OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: k0ns0l3 on May 19, 2019, 06:13:00 pm
-
Multicast support gets more important as people are switching to IPTV.
For FreeBSD and OPNsense there seems to be support available for IGMPv2 and only limited support for IGMPv3 (igmpproxy).
what do the plans for the future look like?
Any Update?
Kind regards
k0ns0l3
-
Would it be possible to solve this problem with a capable igmp v3 switch?
Greetings k0ns0l3
-
As I read in the community, I'm not the only one with this problem.
I'm pretty disappointed right now, hope for a speedy fix of the problem.
Greetings k0ns0l3 ;)
-
Hi there,
I'm also disappointed... merely because there's no contributor here who has both the knowledge and the time to do it. If that is our standard of disappointment and disdain we are truly doomed as the world keeps on turning to mock us ever so subtly.
Cheers,
Franco
-
i think i have a theme that is getting more and more opnsens
Users who are in the Telekom IPTV customer can deal, so here's my mail.
Deutsche Telekom is forcing IPTV customers to change their tariffs, including the speed of vectoring, to the new IPTV platform. This new platform is not compatible with the current igmpproxy because according to my understanding, ICMP V3 is mandatory and the technical connection is different.
Are there any plans to adapt the Igmpproxy to Telekom's new IPTV platform in the near future?
I have also seen in the forum, the individual compiled the mcproxy for the opnsens and have included. Is it planned to include the mcproxy in the package management?
Greetings k0ns0l3
-
There are no plans because nobody stepped up to do it. I don't have the setup, which made supporting igmpproxy all the more harder over the years. And, personally, I do not wish to repeat that experience with mcproxy.
All help is welcome, starting with mcproxy build testing on FreeBSD... making a port... adding a binary package to OPNsense... building a new plugin and eventually superseding igmpproxy.
Cheers,
Franco
-
Igmpproxy Software is not developed by OPNsense, so there is no chance to make this happen. It would be better to check what exactly is needed or missing. And a test bed to debug would also be fine since not every developer has a Telekom connection :)
-
Thank you all for your answers 8)
Greetings k0ns0l3
-
I am happy with Opnsense as it is
I am having IPTV from Telekom. The IGMP Proxy in Opnsense works well for me.
Even with SSM
-
I am happy with Opnsense as it is
I am having IPTV from Telekom. The IGMP Proxy in Opnsense works well for me.
Even with SSM
Sorry if this Q is stupid, but is there a guide/howto available?
If not, can you contribute some text with screenshots?
-
Hi,
can make screenshots on Wednesday, but basically there was not much to do to make it work
First of all, I am using a DSL Modem in front of my Opnsense Box.
My Opnsense box is doing the PPPoE dial-in to Telekom. In your Firewall rules, which allows the traffic, you need to click on "Advanced Options" and check "Allow IP Options". Besides that in the IGMP Proxy you put the correct subnets on the downstream and upstream interface and that's it. Not more not less.
-
I am happy with Opnsense as it is
I am having IPTV from Telekom. The IGMP Proxy in Opnsense works well for me.
Even with SSM
The old IPTV from Telekom is named "Entertain TV" - this works with IGMP v2 - the new one called "Magenta TV" only works with IGMP v3
Hi,
can make screenshots on Wednesday, but basically there was not much to do to make it work
First of all, I am using a DSL Modem in front of my Opnsense Box.
My Opnsense box is doing the PPPoE dial-in to Telekom. In your Firewall rules, which allows the traffic, you need to click on "Advanced Options" and check "Allow IP Options". Besides that in the IGMP Proxy you put the correct subnets on the downstream and upstream interface and that's it. Not more not less.
that online works for IGMP v2 not for v3. At the moment the IGMP Proxy is not able to work with v3. There is also a post in the German Subforum at: https://forum.opnsense.org/index.php?topic=12346.0
with Version 0.2 (https://github.com/pali/igmpproxy/releases/tag/0.2 // Added experimental support for igmpv3 clients.) it seems possible to Route igmpv3 packets. Perhaps there is only a switch to set to get igmpv3 working? With Version 18.1.5 there was igmpproxy 0.2.1 ported into OPNSense.
-
Yep, I know. I do have Magenta TV. Am using both. The Telekom MIR401 as well as TVHeadend with Kodi.
All works well. Am using it for more then a year now.
