/date, that was an issue that chased me around our RT-AC3200 and back for a good month after upgrading to v380.68_4. Was on the verge of requesting an RMA with Asus but glad that didn't happen. Had been testing multiple versions of firmware prior to upgrading to 380.68_4, and every possible setting had been tried, reset and tried again, numerous times. We were convinced it was all due an undocumented bug/hack in the 3200 based on the research. Then, just prior to the annual DST change, after changing to the regional NTP server, it just connected, and worked; the date/time setting held, like nothing had ever occurred. No trouble since and everything always connects as it should. Roku, Netflix have never had any further issues, the same as with all prior Merlin releases. Don't know about the Asus factory builds, we haven't used any in years on any of our models

Since that time, we've had no similar issues and no errors in the tunnels, with any device on Merlin FW 38r4.5, on any tunnel. As long as your Roku or Netflix account is in order and paid up if you don't pay the services outside of the Roku or other whatever device you use, as long as you have a correctly configured streaming IP from your VPN provider, you should never have a problem.

Roku surges the stream whenever it turns on and it's always checking for updates and sending info home. We only use it for Netflix and AMZ and control it from the Logitech remote, so seldom have to use it's menu. None of the other devices we've had/used behave anything like Roku, not Apple, not Fire, WD, Samsung, nor the native apps in the TV, etc. After checking all of them there's usually a bump whenever it starts a new stream for a flick on any of the devices. The Roku Ultra has the best 4K of any device that we've had so far. If we have a power hits or if the ISP has an outages, we power everything down and/or unplug it until it's resolved, then restart in order. When thunderstorms are in the area, even though all of the gear is on UPS battery backup, we turn it all off unplug it all.

What Robaye said about changing the modem; unless things have changed since I retired, if anyone installs or swaps out a modem from what they're provisioned for, without contacting the ISP, it it works at all, the ISP has serious security problems. More likely than not it won't work, and the ISP will call you to ask what you're up to. Some will send the nearest tech out to knock on your door.

We bought our own modem rather than rent after the new company, took over and saved tons of dough the first 6 months. Some of the techs were clueless and never updated their files so we told them to call the higher ups rather than argue. If they keep referring to old files, no one benefits from nonsense. We never contact the ISP unless we have an outage. They should be on top of it and know about outages before the customer has to contact and ask how long the service will be down. Most of the time the data center has screwed up or a tech gets careless. Our ISP tends to rotate new techs through some areas and they like to pretend they know more than the customers, in some instances who know as much or more than they. It helps to know one of the senior techs to avoid having to work your way up through tiers of script readers, fairly common but still infuriating if you've already verified everything they're going to quiz you about. Also nice to have 99% up-time (if you can get it) and nver have to mess with cable TV. Cheers all

 

[elorimer]

- blocking google DNS as it was set up in Netflix app as alternates - didn't work
- assigning static IPs to my roku's in the network - didn't work

I'm sure you've done this, but the Rokus are pulling their IP address automatically, yes? You don't have any manual setup on the Rokus themselves? I ask because "static IP" can mean either an address entered on the Roku, or an IP address reserved on the router and served up to the Roku.

 

[Tekneek]

I'm sure you've done this, but the Rokus are pulling their IP address automatically, yes? You don't have any manual setup on the Rokus themselves? I ask because "static IP" can mean either an address entered on the Roku, or an IP address reserved on the router and served up to the Roku.

There is no way to set a static IP address on the Roku itself. It has to be done via the DHCP server.