Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    multicast inconsistant

    Scheduled Pinned Locked Moved General pfSense Questions
    49 Posts 6 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maximushugus
      last edited by

      By reseting the port link on my switch for my pfSense, I can reproduce this behavior

      1 Reply Last reply Reply Quote 0
      • M
        maximushugus @bmeeks
        last edited by maximushugus

        @bmeeks I tried a packet capture after stopping the dpinger service, but it didn't change anything.

        I correct myself : on a capture on my pfSense when I have this problem, I only see multicast with IPv4 source address of my pfSense AND MDNS multicast packets (224.0.0.251) from my lan AND multicast leave group from my lan (but not multicast join group)

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @maximushugus
          last edited by

          @maximushugus said in multicast inconsistant:

          stopping the dpinger service

          what would that have to do with anything - dpinger is what checks to see if your gateway is online via pinging it.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          M 1 Reply Last reply Reply Quote 0
          • M
            maximushugus @johnpoz
            last edited by

            @johnpoz I though this would stop IDS/IPS service as said above

            dennypageD 1 Reply Last reply Reply Quote 0
            • dennypageD
              dennypage @maximushugus
              last edited by

              @maximushugus said in multicast inconsistant:

              I though this would stop IDS/IPS service as said above

              It won't. dpinger has no relationship to IDS/IPS.

              1 Reply Last reply Reply Quote 0
              • M
                maximushugus
                last edited by

                I don't really know what you mean by IDS/IPS. If it's in relation to snort or suricata, i do not have those packet installed
                I have wireguard, avahi, openvpn (and arping, iperf)

                bmeeksB 1 Reply Last reply Reply Quote 0
                • bmeeksB
                  bmeeks @maximushugus
                  last edited by

                  @maximushugus said in multicast inconsistant:

                  I don't really know what you mean by IDS/IPS. If it's in relation to snort or suricata, i do not have those packet installed
                  I have wireguard, avahi, openvpn (and arping, iperf)

                  If you do not have Snort or Suricata installed, then forget all the remarks about IDS/IPS. They are not relevant without one of those packages installed and running.

                  1 Reply Last reply Reply Quote 1
                  • dennypageD
                    dennypage @johnpoz
                    last edited by

                    @maximushugus said in multicast inconsistant:

                    By reseting the port link on my switch for my pfSense, I can reproduce this behavior

                    @maximushugus, you should start with this suggestion:

                    @johnpoz said in multicast inconsistant:

                    When troubleshooting where trying to validate traffic gets to where it is suppose to go and there is a lag at the endpoint, we have always turned down all but one interface in the lag

                    1 Reply Last reply Reply Quote 0
                    • M
                      maximushugus
                      last edited by

                      To update the topic : for the moment I'm not able to do testing disabling lag because of my configuration.
                      But I reinstalled pfSense 2.7.0 reimporting the exact same configuration, and my multicast is working again.
                      I suspect a bug in the igmpproxy program in pfSense 2.7.2 (or pfSense 2.7.1 but I never tried this version)
                      Maybe it is related with this : https://redmine.pfsense.org/issues/15043

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        @maximushugus said in multicast inconsistant:

                        https://redmine.pfsense.org/issues/15043

                        It could be that. Those fixes are in 24.03.

                        1 Reply Last reply Reply Quote 0
                        • M
                          maximushugus
                          last edited by

                          I tried to transfer the igmpproxy binary from working 2.7.0 pfSense to 2.7.2.
                          But it looks like the binary is exactly the same...

                          To resume : if I restart my pfSense interfaces and launch igmpproxy, the first multicast stream I ask is working. But as soon as I leave this first asked multicast stream, it is not working anymore, and if I do a packet capture, I do not see any multicast packets exept those with IPv4 source address of my pfSense AND MDNS multicast packets (224.0.0.251) from my lan AND multicast leave group from my lan (but not multicast join group).