-
Yep, I know. I do have Magenta TV. Am using both. The Telekom MIR401 as well as TVHeadend with Kodi.
All works well. Am using it for more then a year now.
Chiming in here now. Let’s dig deeper here because I am one of those who is desperately trying to get this working.
I also have a modem (vigor) in front of OPNsense. PPPoE is done by OPNsense.
I tried both, setting the VLAN7 on Modem side as well as on the OPNsense side, it makes no difference.
For testing purposes, I have configured a dedicated interface for the Telekom Receiver.
Firewall allows all traffic to and from that interface for now, incl IP options.
Igmpproxy is configured for explicitly that interface.
I am happy to do whatever debug is necessary. I am open to test whatever someone develops.
I just can’t offer to write to code myself.
Does someone know if the pfsense guys got that working? If yes, we might check out how they do it.
Gesendet von iPhone mit Tapatalk
-
Oh forgot to say:
I have connected the MR directly to that dedicated interface to avoid the IGMP switch discussion.
Gesendet von iPhone mit Tapatalk
-
Hi,
If you like we can have a phonecall this week and compare our settings.
I am also using a Vigor 130 in front of my Opnsense box.
Regards,
Cristian
-
Hi Christian,
that would be extremely sweet and helpful.
I will send you a PM with a phone number.
cheers, Till
-
TV Entertain "relies on IGMPv2 in the downstream", MagentaTV however IGMPv3 with SSM (source specific multicast).
The IGMPproxy can not IGMPv3, so it is not suitable for MagentaTV. There is apparently no alternative currently available.
Greetings k0ns0l3
-
Yep, I know. I do have Magenta TV. Am using both. The Telekom MIR401 as well as TVHeadend with Kodi.
All works well. Am using it for more then a year now.
Chiming in here now. Let’s dig deeper here because I am one of those who is desperately trying to get this working.
I also have a modem (vigor) in front of OPNsense. PPPoE is done by OPNsense.
I tried both, setting the VLAN7 on Modem side as well as on the OPNsense side, it makes no difference.
For testing purposes, I have configured a dedicated interface for the Telekom Receiver.
Firewall allows all traffic to and from that interface for now, incl IP options.
Igmpproxy is configured for explicitly that interface.
I am happy to do whatever debug is necessary. I am open to test whatever someone develops.
I just can’t offer to write to code myself.
Does someone know if the pfsense guys got that working? If yes, we might check out how they do it.
Gesendet von iPhone mit Tapatalk
If you already have BNG, that does not help.
If you do not have a BNG connection yet (ie without "automatic internet access"), then the EntertainStreams go via VLAN 8 and the rest via VLAN 7. If it is already a BNG connection, then everything goes via VLAN 7.
Greetings k0ns0l3
-
TV Entertain requires IGMPv2 for the downstream interface (LAN).
- works with the report modified version of igmpproxy.
MagentaTV requires IGMPv3 with SSM (Source Specific Multicast) for the downstream interface (LAN).
mastered igmpproxy
- Upstream (WAN) IGMPv {2,3}.
- Downstream (LAN) only IGMPv2.
It is uncertain if igmpproxy can / will support IGMPv3 in the downstream.
There is currently no suitable alternative to igmpproxy.
It is not known which component AVM or Telekom in the role of igmpproxy use.
Except Speedport and Fritzbox routers no other router works with MagentaTV.
BNG (Broadband Network Gateway)
- triggers the dial-in to the provider via PPPoE.
- Telekom provides multicast and regular traffic via VLAN7.
- can be deactivated by the customer at Telekom to use PPPoE (VLAN {7.8}) instead.
Known IGMP proxy implementations:
- improxy
- mcproxy
- igmpproxy
- GProxy
Attempt of an IGMPv3 implementation:
- igmpproxy
-
To my knowledge Telekom auto converts all customers to MagentaTV. At least they did with me.
The Telekom customer portal indicates via "Autokonfiguration" if the connection is BNG or traditional.
My connection only has a VLAN7 network.
I can access the first 30 sec of the stream anyway an then it breaks. I think that is the usual behavior if SSM doesn't work, at least others reported a similar behavior.
So the big question for @gliddie is: Are you on MagentaTV or still on Entertain?
