Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Joe

#1
Maybe you want to try cron for the update.
#2
24.1, 24.4 Legacy Series / Re: 24.1.1 and dynamic dns
February 21, 2024, 01:28:22 PM
Quote from: wirefall on February 13, 2024, 05:48:46 PM
quite interesting indeed...

Everything you do seems to be exactly correct, so the fault must be somewhere else...

According to this thread, I am not the only one having this issue. And freedns is not the only service affected.

The old (working) os-dyndns has been deprecated two years ago and was finally removed. But nobody cared to get the new replacement os-ddclient to work properly.

Finally, (having two provider) I ended up with:


cat <<__EOF__  | sudo tee /etc/cron.d/dyndns >/dev/null
*/5 * * * * joe curl                 https://freedns.afraid.org/dynamic/update.php?<token0> # main dns, whatever can get out
*/5 * * * * joe curl --interface re1 https://freedns.afraid.org/dynamic/update.php?<token1> # dns1, WAN,  vodafone
*/5 * * * * joe curl --interface re0 https://freedns.afraid.org/dynamic/update.php?<token2> # dns2, OPT1, telekom
__EOF__


This has the disadvantage, that it won't catch up if interface goes down/up, but needs up to 5 minutes to catch up.
Another disadvantage is that it puts unnecessary load onto the dns provider, since it will do the update even if the address has not changed.

But at least, it WORKS.
#3
General Discussion / Re: UDP Broadcast Relay
February 21, 2024, 12:24:21 PM
Quote from: train_wreck on November 18, 2023, 10:59:54 AM
Then, to get the TV working I have to run:

udpbroadcastrelay --id 1 --port 1900 --dev lan.20 --dev lan.30 --multicast 239.255.255.250 --msearch dial -d -s 1.1.1.2
Just curious: have you set up firewall rules such that source:port (which should be unicast, IMHO) of those packets can be reached accross the networks?

Quote
To get the Roku to work I have to run:

udpbroadcastrelay --id 1 --port 1900 --dev lan.20 --dev lan.30 --multicast 239.255.255.250 -d

I tried running both commands with a different ID number but this caused a multicast flood.

When running both commands with different IDs, both instances receive all the the traffic to 230.355.255.250:1900. This includes traffic from the other instance, respectively. Thus, packets sent by one instance are received by the other instance and will be re-sent on all configured interfaces by the other instance (if not filtered by --msearch). This results in the two instances playing ping-pong with packets containing the --msearch string, effectively flooding the networks.

The clean way to get this working would be to have only one instance and let the result of --msearch decide whether source address/port is to be preserved or replaced instead of completely discard the packet.

I just digged through this thread, and found more contradicting suggestions:


mDNS (Chromecast/Apple Bonjour)
224.0.0.251:5353                 -s1.1.1.1
224.0.0.251:5353 224.0.0.51:5353 -s1.1.1.1
224.0.0.251:5353
224.0.0.1:5353

SSDP (UPnp/DLNA Media)
239.255.255.250:1900
239.255.255.250:1900 -s1.1.1.1


So it seems you are not the only one having this problem. You're just the first one who did a systematic analysis of the problem.

PS:
To be honest, I have a hard time to understand what this 1.1.1.1/1.1.1.2 is good for and how it is supposed to get things working.

Without this mangling, the receiver will respond to the original unicast address:port. As long as receiver can do unicast with the original address:port (check firewall rules), communication should work, IMHO. All is good.

OTOH: having this -s mangling in place, UDPBR would put its own interface-address (which would be UNICAST) (and port with 1.1.1.1) into the packet. Unless it also listens to this address:port and remembers to forward traffic to the address:port which were sitting in the original packet, I don't see how this is supposed to work. Have just done a quick glance on the source and I don't think UDPBR is currently doing this forwarding.

So, if I understand things correctly, this -s option is only good for breaking things. Please correct me if I am wrong.