                          I managed to get igmpproxy logs from working state to not working (by restarting interfaces from my switch and lauching igmpproxy after reconnecting). On this log I put "****************" when I left the stream on my PC :

                          igmpproxy -n -d -vv /etc/igmpproxy.conf
Searching for config file at '/etc/igmpproxy.conf'
Config: Quick leave mode enabled.
Config: Got a phyint token.
Config: IF: Config for interface lagg0.1.
Config: IF: Got upstream token.
Config: IF: Got ratelimit token '0'.
Config: IF: Got threshold token '1'.
Config: IF: Got whitelist token 233.32.36.0/24.
Config: IF: Altnet: Parsed altnet to 233.32.36/24.
Config: IF: Got whitelist token 233.60.197.0/24.
Config: IF: Altnet: Parsed altnet to 233.60.197/24.
Config: IF: Got whitelist token 233.49.82.0/24.
Config: IF: Altnet: Parsed altnet to 233.49.82/24.
Config: IF: Got whitelist token 233.136.0.0/24.
Config: IF: Altnet: Parsed altnet to 233.136.0/24.
Config: IF: Got whitelist token 233.136.44.0/24.
Config: IF: Altnet: Parsed altnet to 233.136.44/24.
Config: IF: Got altnet token 0.0.0.0/0.
Config: IF: Altnet: Parsed altnet to default.
IF name : lagg0.1
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 1
Allowednet ptr : 7c41b0a0
Config: Got a phyint token.
Config: IF: Config for interface lagg0.3.
Config: IF: Got downstream token.
Config: IF: Got ratelimit token '0'.
Config: IF: Got threshold token '1'.
Config: IF: Got altnet token 0.0.0.0/0.
Config: IF: Altnet: Parsed altnet to default.
IF name : lagg0.3
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 2
Allowednet ptr : 7c41b0c0
Config: Got a phyint token.
Config: IF: Config for interface lagg0.99.
Config: IF: Got downstream token.
Config: IF: Got ratelimit token '0'.
Config: IF: Got threshold token '1'.
IF name : lagg0.99
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 2
Allowednet ptr : 0
Config: Got a phyint token.
Config: IF: Config for interface lagg0.50.
Config: IF: Got disabled token.
IF name : lagg0.50
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 0
Allowednet ptr : 0
Config: Got a phyint token.
Config: IF: Config for interface gre0.
Config: IF: Got disabled token.
IF name : gre0
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 0
Allowednet ptr : 0
Config: Got a phyint token.
Config: IF: Config for interface tun_wg0.
Config: IF: Got disabled token.
IF name : tun_wg0
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 0
Allowednet ptr : 0
Config: Got a phyint token.
Config: IF: Config for interface tun_wg1.
Config: IF: Got disabled token.
IF name : tun_wg1
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 0
Allowednet ptr : 0
Config: Got a phyint token.
Config: IF: Config for interface lagg0.2.
Config: IF: Got disabled token.
IF name : lagg0.2
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 0
Allowednet ptr : 0
buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8
buildIfVc: Interface lo0 Addr: 45.13.104.149, Flags: 0xffff8049, Network: 45/8
buildIfVc: Interface lagg0.3 Addr: 192.168.3.1, Flags: 0xffff8943, Network: 192.168.3/24
buildIfVc: Interface lagg0.50 Addr: 192.168.50.1, Flags: 0xffff8943, Network: 192.168.50/24
buildIfVc: Interface lagg0.99 Addr: 192.168.99.1, Flags: 0xffff8943, Network: 192.168.99/24
buildIfVc: Interface lagg0.1 Addr: 109.11.243.7, Flags: 0xffff8843, Network: 109.11.243/24
buildIfVc: Interface lagg0.1 Addr: 192.168.4.253, Flags: 0xffff8843, Network: 192.168.4/24
buildIfVc: Interface ovpns1 Addr: 192.168.26.1, Flags: 0xffff8043, Network: 192.168.26/24
buildIfVc: Interface tun_wg0 Addr: 192.168.25.1, Flags: 0xffff80c1, Network: 192.168.25/24
buildIfVc: Interface tun_wg1 Addr: 192.168.27.1, Flags: 0xffff80c1, Network: 192.168.27/24
buildIfVc: Interface gre0 Addr: 10.1.0.246, Flags: 0xffff8051, Network: 10.1.0.244/30
Found config for lagg0.3
Found config for lagg0.50
Found config for lagg0.99
Found config for lagg0.1
Found config for lagg0.1
Found config for tun_wg0
Found config for tun_wg1
Found config for gre0
adding VIF, Ix 0 Fl 0x0 IP 0x0103a8c0 lagg0.3, Threshold: 1, Ratelimit: 0
        Network for [lagg0.3] : 192.168.3/24
        Network for [lagg0.3] : default
adding VIF, Ix 1 Fl 0x0 IP 0x0163a8c0 lagg0.99, Threshold: 1, Ratelimit: 0
        Network for [lagg0.99] : 192.168.99/24
Found upstrem IF #0, will assing as upstream Vif 27
adding VIF, Ix 2 Fl 0x0 IP 0x07f30b6d lagg0.1, Threshold: 1, Ratelimit: 0
        Network for [lagg0.1] : 109.11.243/24
        Network for [lagg0.1] : default
Found upstrem IF #1, will assing as upstream Vif 28
adding VIF, Ix 3 Fl 0x0 IP 0xfd04a8c0 lagg0.1, Threshold: 1, Ratelimit: 0
        Network for [lagg0.1] : 192.168.4/24
        Network for [lagg0.1] : default
Got 262144 byte buffer size in 0 iterations
Joining all-routers group 224.0.0.2 on vif 192.168.3.1
Joining group 224.0.0.2 on interface lagg0.3
Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.3.1
Joining group 224.0.0.22 on interface lagg0.3
Joining all-routers group 224.0.0.2 on vif 192.168.99.1
Joining group 224.0.0.2 on interface lagg0.99
Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.99.1
Joining group 224.0.0.22 on interface lagg0.99
SENT Membership query   from 192.168.3.1     to 224.0.0.1
Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10
SENT Membership query   from 192.168.99.1    to 224.0.0.1
Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10
Created timeout 1 (#0) - delay 10 secs
(Id:1, Time:10) 
Created timeout 2 (#1) - delay 21 secs
(Id:1, Time:10) 
(Id:2, Time:21) 
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV Membership query   from 192.168.3.1     to 224.0.0.1
RECV Membership query   from 192.168.99.1    to 224.0.0.1
Route activate request from 192.168.3.31 to 224.2.127.254 on VIF[2]
No table entry for 224.2.127.254 [From: 192.168.3.31]. Inserting route.
No existing route for 224.2.127.254. Create new.
No routes in table. Insert at beginning.
Inserted route table entry for 224.2.127.254 on VIF #-1
The group address 224.2.127.254 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 224.2.127.254, Age:2, St: I, OutVifs: 0x00000000, dHosts: yes
-----------------------------------------------------