-
Hi, yes I am a Magenta TV user. The Media Receiver 401 only works with Magenta TV. Pali has made a modified version from the IGMP Proxy, which can do IGMP V3 with SSM. I ones got that from Franco. Not sure if that version comes with Opnsense. Maybe that's the reason why it works for me. Will check my version later, when I get home. My wife would kill me, if she couldn't watch Germanys Next Top Model. :-)
-
Actually that receiver was also delivered with EntertainTV. But Telekom upgraded mine last year.
-Till
Gesendet von iPhone mit Tapatalk
-
Hi, yes I am a Magenta TV user. The Media Receiver 401 only works with Magenta TV. Pali has made a modified version from the IGMP Proxy, which can do IGMP V3 with SSM. I ones got that from Franco. Not sure if that version comes with Opnsense. Maybe that's the reason why it works for me. Will check my version later, when I get home. My wife would kill me, if she couldn't watch Germanys Next Top Model. :-)
then you could share this version with us, my wife also looks Germanys Next Top Model ;)
Greetings k0ns0l3
-
I can perfectly watch rtp://87.141.215.251@232.0.20.35:10000 through VLC. It's Das Erste HD. Also through TVHeadend that works.
My Versions:
os-igmp-proxy 1.4
igmpproxy 0.2.1_1,1
-
Don't know if that helps. My Firewall rules:
Telekom Interface:
Allow Protocol IGMP to 224.0.0.0
With IP Options checked.
Allow UDP to 224.0.0.0
LAN Interface:
To the LAN to any rule, I did add the IP Options under advanced.
Besides that I am tagging VLAN 7 on the modem (Vigor 130) and not in Opnsense. Will try and see if it also works the other way and get back later today (Tagging the VLAN in opnsense).
-
I can perfectly watch rtp://87.141.215.251@232.0.20.35:10000 through VLC. It's Das Erste HD. Also through TVHeadend that works.
My Versions:
os-igmp-proxy 1.4
igmpproxy 0.2.1_1,1
does not work for me, Magenta TV dropout :-\
INSTALLED:
- os-igmp-proxy: 1.4
- igmpproxy: 0.2.1_1,1
-
Ok,
Thursday or Friday, I will have a call with Skywalker007.
Let's see where we get.
Will share the result here. If you like we can also have a call after that.
Regards,
Cristian
-
Ok,
Thursday or Friday, I will have a call with Skywalker007.
Let's see where we get.
Will share the result here. If you like we can also have a call after that.
Regards,
Cristian
I love this community :)
-
So for now, in short: it works!
I still need to strip down my firewall rules for it, then I'll summarise my config.
-
So for now, in short: it works!
I haven't expectet that it would work :o
I'm afraid for some screenshots :)
-
Screenshots in a PDF:
https://cloud.sector42.eu/seafhttp/files/e84b4bcd-5962-4944-bb8a-615685b6cdd2/Magenta.pdf (https://cloud.sector42.eu/seafhttp/files/e84b4bcd-5962-4944-bb8a-615685b6cdd2/Magenta.pdf)
-
Hello Skywalker. Your link does not work ;-)
-
Sorry, will fix that when I get back to my desk
-
Hello Skywalker. Your link does not work ;-)
This one should:
https://cloud.sector42.eu/f/32dfda4989134974a637/ (https://cloud.sector42.eu/f/32dfda4989134974a637/)
-
does not work :(
224.0.0.1 igmp Block private networks from WAN
Firewall log:
192.168.178.1 > 224.0.0.1: igmp query v3
-
@k0ns0l3: Do you like to share your settings with us? I am sure we can make it work for you as well.
-
@gliddie: attitude of apu2 and opnsense or home network ,
Regards k0ns0l3 8)
-
I also tried skywalker007's setup and it doesn't work. While I do get an image it will stutter after a few seconds. I have the 401 receiver connected directly to opnsense. The same result happends if I connect the 401 with a igmpv3 ready zyxel switch. The switch works fine if I use my draytek as a normal router and use it's built in igmp.
My setup is draytek 165 -> opnsense pppoe login with vlan7 -> 401 receiver
-
OK after some searching I finally found the logs and I get the following messages:
igmpproxy[53407]: select() failure; Errno(4): Interrupted system call
and
igmpproxy[14849]: There must be at least 1 Vif as upstream.
Never mind. Just saw the timestamps and those errors were when I tried out to put the vlan tag on the modem itself. When I restart the igmp proxy it doesn't produce any errors in the log.
