OPNsense Forum

English Forums => General Discussion => Topic started by: vyruz on January 31, 2018, 11:21:38 pm

Title: IGMP Proxy howto
Post by: vyruz on January 31, 2018, 11:21:38 pm

Could someone clarify how to set up an IGMP proxy correctly? The information that I can find is very scarce and I have yet to come across a good tutorial that describes exactly how this works.

I have 2 interfaces in my OPNSense router (17.7.12):
- bce0 -> LAN with network 192.168.2.0/24
- bce0_vlan102 -> VLAN102 with network 192.168.10.0/24

The VLAN102 interface is meant for IOT stuff to roam free and get hacked :)
The LAN interface is my private LAN with some clients and servers.

Last week I got a Xiaomi mi home Aqara gateway, which sends it's data (besides to China) over multicast UDP packets on 224.0.0.50. This gateway is in VLAN102 with IP 192.168.10.111

But my home assistant service is running on my NAS which is in the LAN on 192.168.2.131

So if I put my laptop on a port on my switch which tags it as VLAN102, my laptop gets a 192.168.10.x/24 address, and I can see the multicast packets from the Aqara gateway in wireshark just fine.

To bring these packets onto the LAN network, I figured out I should be looking at IGMP PRoxy service, so I installed this package (os-igmp-proxy 1.3) on OPNSense, but I have really no idea how to configure it.

In the meantime I have tried most possible combinations of the following:
- Setting the LAN interface both as up- and downstream
- Setting the VLAN102 interface both as up- and downstream (inverse to the above, off course)
- Tried the following entries as 'Networks' in the proxy config: 224.0.0.50/32, 192.168.2.0/24 & 192.168.10.0/24

But in no situation I can get the packets coming from the Aqara gateway to appear on my LAN network.
I checked the firewall logfiles (I made temporary allow any rules between LAN <-> VLAN102) and nothing is being blocked

Is this just not working, or am I doing something wrong?
Any advise would be highly appreciated!

Title: Re: IGMP Proxy howto
Post by: openphil on November 13, 2019, 12:42:33 pm

Well, 120 days later, I have come across the same problem :) I have openhab on my LAN 10.0.0.0/8 and my Xiaomi Yeetilight on a VLAN (172.16.0.0/12).
Have you (or maybe someone else?) figured this out? I too have no idea how to setup the igmp proxy, but "assume" that this is the right tool to solve the problem.
I am sending von LAN 

2:35:50.688256 IP OpenHab2DEV.localdomain.1982 > 239.255.255.250.1982: UDP, length 83
12:35:50.688392 IP OpenHab2DEV.localdomain.1982 > 239.255.255.250.1982: UDP, length 83
12:35:50.688488 IP OpenHab2DEV.localdomain.1982 > 239.255.255.250.1982: UDP, length 83
12:35:50.688530 IP OpenHab2DEV.localdomain.1982 > 239.255.255.250.1982: UDP, length 83

but nothing is receiving on the VLAN side. Opnsense is set to allow all from LAN.