Current routing table (Activate Route):
-----------------------------------------------------
#0: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes
-----------------------------------------------------
Route activate request from 192.168.3.4 to 239.255.255.250 on VIF[2]
No table entry for 239.255.255.250 [From: 192.168.3.4]. Inserting route.
No existing route for 239.255.255.250. Create new.
Found existing routes. Find insert location.
Inserting at beginning, before route 224.2.127.254
Inserted route table entry for 239.255.255.250 on VIF #-1
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000000, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes
-----------------------------------------------------

Current routing table (Activate Route):
-----------------------------------------------------
#0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 224.2.127.254
Should insert group 224.2.127.254 (from: 192.168.3.4) to route table. Vif Ix : 0
Updated route entry for 224.2.127.254 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2
The group address 224.2.127.254 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.4) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.37    to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.37) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 239.255.255.246
Should insert group 239.255.255.246 (from: 192.168.3.4) to route table. Vif Ix : 0
No existing route for 239.255.255.246. Create new.
Found existing routes. Find insert location.
Inserting at beginning, before route 239.255.255.250
Inserted route table entry for 239.255.255.246 on VIF #0
The group address 239.255.255.246 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.9     to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.9) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.18    to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.18) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV Membership query   from 1.1.1.1         to 224.0.0.1
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.111   to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.111) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 1 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
Route activate request from 192.168.3.18 to 239.255.255.250 on VIF[2]
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2