-
OK after some searching I finally found the logs and I get the following messages:
igmpproxy[53407]: select() failure; Errno(4): Interrupted system call
and
igmpproxy[14849]: There must be at least 1 Vif as upstream.
Never mind. Just saw the timestamps and those errors were when I tried out to put the vlan tag on the modem itself. When I restart the igmp proxy it doesn't produce any errors in the log.
Would you share your config and some setup details? Maybe we can find some hint why it doesn’t work as expected.
Gesendet von iPad mit Tapatalk
-
At first I tried your exact setup and was sure I did everything exactly right and currently it looks like this:
IGMP Proxy
(https://i.imgur.com/eZNdLWG.png)
WAN rules with IGMP rule with ip option enabled
(https://i.imgur.com/d1psUwC.png)
(https://i.imgur.com/TqyOJT3.png)
I noticed that I get the exact same stutter result even if I haven't the IGMP proxy enabled. Should I not even get a picture if it isn't enabled? I used this post as a baseline https://steffenschiffel.de/telekom-entertain-hinter-pfsense-firewall/
I also tried many other solutions that I have found online somewhere or here on the forum or other pfsense solutions.
-
My understanding is that the streams switch from unicast to multicast within the first 30 sec or so. That explains why initially it works.
Can you please check your firewall log for blocked packets while you start the stream?
-
I wish I could... The thing is that I can't even start the igmp proxy anymore. It now always states " There must be at least 1 Vif as upstream." in the logs.
OK I fixed that somehow now. So never mind.
-
I had struggles with the UI based setup initially as well and ended up with editing the conf file on the command line. Not sure if that’s the same problem. You can also run the daemon interactively with verbose output. I can shoot over the exact syntax when I am at my desk.
-
config here:
/usr/local/etc/igmpproxy.conf
could you post the content please?
make sure it's not running:
killall igmpproxy
run interactively with verbose output:
/usr/local/sbin/igmpproxy -n -vv /usr/local/etc/igmpproxy.conf
-
Alright took me a while to figure it out to get the file. Did it with filezilla. Here you go:
##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
phyint pppoe0 upstream ratelimit 0 threshold 1
altnet 239.35.0.0/8
altnet 224.0.0.0/4
altnet 193.158.0.0/15
altnet 232.0.0.0/8
altnet 87.128.0.0/15
altnet 87.141.0.0/15
altnet 239.32.0.0/16
phyint pppoe0 downstream ratelimit 0 threshold 1
altnet 192.168.2.1/24
phyint igb1 disabled
phyint igb0 disabled
-
looks like you have pppoe0 configured as downstream as well as upstream. That's weired.
You would need to configure a LAN interface as downstream.
-
Seems to work now. The weird thing is also that it once switched booth up and down to "IPTV". I didn't know that downstream had to be on a LAN though. I always assumed it had to be WAN too. Now that I re-read that blog I feel stupid. It also says choose LAN device. Well never mind. Thanks for helping it works now! So here we have it Entertain 2.0 works with opnsense! I did it like your settings.
-
OK I still got one small problem. If I restart the receiver it now says that the rtp server isn't answering.
Don't know what exactly went wrong. I resettet opnsense and redid everything from scratch. Works like a charm again.
-
I also tried skywalker007's setup and it doesn't work. While I do get an image it will stutter after a few seconds. I have the 401 receiver connected directly to opnsense. The same result happends if I connect the 401 with a igmpv3 ready zyxel switch. The switch works fine if I use my draytek as a normal router and use it's built in igmp.
My setup is draytek 165 -> opnsense pppoe login with vlan7 -> 401 receiver
the same thing to me :-[
-
Well don't know about you but I made a stupid mistake and used WAN in the down link of the IGMP proxy instead of LAN. After I fixed that his rules setup works perfectly.
-
Hello Skywalker. Your link does not work ;-)
This one should:
https://cloud.sector42.eu/f/32dfda4989134974a637/ (https://cloud.sector42.eu/f/32dfda4989134974a637/)
Hey this links is not working anymore.
Anyway I have a MR401 too since I moved and there's no other way to get TV. My conf is currently a Fritzbox with Exposed Host to my OPNSense on a pcengine APU and the MR401 is connecting via LAN to the APU. working firewall rules are prob on this picture.