Wednesday, 21 January 2015

Mikrotik Netflix selective Routing

16:45 Posted by Jurgens Krause , , , 7 comments

If you live in a country without Netflix, you are forced to use a VPN to get Netflix access. Unfortunately there is no easy way to route Netflix traffic exclusively. The scripts below will help to build an address list of IP's to route through the tunnel. It should work with any VPN provider


Please note that these scripts are very cpu intensive, I tend to run them for a day or so, and then I switch them off.

They work by analyzing the DNS cache in order to create the route list, and since some of the domains have very short expiry times, they need to run often. You have to use the mikrotik as your network DNS server.

Under System->Scripts create the following scripts, they will search through the Mikrotik DNS cache, looking for Netflix entries, and add them to the address list.:

Name: NetflixDNS
Content:
:local myServers { "nflx";"nflximg";"unodns";"uno"}
/ip dns cache all {
  :foreach i in=$myServers do={
    :foreach j in=[find where (name~$i)] do={
      :local myName [get $j name]
      :local myType [get $j type]
      :local myData [get $j data]
   
      :if ($myType = "A") do={
         :if ([/ip route find dst-address="$myData/32"] != "") do {:log info "Route $myData exists, skipping."} else {
         /ip route add dst-address=$myData gateway=NetflixTunnel comment="Netflix DNS-Name=$myName"
        }
       }
##CNAME
      :if ($myType = "CNAME") do={
                :local currentName $j
                :local nextName [find where (name=$myData && type="CNAME")]
                :local startName $myName
                :while ($nextName != "") do={
                    :set currentName $nextName
                    :set nextName [find where (name=[get $nextName data] && type="CNAME")]
                }

                :resolve [get $currentName data]
                :set startName [get $currentName name]
                :foreach k in=[find where (name=[get $currentName data] && type="A")] do={
                    :set myData [get $k data]
                    :set myName [get $k name]
:do {
  :if ([/ip route find dst-address="$myData/32"] != "") do {:log info "Route $myData exists, skippings."} else {
  /ip route add dst-address=$myData gateway=NetflixTunnel comment="Netflix-DNS-Name=$startName CNAME=$myName"
                                                                                  :log info "CNAME ADDED"
}
                }
                }
            }
      }

###END CNAME
 
}}
/ip dns cache flush
:log info "Completed"

Once you have created the script, you need to go and schedule it under System->Scheduler

Name: Netflix DNS Lookups
Start Date: Startup
Start Time: 00:00:00
Interval: 00:00:30 (you can make this lower if your Routerboard can handle it)
On Event:
/system script run NetflixDNS


That's it, you should now be able to enjoy Netflix, without having all your internet traffic running through the tunnel.

Let me know in the comments if you have any ideas on how to improve the script, or if you find any bugs.

7 comments:

  1. When I run these scripts, I get numerous www.google.com IPs listed in the NetflixViaDNS address list, as well as apresolve.spotify.com and others (including very few netflix addresses, such as DNSCACHE-nflx-cdn0.nflximg.net) as well as the Mikrotik router itself 192.foo.bar.254. I can see traffic to these servers heading out across the Witopia VPN connection (pptp in seattle), but nothing from Netflix heads out the VPN - I just get the Netflix Australia site, not the Netflix US site.

    Methinks something is rather broken in these scripts...

    Mikrotik CRS125-24G-1S-2HnD running 6.27.

    ReplyDelete
    Replies
    1. Hi Hilton,

      I have updated the blog, my new iteration only uses a single script, and instead of mangle rules, it creates static routes for the correct ip's

      Let me know if it works
      Jurgens

      Delete
  2. It works good.Thanks for scripts.
    Visit this site.
    top10-bestvpn.com

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Thanks a lot for your job.Cool solution for VPN.
    It works perfect.
    http://10webhostingservice.com/

    ReplyDelete
  5. yay, i am succeed, thanks for the script.

    ReplyDelete
  6. I couldn't get this to work for love nor money. But found this one that works. Hope it helps someone. http://forum.mikrotik.com/viewtopic.php?t=80677

    ReplyDelete