Please double-check that both sides can properly do unicast-communication for the ports/protocols they need to the other side.
#4
General Discussion / Re: UDP Broadcast Relay
February 19, 2024, 09:09:02 PM
Please help me get a better understanding about the topic by confirming and/or correcting some questions:

- UDPBR obsoletes Avahi, IGMP-proxy, mDNS and SSDP (if setup correctly)

- UDPBR obsoletes pimd in the simple case when there is only one router

- For proper operation, multicast depends on IGMP reports to join/leave MC-groups. Is UDPBR involved in this IGMP thing, or is this handled by the kernel?

- UDPBR does NOT depend on the setting of ip_mroute in the kernel, because it actively copies the packets in user-land?

(Edit: typo)
#5
General Discussion / Re: UDP Broadcast Relay
February 19, 2024, 05:10:56 PM
Quote from: marjohn56 on February 19, 2024, 04:24:00 PM
Perhaps because it's RTP and not UDP?
Not sure I understand what you try to tell me :)

You are about the video data? IIUC, tcpdump says this is UDP:

IP (tos 0x0, ttl 10, [DF], UDP)  192.168.12.101.47386 > 239.255.1.2.5004: UDP

And this is consistent with Wikipedia, where it is stated that RTP runs over UDP.

But maybe I simply misunderstood your reply?
#6
General Discussion / Re: UDP Broadcast Relay
February 18, 2024, 08:05:51 PM
Hi,

me also need some help to get multicast working across VLANs.

As a test, I'd want to serve an video, like this:

cvlc  BigBuckBunny_320x180.mp4  --sout "#rtp{dst=239.255.1.2,port=5004,ttl=10,mux=ts,sap,name=Bunny}" --no-sout-all --sout-keep --loop


Being on the same VLAN, I can see this video with:

vlc rtp://239.255.1.2:5004


When server and client are on the same VLAN, tcpdump shows me:

  • SSDP and mDNS, advertising all kinds of services
  • IGMP queries and reports, which show that the clent has actually joined the 239.255.1.2 group
  • the video data on 239.255.1.2:5004

So I set up udpbroadcastrealy like this:


udpbroadcastrelay --id  2 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 5353 --multicast 224.0.0.251 -s 1.1.1.1 -f
udpbroadcastrelay --id  1 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 1900 --multicast 239.255.255.250 -s 1.1.1.2 -f
udpbroadcastrelay --id 20 --dev re2 --dev re2_vlan10 --dev re2_vlan12 --port 5004 -f


All the interfaces have firewall rules to pass everything. Even set "Allow IP options", which is advised to be set so that IGMP messages can be passed.

AFAICS, SSDP, mDNS and the video stream should be forwarded across the VLANs. But unfortunately, I don't see anything.

Any idea what I might be doing wrong here?

Can I advise udpbroadcastrelay to tell what it is receiving?

Thanks!
#7
24.1, 24.4 Legacy Series / Re: 24.1.1 and dynamic dns
February 13, 2024, 03:27:40 PM
Quote from: wirefall on February 13, 2024, 12:53:07 PM
had it worked ever before?
It was working a long time ago with an old install of opnsense

It is still working with fully upgraded pfsense

It also works when I invoke the url with wget/curl

It does NOT work with this fresh opnsense 24.1.1 install.

Quote
Other question, your log reads "Could not authenticate", maybe wrong password, username, typo, ...?
I copy+paste user and password from keepassx. So I don't see how a typo could hit me.

Quote
Also try to put in your username instead of your email address (freedns account).
Tried both

Quote
Could you log in at freedns?
Had to log into freedns to change from v1 to v2 and back again.

So yes, the credentials are correct.
#8
24.1, 24.4 Legacy Series / Re: 24.1.1 and dynamic dns
February 12, 2024, 10:22:58 PM
Thanks for your suggestion, @wirefall!

