Vlan Tag on Wan interface issues

Started by 330flyer, March 02, 2025, 06:16:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 02, 2025, 06:16:50 PM
Hello everyone,
firstly im no networking guru and relatively a noob in Opnsense so please accept my apologies in advance if its a stupid/simple issue.

I get the my internet from my ISP's fiber connection and from the PON device it goes strait into my Opnsense box (Lenovo M920Q with 32gb ram, Intel 8-core i7-9700T  1TB NVME SSD and 4 port Intel i350))

My ISP delivers the internet and IPTV services on the Same fiber connection. Internet in on the Vlan35 with pppoe and IPTV on Vlan55.
i followed the setup guides i found on here, youtube and google search and  obtained a good stable connection for the Internet. I have install Zenarmor (home subscription) and setup policies and as said before everything seems to work really good.

then problem i am having is in regards the the IPTV Vlan. Done the research and trying to configure the vlan55 on the Wan interface seems strait forward but
after a few minutes or so i totally loose the Internet on the network. i delete Vlan55 or disable the vlan55 interface and internets comes back a few moments later..
for the life of me , i can not figure out why.??
 
Network Interfaces is attached in the picture;
i am doing something wrong?


my ultimate aim is to stream my iptv service to (lan4 igb3)  to my isp STB which is connected to the TV. (that is my next step... try and figure out how to configure that setup..

(learning curve is getting steeper as i sniff around theseYou cannot view this attachment. system.. it was a breeze with my ASUS home router :))
March 02, 2025, 07:58:44 PM #1
Interesting setup. Where does that IPTV VLAN go? I assume you need to bridge it to other equipment, so you'd want to set up a VLAN interface like your igb0_vlan35 - from your screenshot it appears that "wan" is assigned to igb0 (the main, untagged interface). (You can run a forum search for "mix tagged untagged" or similar text, or look at VLAN and LAGG Setup for advice regarding mixing tagged and untagged traffic on an interface.) As I said I assume you'd then bridge it to other equipment (configure a bridge with igb0 VLAN 55 and at least one other interface as members, possibly also with VLAN tag 55), but some or all of my assumptions may be bad.

Say, what version of OPNsense is that? It looks a bit different than 25.1.2, and, sadly, I can't recall what the UI looked like a couple versions ago (when I started).
March 03, 2025, 10:59:36 AM #2
hello pfry
thankyou for you feedback.

in the picture i didn't include the Vlan55 setup as it breaks my net connection, but you are correct. I create a vlan55 and assign the Parent as igb0 then add the vlan interface in the interface assignments.

i am thinking of experimenting in creating a vlan55 interface on the lan side but i haven't gotten to the stage of bridging them wan Vlan55 to igb3 vlan55
or simply create a vlan on the lan (igb3) and bridge the wan to lan vlan55. i havent done this as of yet as i am still trying to resolve the internet dropout issue

i also created a tcpdump (packet capture) from the diagnostic menu for Wan.Vlan55, Wan.Lan35 and Wan but these are gibberish to me at my knowledge level.
March 03, 2025, 04:28:54 PM #3
Quote from: 330flyer on March 03, 2025, 10:59:36 AM[...]
in the picture i didn't include the Vlan55 setup as it breaks my net connection, but you are correct. I create a vlan55 and assign the Parent as igb0 then add the vlan interface in the interface assignments.
[...]

