Show Posts - bringha

Profile Info
- Summary
- Show Stats
- Show Posts...

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - bringha

Pages: 1 2 [3]

31

15.7 Legacy Series / igmpproxy and IP TV Telekom Entertain

« on: January 05, 2016, 07:08:34 pm »

Hello,

I am trying since a while to make my IPTV (Entertain from Deutsche Telekom) working with the VLC player with some Apple clients. While several articles show how to achieve this by directly connecting over a VDSL Modem and XXsense (eg https://blog.tausys.de/2014/10/16/telekom-iptv-mit-pfsense/), I have to rely my Internet connection on a Fritzbox for several reasons. Many others have given up here, however I feel still some hope to be pretty close to a solution ...

I notice now that the igmpproxy of opnsense seem to show a behavior which prevents a stable igmp stream for more than 2 minutes. After that, the stream freezes; about 5-8 min later, another 2 min of TV can be seen on the client until the same happens again.

On the LAN side, I see the expected multicast behavior:

192.168.x.254  opnsense -> 224.0.0.1:           Opnsense sends general IGMP Membership Query 
192.168.x.22    client        -> 239.35.10.4:       Client sends membership report for group 239.35.10.4 (i.e. German 1st TV program)

As opnsense' igmpproxy is only supporting IGMP V2 on the LAN side, this look OK to me, and this sequence is repeated every 120 sec. This means, that the client is reporting every 2 min, that it still wants to belong to this igmp IPTV group. So far so good ....

The - according to my understanding - strange behavior happens on the WAN side of opnsense: As said, in my configuration, it is connected with a fritz box. I also read about the igmpproxy that on the WAN side, igmpproxy speaks IGMPv3 as also the fritzbox does. I also read that igmpproxy shall behave LIKE A CLIENT. What I see is:

192.168.y.1         fritzbox         -> 224.0.0.1: Fritzbox sends general igmp membership query
192.168.y.100     opnsense     -> 224.0.0.22: IGMPv3: opnsense sends a Membership Report/Leave group 239.35.10.4 (why????)
and immediately after
192.168.y.100     opnsense     -> 224.0.0.22: IGMPv3: opnsense sends a Membership Report/join group 239.35.10.4 (why????)

After that, it does only sporadically or even not at all answers on the general igmp queries from the fritzbox for the IPTV stream; naturally, after 2 min, the fritzbox disconnects the igmp Data stream (UDP) with the TV data and sends from its side a leave group.

At least to me this sounds like a reasonable explanation pattern for the seen behavior. Not understood is indeed, why the stream starts after 5-8 min again and why then suddenly the igmpproxy again sends a join request...What might trigger it?

I would have expected, that for EACH membership report for the IP TV channel on the LAN side, also a membership report is generated on the WAN side. Does anybody here has seen the described behavior? Is this something what could be corrected with a config modification?

My igmpproxy.conf look as follow


##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
phyint xn1 upstream ratelimit 0 threshold 1
altnet 193.158.0.0/15
altnet 224.0.0.0/4

phyint xn0 downstream ratelimit 0 threshold 1
altnet 192.168.x.0/32

phyint xn2 disabled
phyint xn3 disabled

Looking forward to your reply
Br br

32

15.7 Legacy Series / Another Gui Topic in dhcp service

« on: December 18, 2015, 08:25:31 pm »

Hello together,

during systematically walking through all GUI pages of services and trying it out, another faulty behavior appeared on the service 'dhcp server' configuration page:

When you have made an addition or modification on the static mapping dhcp area at the bottom, you can store ist but then pressing the 'Änderungen übernehmen' button leads to the picture as shown in the screenshot below.

The 'Änderungen übernehmen' banner then is always there and even survives a log out/login and can only be made disappearing via reboot (at least so far ...)

Br br

33

15.7 Legacy Series / [SOLVED] Warning message on dhcpv6 server page in service menu

« on: December 16, 2015, 10:12:42 pm »

Hallo,

since 15.7.20, I get the following warning message on the dhcpv6 which also did not disappear after upgrade to 15.7.22:

Warning: Illegal string offset 'wan' in /usr/local/www/services_dhcpv6.php on line 462 Warning: Illegal string offset 'wan' in /usr/local/www/services_dhcpv6.php on line 463 Warning: Illegal string offset 'lan' in /usr/local/www/services_dhcpv6.php on line 462 Warning: Illegal string offset 'lan' in /usr/local/www/services_dhcpv6.php on line 463 Warning: Illegal string offset 'opt1' in /usr/local/www/services_dhcpv6.php on line 462 Warning: Illegal string offset 'opt1' in /usr/local/www/services_dhcpv6.php on line 463 Warning: Illegal string offset 'opt2' in /usr/local/www/services_dhcpv6.php on line 462 Warning: Illegal string offset 'opt2' in /usr/local/www/services_dhcpv6.php on line 463

Is this anything critical or can be easily fixed?

