OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: SaftLasso on March 19, 2017, 02:23:47 pm
-
Hello,
I am sorry if this is a basic question but I am not very experienced with networking.
After changing from pfSense to OPNsense in hope that the bug with IGMPProxy not working on VLANs have been fixed, I have had very limited success in getting my IPTV working :(
I have made a IPTV VLAN with ID 20 that is connected through 2 smart switches to my IPTV box. I am successfully getting an IP that indicates correct VLAN.
OPNsense -> Smart switch -> Smart switch -> IPTV
The IGMPproxy is configured as following:
WAN upstream 83.255.222.0/24, 83.255.216.0/24, 224.0.0.0/4
IPTV downstream 192.168.20.0/24
While running tcpdump -n -i bce0 -e | grep "vlan 20" I can see the igmp reports, and they do show up if I run igmpproxy -d -vvv /usr/local/etc/igmpproxy.conf.
So far so good, right? Well, the IPTV does not work and if I check the states dump it says:
all igmp 224.0.0.251 <- 192.168.20.100 NO_TRAFFIC:SINGLE
all igmp 224.0.0.2 <- 192.168.20.100 NO_TRAFFIC:SINGLE
I have made a rule on the VLAN interface that says:
IPv4 * * * * * * Allow any with the "allow options" on.
On the WAN side I've made rules that says :
IPv4 UDP * * 224.0.0.0/4 * * TiVO: Pass UDP traffic prior to IGMP #1
IPv4 IGMP * * 224.0.0.0/4 * * TiVO: Pass IGMP traffic
Both have "allow options" on.
Any suggestions on what to do next?
-
Are we talking German Telekom Entertain TV here? I am going through the same mess at the moment. I managed to get it working with a custom linux router. I am now reverting to OpnSense to see if I can get it to work with it aswell.
-
Are we talking German Telekom Entertain TV here? I am going through the same mess at the moment. I managed to get it working with a custom linux router. I am now reverting to OpnSense to see if I can get it to work with it aswell.
Actually it's Swedish ComHem TV here, but when I got it to work on pfSense I followed a guide for Telekom Entertain, so the process should be the same except for the ips.
-
Alright, let's cover the bases of what I learned from Deutsche Telekom and my Linux Box:
You basically need four things for IPTV:
1) Basic connectivity - check
2) Firewall settings - need to review later
3) IGMP Routing (Upstream to your provider, and downstream to your IPTV Client)
4) UDP Streaming (From upstream to your client)
It seems that you have IGMP Routing active. igmpproxy is a bit picky...For the sake of ruling out one thing I found out: declare your downstream interface first in the config file. My sample is as follows.
# /etc/igmpproxy.conf (your path my vary on freebsd)
# Order seems to matter, don't ask why...
quickleave
phyint enp3s0 downstream ratelimit 0 threshold 1
phyint enp1s0.8 upstream ratelimit 0 threshold 1
altnet 224.0.0.0/4
altnet 87.141.215.0/24 # depends on your ISP !!!
#disable all other interfaces
phyint enp20 disabled
phyint lo dosabled
Now, switch on your IPTV client and monitor your interfaces (on WAN and LAN side) if there is IGMP traffic. We need to subsribe to the multicast group first, in order to receive the streaming packages.
Easiest thing:
tcpdump -n -i <WAN_IF> -vv igmp
and
tcpdump -n -i <LAN_IF> -vv igmp
You should see membership queries and reports.
Next, if that works, you will need to receive the UDP Streaming. That's where I had the issues. Deutsche Telekom assigns two VLANs on the WAN interface (via PPPoe): VLAN7 for general traffic and VLAN8 for IPTV. My modem did not let me open VLAN8 connectivity. I had to switch modems, then declare two VLAN Interfaces on my WAN NIC, and open the PPPoE connection on WAN.7 and assign DHCP to WAN.8.
The UDP Stream than came in via WAN.8 (which is enp1s0.8 above).
To check if you see UDP traffic (once IGMP works!!) go for this one:
tcpdump -n -i <WAN_IF> -vv udp and port 10000
Your port may vary, Deutsche Telekom streams on 10000. You might want to check the net for your provider.
If you don't see anything on the interface, it will not work. In my case I have only seen Unicast Packages on there, after a couple of seconds the stream stopped (as it switches to multicast) and I didn't receive those until I unleashed the VLAN8 dragon ;-)