Messages

1

17.1 Legacy Series / Re: Multicast Routing

« on: March 20, 2017, 08:43:32 pm »

Interesting. The same config ran on Linux, it seems as if the IGMPproxy figures out the downstream net itself. This matches with the output it provides when running in -dvv.

In the meantime I had to revert to Linux as I can't really spend days without a router ;-)
Yet I will give opnsense another shot probably at some point. So if someone finds the error, I'd appreciate that.

2

17.1 Legacy Series / Re: Multicast Routing

« on: March 20, 2017, 11:35:30 am »

Looks like this:

Code: [Select]

root@gateway:~ # cat /usr/local/etc/igmpproxy.conf
quickleave

phyint igb2 downstream ratelimit 0 threshold 1
phyint igb0_vlan8 upstream ratelimit 0 threshold 1
altnet 224.0.0.0/4
altnet 87.141.215.0/24

phyint igb0 disabled
phyint igb1 disabled

phyint enc0 disabled
phyint lo0 disabled
phyint pflog0 disabled
phyint pfsync0 disabled

phyint igb0_vlan7 disabled
phyint igb1_vlan10 disabled
phyint igb1_vlan20 disabled
phyint igb1_vlan30 disabled
phyint ppp0 disabled


3

17.1 Legacy Series / Re: Multicast Routing

« on: March 20, 2017, 09:35:32 am »

Thanks for your comment. I compiled a newer version of igmpproxy and the part you are describing at least seems to work, as I see IGMP membership queries and reports up- and downstream. The UDP multicast stream is also coming in on my WAN interface. Yet the router seems to just drop it / ignore it.

I did another test: tried to ping the multicast group directly on the router, which should result in a response from up and downstream devices. Yet nothing, 100% packet loss. When I specify my downstream interface, I even get the following:

Code: [Select]

root@gateway:~ # ping -I igb2 -c4 -T 16 224.0.0.1
ping: invalid multicast interface: `igb2'

Whereas ifconfig shows that MULTICAST is enabled on the interface:

Code: [Select]

root@gateway:~ # ifconfig igb2
igb2: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500

So this lets me thinking that there is a more general problem on my setup with multicast...

4

17.1 Legacy Series / Multicast Routing

« on: March 19, 2017, 06:00:12 pm »

Hi guys,

I am having issues routing multicast traffic. I have igmpproxy running, IGMP is working like a charme.
There is UDP multicast traffic coming inbound on my WAN2 interface: igb0_vlan8

Code: [Select]

tcpdump -i igb0_vlan8 -v -n udp and port 10000

17:53:41.239319 IP (tos 0x80, ttl 24, id 0, offset 0, flags [none], proto UDP (17), length 1356)
    87.141.215.251.4000 > 232.0.20.234.10000: UDP, length 1328
17:53:41.239842 IP (tos 0x80, ttl 24, id 0, offset 0, flags [none], proto UDP (17), length 1356)
    87.141.215.251.4000 > 232.0.20.234.10000: UDP, length 1328
17:53:41.241084 IP (tos 0x80, ttl 24, id 0, offset 0, flags [none], proto UDP (17), length 1356)
    87.141.215.251.4000 > 232.0.20.234.10000: UDP, length 1328

This needs to go to my local client sitting on my "MAGENTA" network (interface igb2).
Yet the tcpdump shows nothing:

Code: [Select]

root@gateway:~ # tcpdump -i igb2 -v -n udp and port 10000
tcpdump: listening on igb2, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
4 packets received by filter
0 packets dropped by kernel

I have the following rules in place:

WAN2

Code: [Select]

Pass IPv4 IGMP * * IPTV_MULTICAST * * IPTV IGMP
Pass IPv4 UDP IPTV_ROUTERS  * IPTV_MULTICAST * * IPTV Stream

And wide open on MAGENTA:

Code: [Select]

Pass IPv4 * * * * * *

Where the aliases are

Code: [Select]

IPTV_MULTICAST Network(s) 224.0.0.0/4, 232.0.0.0/4
IPTV_ROUTERS Network(s) 87.141.215.0/24, 10.48.0.0/16

Help is appreciated...
Thanks, Tobi

5

17.1 Legacy Series / Re: IGMP Proxy Menu Entry

« on: March 19, 2017, 04:38:46 pm »

I see, thank you!

6

17.1 Legacy Series / [SOLVED] IGMP Proxy Menu Entry

« on: March 19, 2017, 04:01:00 pm »

Hi Guys,

I did a fresh install of OpnSense and upgraded to 17.1.3 and it seems that there is no igmpproxy menu entry, and further the package is not listed under Firmware > Packages.

I can however install it from the CLI (pkg install) but, that doesn't bring back the UI views... am I missing something obvious?

Thanks!