Looking forward to your reply

BR br

34

15.7 Legacy Series / Issue with radvd

« on: December 06, 2015, 10:50:35 pm »

Hello together

Recently I noticed that my DMZ clients get advertised TWO IPV6 ADresses by Router Advertising.

May /var/etc/radvd.conf foresees

# Automatically Generated, do not edit
# Generated config for dhcp6 delegation from wan on lan
interface xn0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 0;
        AdvOtherConfigFlag on;
                prefix 2003:xx:yyyy:7bf0::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2001:470:20::2 { };
        DNSSL zuhause.xx { };
};
# Generated config for dhcp6 delegation from wan on opt1
interface xn2 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 0;
        AdvOtherConfigFlag on;
                prefix 2003:xx:yyyy:7bf2::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2001:470:20::2 { };
        DNSSL zuhause.xx { };
};
# Generated config for dhcp6 delegation from wan on opt2
interface xn3 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvLinkMTU 0;
        AdvOtherConfigFlag on;
                prefix 2003:xx:yyyy:7bf1::/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
        RDNSS 2001:470:20::2 { };
        DNSSL zuhause.xx { };
};

xn0 is my LAN interface, xn3 my DMZ. But what happens on interface xn3 being documented by radvdump is

[Dec 06 20:29:41] radvdump: recvmsg len=104
[Dec 06 20:29:41] radvdump: receiver if_index: 8
#
# radvd configuration generated by radvdump 1.15
# based on Router Advertisement from fe80::1:1
# received by interface xn3
#

interface xn3
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 30;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;

        prefix 2003:xx:yyyy:7bf1::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        }; # End of prefix definition


        RDNSS 2001:470:20::2
        {
                AdvRDNSSLifetime 10;
        }; # End of RDNSS definition


        DNSSL zuhause.xx
        {
                AdvDNSSLLifetime 10;
        }; # End of DNSSL definition

}; # End of interface definition

(...)

[Dec 06 20:29:46] radvdump: recvmsg len=104
[Dec 06 20:29:46] radvdump: receiver if_index: 8
#
# radvd configuration generated by radvdump 1.15
# based on Router Advertisement from fe80::1:1
# received by interface xn3
#

interface xn3
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 30;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;

        prefix 2003:xx:yyyy:7bf1::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        }; # End of prefix definition


        RDNSS 2001:470:20::2
        {
                AdvRDNSSLifetime 10;
        }; # End of RDNSS definition


        DNSSL zuhause.xx
        {
                AdvDNSSLLifetime 10;
        }; # End of DNSSL definition

This result that my DMZ has now TWO global IP v6 addresses: one of LAN and one of DMZ - which is not desired.

What could trigger/cause radvd to do 'more' than configured? There ist no DHCPv6 Server running, the prefix is obtained from my fritzbox with an dhcpv6 client as suggested.

Br br

35

15.7 Legacy Series / [NOT SOLVED] GUI Issue with DHCP Server

« on: December 04, 2015, 09:45:57 pm »

Hi there

I wanted to configure some fixed IP to MAC address mapping in the DHCP server screen. On the bottom of the page, I introduced a host, mac Address etc. All is properly taken over in the dhcpd.conf and host_entries.conf of unbound.

I then get the light blue bar (see enclosed) to save the changes (which is obviously successful) but the bar does not disappear again.

This bar now appears in any DNS, DHCP, .... page. Even log out or login again does not help

Seems to be a bug?!

Br br

36

German - Deutsch / Extended Options in Firewall rules

« on: November 28, 2015, 11:38:43 pm »

Hallo zusammen,

Ich bin gerade dabei, von einer Fritzbox IGMP Verkehr in das LAN bringen zu wollen. Dazu möchte ich den IGMP Proxy in Betrieb nehmen. Die einschlägigen Anleitungen sehen dazu vor, dass dazu die Firewallregel so geändert werden muss, dass Pakete mit erweiterten Optionen durchgelassen werden.

Wo kann ich das entsprechende Häkchen setzen?

Freue mich auf Reply

Br br

37

15.7 Legacy Series / GUI DNS Resolver configuration and unbound.conf

« on: November 21, 2015, 05:30:32 pm »

Hi there,

I tried to bring the unbound DNS resolver up via the Gui in 15.7.18. I have in my private LAN a mixed set of clients via DHCP and servers with static IP Adresses.

