Streaming issues with OPNsense

[swampland]

I'm having constant streaming issues when I connect my smart TV through my OPNsense router.

It always eventually shows an error saying there was a problem with the stream. Or that there's no Internet connection. It doesn't buffer. It stops completely.

It's not a bandwidth issue. The TV streams flawlessly when I bypass my home network and connect it directly to the ISP modem WiFi.

The other devices on my network (WiFi and LAN, all going through OPNsense) have no connectivity issues. It's just this one TV.

Here's how it's connected:

ISP Modem -> OPNsense Router -> TP-Link AP => smart TV (on a VLAN)

-> = Physical cable connection
=> = WiFi connection

There are no bottlenecks in my network. OPNsense is running on a fast, dedicated PC with plenty of RAM.

I've tried:
- Going through the logs and eliminating all errors
- Allowing all traffic to and from the smart TV
- Using the ISP DNS servers
- Using a static IP for the WAN instead of DHCP
- Setting up pipes, queues, and rules using FQ-CoDel

Nothing has helped.

I've also done lots of packet captures. And there are lots of [TCP Retransmission], [TCP Out-Of-Order], and [RST] packets being sent before streaming fails.

So something is definitely going wrong with the connection. I just don't know how to tell what it is.

The only ideas I have left are to put the ISP modem into bridge mode to eliminate double NAT on the OPNsense network...

And that maybe the issue has something to do with the smart TV being on a VLAN.

Thoughts? How would you troubleshoot this?

Thanks!

[JamesFrisch]

I am pretty sure the problem is your Wifi.
Streaming is the easiest network task there is. Since you have a buffer and it is not UDP traffic. Even browsing websites is more demanding than watching a Youtube stream.


You can easily troubleshoot this by simple pinging your TV. You will see a ping fluctuation, with suddenly high spikes or even a complete loss. On windows use ping -t for continuous pinging.


semi off topic: A friend of mine recently had the exact same problem. AVM Fritzbox and AppleTV. His wifi router has a firmware bug on DFS outdoor channels that dropped the whole wifi for 10 seconds every 10 minutes.
Wifi is a broken mess. Sure it works 99% of the time, but if you are unlucky, the combination router x with firmware y in combination with device z with firmware a, is just not compatible.

Like his Fritbox also had an error with WPA2/3. You could not connect any HomePod (that supports WPA3) with the Wifi. Only when you turned it back to WPA2 only. They had so many problems with that WPA2/3 mixed mode implementation, that they changed it back to WPA2 only in a later firmware update as the new default setting. 

If you are interested in reducing the complexity of your wifi: https://github.com/jameskimmel/network-stuff/blob/main/Wi-Fi.md

[maclinuxfree]

Did you try to set the Firewall optimization to "conservative"?

[FraLem]

Hi there,

Is the video stream to the TV unicast or multicast traffic?

Rgds

[JamesFrisch]

Code Select Expand

Is the video stream to the TV unicast or multicast traffic?


Since he/she is streaming on his/her smart TV, I am 99,99% sure it is unicast  ;D

[swampland]

JamesFrisch, thank you for your reply.

I'm going to read through the link you sent later today and see if it helps.

I have suspected the WiFi. I hope that's the issue. Because I'm out of ideas with OPNsense.

***

maclinuxfree, I haven't tried that. I'll try it if troubleshooting the WiFi doesn't help. Thanks!

***

FraLem, I don't know what kind of traffic it is.

[JamesFrisch]

Before you read that, make sure that the Wifi really is the problem by pinging your TV.


FraLem is asking you if you are live streaming TV channels from your ISP. In some very rare edge cases, that traffic is multicast. Multicast has some special caveats. 

What live tv streaming are you using?

The TV streams flawlessly when I bypass my home network and connect it directly to the ISP modem WiFi.

I somehow skipped that one.
So your ISP modem is not in bridge mode? You just put OPNsense behind your ISP modem?
Because then it could be a multicast problem.

You realize that this will get you double NAT?
I would either put your ISPs modem into bridge mode or replace it with your OPNsense completely.

[FraLem]

To streaming service on the  TV is some sort of app from your service provider or a standard OTT app such as Netflix, Youtube, etc?

Should the service stream using multicast traffic, IGMP proxy needs to be taken into consideration.

Hope this helps

[swampland]

JamesFrisch, FraLem, I'm streaming things like Netflix, Prime, Apple TV, etc.

With single NAT, connected directly to the ISP modem WiFi it works without issue.

Double NAT, with OPNsense connected to the ISP modem is where I have issues.

However, JamesFrisch, after reading what you wrote about WiFi, I put the TV on a 5G network (it was on a 2.4G network I had set aside for IOT) and the problem seems to be gone.

I streamed a few different services for a few hours yesterday and didn't have an issue.

I'll keep testing because it seems like every time I change something it works for a while.

But I think you're right. The WiFi is the problem.

I still plan to put the modem in bridge mode eventually.

Thank you for helping me see outside of my tunnel vision!

OPNsense seems not to have been the problem after all. 🤦‍♂️

[JamesFrisch]

JamesFrisch, FraLem, I'm streaming things like Netflix, Prime, Apple TV, etc.

These are all unicast and work perfectly fine with double NAT and without igmp :)

However, JamesFrisch, after reading what you wrote about WiFi, I put the TV on a 5G network (it was on a 2.4G network I had set aside for IOT) and the problem seems to be gone.

Awesome, great to hear that it helped you!

[DanspilS]

Could also be worth looking at your bufferbloat scores; mine were Ds until I modified the pipes: https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/

[JamesFrisch]

Bufferbloat is probably always good to check, but this can't be the problem here.

Streaming videos is not real time and are not at all concerned about latency.