7

17.1 Legacy Series / Re: Getting IPTV to work with VLAN and IGMPProxy

« on: March 19, 2017, 03:28:53 pm »

Alright, let's cover the bases of what I learned from Deutsche Telekom and my Linux Box:

You basically need four things for IPTV:
1) Basic connectivity - check
2) Firewall settings - need to review later
3) IGMP Routing (Upstream to your provider, and downstream to your IPTV Client)
4) UDP Streaming (From upstream to your client)

It seems that you have IGMP Routing active. igmpproxy is a bit picky...For the sake of ruling out one thing I found out: declare your downstream interface first in the config file. My sample is as follows.

Code: [Select]

# /etc/igmpproxy.conf (your path my vary on freebsd)

# Order seems to matter, don't ask why...
quickleave

phyint enp3s0 downstream ratelimit 0 threshold 1
phyint enp1s0.8 upstream ratelimit 0 threshold 1
        altnet 224.0.0.0/4
        altnet 87.141.215.0/24  # depends on your ISP !!!

#disable all other interfaces
phyint enp20 disabled
phyint lo dosabled

Now, switch on your IPTV client and monitor your interfaces (on WAN and LAN side) if there is IGMP traffic. We need to subsribe to the multicast group first, in order to receive the streaming packages.

Easiest thing:

  tcpdump -n -i <WAN_IF> -vv igmp

and

  tcpdump -n -i <LAN_IF> -vv igmp

You should see membership queries and reports.

Next, if that works, you will need to receive the UDP Streaming. That's where I had the issues. Deutsche Telekom assigns two VLANs on the WAN interface (via PPPoe): VLAN7 for general traffic and VLAN8 for IPTV. My modem did not let me open VLAN8 connectivity. I had to switch modems, then declare two VLAN Interfaces on my WAN NIC, and open the PPPoE connection on WAN.7 and assign DHCP to WAN.8.

The UDP Stream than came in via WAN.8 (which is enp1s0.8 above).

To check if you see UDP traffic (once IGMP works!!) go for this one:

   tcpdump -n -i <WAN_IF> -vv udp and port 10000

Your port may vary, Deutsche Telekom streams on 10000. You might want to check the net for your provider.
If you don't see anything on the interface, it will not work. In my case I have only seen Unicast Packages on there, after a couple of seconds the stream stopped (as it switches to multicast) and I didn't receive those until I unleashed the VLAN8 dragon ;-)

8

17.1 Legacy Series / Re: Getting IPTV to work with VLAN and IGMPProxy

« on: March 19, 2017, 02:57:08 pm »

Are we talking German Telekom Entertain TV here? I am going through the same mess at the moment. I managed to get it working with a custom linux router. I am now reverting to OpnSense to see if I can get it to work with it aswell.

9

17.1 Legacy Series / Re: Update fails: No trusted public keys found pkg

« on: March 06, 2017, 04:14:10 pm »

Works like a charm, thanks Franko!

10

17.1 Legacy Series / Re: Update fails: No trusted public keys found pkg

« on: March 01, 2017, 01:59:30 pm »

Hi Franco,

thanks I will give this a shot tonight.

Tobi

11

17.1 Legacy Series / [SOLVED] Update fails: No trusted public keys found pkg

« on: March 01, 2017, 11:07:57 am »

Hi Guys,

this is my first time deploying OpnSense, so please be gentle. I did the basic setup and have LAN and WAN connectivity. Just wanted to check for updates, as I set up the box a couple of weeks ago in advance. Going through the UI System > Firmware > Updates and clicking "Check for updates" regardless of the mirror / flavour I choose, I get an error and the log says (newest statement on top):

Code: [Select]

configd.py: [347b0230-94c1-40ab-9516-6866e4fc0cf7] Script action failed with Command 'pkg rquery
 "%n|||%v|||%c|||%sh|||0"' returned non-zero exit status 74 at Traceback (most recent call last): File
 "/usr/local/opnsense/service/modules/processhandler.py", line 477, in execute stdout=output_stream,
 stderr=error_stream) File "/usr/local/lib/python2.7/subprocess.py", line 541, in check_call raise
 CalledProcessError(retcode, cmd) CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0"' returned
 non-zero exit status 74

configd.py: [347b0230-94c1-40ab-9516-6866e4fc0cf7] view remote packages

configd.py: [a397dc8c-708e-4c88-ab39-87b2392e6de8] view local packages

configd.py: [e1d08521-5db9-4578-aa81-1680cac1e2a8] Script action stderr returned "pkg: No trusted public keys
found pkg: No trusted public keys found pkg: No trusted public keys found pkg: No trusted public keys found pkg:
 Repository OPNsense cannot be opened. 'pkg update' required"

configd.py: [e1d08521-5db9-4578-aa81-1680cac1e2a8] retrieve firmware update status

The forum search did not yield any results for me, and google only points me to PfSense stuff...

Thanks for your help,
Tobi