Aha! Good so far, but your screenshot for igb0_vlan55/opt3 shows an "IPv4 Configuration Type" of DHCP. That will request an IP/gateway/etc. assignment from upstream, and if successful, create a conflict with your PPPoE link. I'd guess it's successful (which is a good sign from a diagnostic standpoint). In order to bridge the VLAN to other equipment you'll want to set that to "None" and go from there. I haven't tried to bridge DHCP on OPNsense - it should "just work". One way to find out.
March 09, 2025, 12:05:10 AM #4
Tried everything except for bridging with no luck..
i was curious to see if it's an isolated issue so I decided to install Pfsense on my spare machine did the configuration and both vlans (35,55) on the wan interface and did not encounter any internet outage.
these are the steps i had taken within Opnsense:
1. Create Vlan 35 with (WAN) igb0 as the parent device
2. add point-to-point (pppoe) link interface vlan35
3. add interface (pppoe0) in interface assignments.
4. Create vlan55 with Wan as the parent device
5. add vlan55 interface via interface assignments
as stated above, without steps 4 and 5 internet works.

not sure what is going on but any help would be appreciated
March 09, 2025, 10:16:01 AM #5 Last Edit: March 09, 2025, 10:23:19 AM by dish
its not so straightforward doing this :P

Your ISP/TV will require specific configuration, google your provider name + pfsense or opnsense etc and hopefully you can find it. If not you look for a guide for another provider and adopt it to yours. Check your service provider support page for the IPTV configuration.

Here is an example for KPN netherlands (just translate the page), your config will end up similar.
https://j4me.synology.me/ - scroll down to iptv settings
Basically need specific interface config, igmp proxy, specific dhcp settings for tvbox so it pulls info from TVprovider, open up broadcasting, block the TV vlan from spamming your LAN etc

In my case i couldnt get it working nicely, it worked but after an hour or so it gave an error and stop working.

I got tired of it and in the end the simple solution for me was to install the android app from the TV provider on my smartTV or GoogleTV dongle. This takes 5mins of your time and works just as well.
March 09, 2025, 11:22:55 AM #6
I'm fairly sure that you do *not* want to make OPNsense a DHCP client on VLAN 55. It may be trying to use that as a route to the internet, and presumably your ISP wouldn't allow that.

How are you planning on physically connecting the IPTV box? Does the IPTV box work if you connect it directly to the ONT (with OPNsense out of the picture)?

If you can run a dedicated cable for it, perhaps you could put an ethernet switch between your ONT and OPNsense, and connect the IPTV box to another port on that switch. The switch would need to capable of passing VLAN tagged frames. I'm assuming that the IPTV box knows to use VLAN 55, but if it doesn't, you might need a managed switch to handle the untagging.

If you need to share a physical connection from the OPNsense location to the IPTV box location, perhaps you could create VLAN 55 devices on both WAN and LAN, and create a bridge between them.
March 09, 2025, 09:20:18 PM #7
A quick search on "opnsense iptv" reveals a few pages (OPN docs and forums, github) indicating that DHCP is relatively common.
But they often also indicate the use of DHCP options specific to the ISP, including classless-routes which I suspect is used to push routing info.

IGMP proxy also appears to be a critical component.
March 10, 2025, 01:17:41 AM #8 Last Edit: March 10, 2025, 07:00:50 AM by 330flyer
Hey dish, thanks for the reply.

QuoteYour ISP/TV will require specific configuration, google your provider name + pfsense or opnsense etc and hopefully you can find it. If not you look for a guide for another provider and adopt it to yours. Check your service provider support page for the IPTV configuration.

thats major issue here, i moved here to turkey for work (airline industry) and the level of freedom for usage and hardware choice compared to other nations internet providers is massive. your 'locked on the hardware they give you' and will not divulge a micro bit of information to prevent you from using alternative hardware and just reply it not possible and they will not provide support. mind you me they will provide a really crusty isp firmware locked zyxel router where you can not even change the DNS and with out 10 devices connected it starts to hang and crash. im constantly rebooting 2-3 times a day ( changed the router 2 times barely better). if reading and searching the 'alternative means'  i managed to get pfsense running but switched to Opnsense i found it lot more intuitive and better eye candy + zenarmor.

i managed to get some info from another forum with the same isp and configures exactly the way picture attached indicates. they also used dhcp and reported no issue but my Net connection drops after a few minutes when i add vlan 55 to wan interface.