Unfortunately, this also don't work:


2024-02-12T22:10:47 Notice ddclient FAILED: updating my.do.main: failed to get record list from https://freedns.afraid.org/api/?action=getdyndns&v=2&sha=<credentials>: ERROR: Could not authenticate.
2024-02-12T22:05:44 Notice ddclient FAILED: updating my.do.main: failed to get record list from https://freedns.afraid.org/api/?action=getdyndns&v=2&sha=<credentials>: ERROR: Could not authenticate.
2024-02-12T22:00:37 Notice ddclient WARNING: Wait at least 5 minutes between update attempts.
2024-02-12T22:00:37 Notice ddclient WARNING: last updated <never> but last attempt on Mon Feb 12 21:57:47 2024 failed.
2024-02-12T22:00:37 Notice ddclient WARNING: skipping update of my.do.main from <nothing> to xx.xxx.xx.xxx.


Tried both, version 1 and version 2
#9
24.1, 24.4 Legacy Series / 24.1.1 and dynamic dns
February 12, 2024, 04:31:53 PM
Hi all.

did a fresh 24.1 install these days and updated to 24.1.1.

Unfortunately, I could not get freedns working with new os-ddclient implementation.

Tried virtually all permutations of:

Backend: native/ddclient
Service: custom
Username: freedns-account/token/domainname
Password: freedns-pwd/token
Hostname: domainname/token/update-url
Check-IP-Method:

Keep getting errors like this:

2024-02-12T02:37:10  Error  ddclient  Account xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx [custom - ] failed to set new ip XX.XX.XX.XX [401 - Unable to authenticate with that user/pass combo]   
2024-02-12T02:35:06  Error  ddclient  Account xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx [custom - ] failed to set new ip XX.XX.XX.XX [401 - Unable to authenticate with that user/pass combo]   
2024-02-12T02:20:39  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:20:29  Notice ddclient  WARNING: Wait at least 5 minutes between update attempts.       
2024-02-12T02:20:29  Notice ddclient  WARNING: last updated <never> but last attempt on Mon Feb 12 02:15:48 2024 failed.     
2024-02-12T02:20:29  Notice ddclient  WARNING: skipping update of sub.do.main from <nothing> to XX.XX.XX.XX.       
2024-02-12T02:15:52  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:10:48  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:05:45  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T02:00:42  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:55:39  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:50:36  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:45:33  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:40:30  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:35:26  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:30:23  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:25:20  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:20:17  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:15:11  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:10:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:10:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:05:03  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T01:00:00  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:54:55  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:49:52  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:44:49  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:39:47  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:34:45  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:29:41  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:24:38  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:19:32  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:14:30  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:09:27  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-12T00:04:25  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:59:21  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:54:18  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:49:16  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:44:14  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:39:12  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 
2024-02-11T23:34:07  Notice ddclient  FAILED: updating sub.do.main: unexpected status (ERROR: Unable to locate this record (changed password recently? deleted and re-created this dns entry?) (double check username/password are correct)) 


Any hints?
#10
General Discussion / Re: Configuring via ssh?
December 25, 2015, 11:43:29 PM
This looks promising.

But it works only with the webgui accessible?

I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.

So the idea was to log in via ssh to do the config
#11
Thanks, that was it!
#12
General Discussion / Re: How to enable ssh account?
December 25, 2015, 08:55:31 PM
Sorry, I don't understand...

How can I activate the privileges?

The account is enabled, and it is member of "admins" group.
#13
General Discussion / [SOLVED] How to enable ssh account?
December 25, 2015, 12:53:57 PM
Hi,

I created a user for ssh acces and have populated its authorized_keys file.

When I try to log in, I get this message:

Quote
This account is currently not available.

So, how would I activate this account?
#14
General Discussion / Re: DSA keys not accepted in ssh?
December 25, 2015, 12:49:16 PM
Thanks for the info.

It appears that DSA keys are inherently insecure, so it's better not to activate them.
#15
General Discussion / Re: Configuring via ssh?
December 22, 2015, 01:09:02 PM
I think API would be even better than CLI.

Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!