I checkboxed therefore 'Register DHCP leases' which creates also correctly the file /var/unbound/host_entries.conf with entries like

local-data: "hostname IN A 192.168.1.203"
local-data-ptr: "192.168.1.203 hostname.zuhause.local"

As suggested I the configured the static IP adresses with the text field which opens when activating the extended configuration button in the same way

local-data: "server IN A 192.168.1.20"
local-data-ptr: "192.168.1.20 server.zuhause.local"

When you then press the 'Speichern' button and activate the settings, the GUI corrupts the config file /var/unbound/unbound.conf. Two problems happen:

1.) Each <Space> character of the GUI is translated in <CRLF> in the config file so that we have

local-data: 
"server
IN
A 
192.168.1.20"
local-data-ptr:
"192.168.1.20
server.zuhause.local"

2.) The entries are put to the end of the file so that we have two segments with local-data entries:

(...)
# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8

# Unbound custom option
local-data: "server1.zuhause.local IN A 192.168.1.30"
local-data-ptr: "192.168.1.30 server1"
(...)
local-data: "ipmi-home.zuhause.local IN A 192.168.1.5"
local-data-ptr: "192.168.1.5 ipmi-home"


###
# Remote Control Config
###

As between the include of the dynamic addresses

# Static host entries
include: /var/unbound/host_entries.conf

there is the config element forward zone,

# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8

the second local-data segment leads to an illegal config file format.

As a consequence, the attempt to restart unbound out of the GUI fails and the resolver never comes up again until the config file is corrected manually.

I think that should be possible to be fixed pretty quickly ....

Br br

38

15.7 Legacy Series / XEN 4.4 and opnsense

« on: November 14, 2015, 05:37:51 pm »

Hi,

just tried the new xen extensions for my domU opnsense 15.7.18. When I installed them with

pkg install os-xen

I then get with every reboot that:

xenstore-read: couldn't read path /local/domain/66/unique-domain-id
xenstore: could not write path attr/eth0/ip
xenstore: could not write path attr/eth1/ip
xenstore: could not write path control/feature-balloon
xenstore: could not write path attr/PVAddons/MajorVersion
xenstore: could not write path attr/PVAddons/MinorVersion
xenstore: could not write path attr/PVAddons/MicroVersion
xenstore: could not write path attr/PVAddons/BuildVersion
xenstore: could not write path attr/PVAddons/Installed

Any idea? Thanks a lot

Br br

39

German - Deutsch / NIC Konfiguration im 15.7.18

« on: November 14, 2015, 05:22:11 pm »

Hallo zusammen,

ich versuche gerade unter XEN eine opnsense 15.7.18 domU mit 4 NIC zum laufen zu bringen. Ich habe zunächst OPT2 konfiguriert. Wenn ich nun versuche OPT1 zu konfigurieren bekomme ich im browser nur das:

Fatal error: Call to a member function children() on null in /usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL.php on line 156

WAN, LAN, OPT2 als DMZ klappen wunderbar.

Es ist eine absolut frische und unverdengelte Neuinstallation. Meine Netzinterfaces schauen wie folgt aus in der XEN cfg

vif = [
'mac=00:17:3E:BE:A2:1A,bridge=intern',
'mac=00:17:3E:BE:A2:1D,bridge=extern',
'mac=00:17:3E:BE:A2:1C,bridge=wlan',
'mac=00:17:3E:BE:A2:1B,bridge=dmz' ]

Die kann ich auch genau so in der Console und im Assign Screen sehen. Klicke ich dann den OPT1 Link an erscheint die Fehlermeldung

In der Konsolenoption 1) entstand folgendes Ergebnis

Valid interfaces are:
xn0              00:17:3e:be:a2:1a Virtual Network Interface
xn1              00:17:3e:be:a2:1d Virtual Network Interface
xn2              00:17:3e:be:a2:1c Virtual Network Interface
xn3              00:17:3e:be:a2:1b Virtual Network Interface

You now have the opportunity to configure VLANs.  If you don't require VLANs
for initial connectivity, say no here and use the GUI to configure VLANs later.

Do you want to set up VLANs now [y|n]? n

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: xn1

Enter the LAN interface name or 'a' for auto-detection 
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): xn0

Enter the Optional 1 interface name or 'a' for auto-detection
(or nothing if finished): xn2

Enter the Optional 2 interface name or 'a' for auto-detection
(or nothing if finished): xn3

Enter the Optional 3 interface name or 'a' for auto-detection
(or nothing if finished): 

The interfaces will be assigned as follows:

WAN  -> xn1
LAN  -> xn0
OPT1 -> xn2
OPT2 -> xn3

OPT2 habe ich dann über das Webinterface auf DMZ konfiguriert

Hat irgendwer eine Idee? Würde mich freuen

Br br

Pages: 1 2 [3]