QuoteHere is an example for KPN netherlands (just translate the page), your config will end up similar.
https://j4me.synology.me/ - scroll down to iptv settings
Basically need specific interface config, igmp proxy, specific dhcp settings for tvbox so it pulls info from TVprovider, open up broadcasting, block the TV vlan from spamming your LAN etc

thank for that i seen a vid on that as well and came across it a few time and will definitely take a deep dive after i get this Vlan55 issue from dropping my net connection problem resolved.


QuoteI got tired of it and in the end the simple solution for me was to install the android app from the TV provider on my smartTV or GoogleTV dongle. This takes 5mins of your time and works just as well.

i agree it a faster and cleaner solution, even that didn't work for me after i installed Zenarmor, apparently it was adblocking a feature needed to run the app. took my 2-3 hours of figuring it out because the discription was ad blocked and had no information at all it to being related to the iptv app.
however, i am willing to loose a few more brain cells and cognitive functionality for now one reason being i like the idea if the net goes down i can still stream the iptv via the stb ( like the medieval sat dish :)))  )



March 10, 2025, 01:32:52 AM #9
hi dseven
much appricated for the reply.

QuoteI'm fairly sure that you do *not* want to make OPNsense a DHCP client on VLAN 55. It may be trying to use that as a route to the internet, and presumably your ISP wouldn't allow that.

from my previous post, another users same isp and iptv claims to have the setting correct for the wan interface, also claiming they had it up and running in Pfsense and was trying to get it to work on Opnsense. the picture i attched  in my previous post is the config they uses. i will however try the same config without the DHCP. I looked into the menu of the isp router i could inly see the 2 vlans (35,55) with dhcp.


QuoteHow are you planning on physically connecting the IPTV box? Does the IPTV box work if you connect it directly to the ONT (with OPNsense out of the picture)?
second part of the question, the iptv will only work when connected to the isp given router (zxyel) and not directly from the ONT... aprrently they are preconfigured with the relevant vlan's. I tried adding a switch between the ONT and Opnsense and simply connecting the STB to the switch (no joy).

the first par, My Opnsense box is a Lenovo M920q, it has an onboard eth port (em0) and Intel i350 4xport PCI NIC (igb0 igb1 igb2 igb3)
ONT- Opnsense WAN igb0
Lan = em0
IPTV lan igb3

igb3 port will go directly to the STB.
all other lan traffic will be on em0

QuoteIf you need to share a physical connection from the OPNsense location to the IPTV box location, perhaps you could create VLAN 55 devices on both WAN and LAN, and create a bridge between them

thats the issue i am having, as soon as i add the Vlan55 on the wan interface my internet connections drops :(



March 10, 2025, 01:41:32 AM #10 Last Edit: March 10, 2025, 07:01:08 AM by 330flyer
thanks for the feedback EricPerl,

QuoteA quick search on "opnsense iptv" reveals a few pages (OPN docs and forums, github) indicating that DHCP is relatively common.
But they often also indicate the use of DHCP options specific to the ISP, including classless-routes which I suspect is used to push routing info.

IGMP proxy also appears to be a critical component

from what im led to believe.. is that the dhcp element is required, as from my attachment. IGMP is also a must and will configure that after i can get this internet dropping issue resolved.

as mentioned i get the Vlans working 35,55 on Pfsense with no dropouts and started playing with igmp and firewall rules but i found the Pfsense UI confusing a constantly clicking back and forward so i got tired of it and  really like the Opnsense UI. setting up the pppoe with vlan35  was a bit different on Opnsense than Pfsense but from what i am lead to belive if it work their.. it should work on Opnsense aswell..... well in theory :)
March 10, 2025, 06:25:01 PM #11
FWIW, based on other articles, the DHCP option for routing info appears to be classless-routes (plural).
https://docs.opnsense.org/manual/how-tos/orange_fr_tvf.html
https://github.com/HellStorm666/KPN-Routed-IPTV-with-OPNsense
Print
Go Up Pages1
User actions