Current routing table (Activate Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 224.2.127.254
Should insert group 224.2.127.254 (from: 192.168.3.4) to route table. Vif Ix : 0
Updated route entry for 224.2.127.254 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2
The group address 224.2.127.254 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 239.255.255.250
Should insert group 239.255.255.250 (from: 192.168.3.4) to route table. Vif Ix : 0
Updated route entry for 239.255.255.250 on VIF #0
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2
The group address 239.255.255.250 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.4     to 239.255.255.246
Should insert group 239.255.255.246 (from: 192.168.3.4) to route table. Vif Ix : 0
Updated route entry for 239.255.255.246 on VIF #0
The group address 239.255.255.246 may not be forwarded upstream. Ignoring.

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 192.168.3.112   to 233.136.0.202
Should insert group 233.136.0.202 (from: 192.168.3.112) to route table. Vif Ix : 0
No existing route for 233.136.0.202. Create new.
Found existing routes. Find insert location.
Inserting at beginning, before route 239.255.255.246
Inserted route table entry for 233.136.0.202 on VIF #0
Joining group 233.136.0.202 upstream on IF address 109.11.243.7
Joining group 233.136.0.202 on interface lagg0.1
Joining group 233.136.0.202 upstream on IF address 192.168.4.253
Joining group 233.136.0.202 on interface lagg0.1
can't join group 233.136.0.202 on interface lagg0.1; Errno(48): Address already in use

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 233.136.0.202, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV V2 member report   from 109.11.243.7    to 233.136.0.202
The IGMP message was from myself. Ignoring.
Route activate request from 77.130.48.82 to 233.136.0.202 on VIF[2]
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Adding MFC: 77.130.48.82 -> 233.136.0.202, InpVIf: 2

Current routing table (Activate Route):
-----------------------------------------------------
#0: Src0: 77.130.48.82, Dst: 233.136.0.202, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#1: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
About to call timeout 2 (#0)
SENT Membership query   from 192.168.3.1     to 224.0.0.1
Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10
SENT Membership query   from 192.168.99.1    to 224.0.0.1
Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10
Created timeout 3 (#0) - delay 10 secs
(Id:3, Time:10) 
Created timeout 4 (#1) - delay 21 secs
(Id:3, Time:10) 
(Id:4, Time:21) 
RECV Membership query   from 192.168.99.1    to 224.0.0.1
RECV Membership query   from 192.168.3.1     to 224.0.0.1
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 3 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
#0: Src0: 77.130.48.82, Dst: 233.136.0.202, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
#1: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
RECV Leave message      from 192.168.3.112   to 224.0.0.2
Got leave message from 192.168.3.112 to 233.136.0.202. Starting last member detection.
**********************************************************************
counted 1 interfaces
quickleave is enabled and this was the last downstream host, leaving group 233.136.0.202 now
Leaving group 233.136.0.202 upstream on IF address 109.11.243.7
Leaving group 233.136.0.202 on interface lagg0.1
Interface id 0 is in group $d
SENT Membership query   from 192.168.3.1     to 233.136.0.202
Sent membership query from 192.168.3.1 to 233.136.0.202. Delay: 10
Interface id 1 is in group $d
Created timeout 5 (#0) - delay 10 secs
(Id:5, Time:10) 
(Id:4, Time:11) 
RECV Leave message      from 109.11.243.7    to 224.0.0.2
Got leave message from 109.11.243.7 to 233.136.0.202. Starting last member detection.
The found if for 109.11.243.7 was not downstream. Ignoring leave request.
RECV Membership query   from 192.168.3.1     to 233.136.0.202
RECV V2 member report   from 192.168.3.1     to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
About to call timeout 5 (#0)
Interface id 0 is in group $d
SENT Membership query   from 192.168.3.1     to 233.136.0.202
Sent membership query from 192.168.3.1 to 233.136.0.202. Delay: 10
Interface id 1 is in group $d
Created timeout 6 (#0) - delay 10 secs
(Id:6, Time:10) 
(Id:4, Time:1) 
RECV Membership query   from 192.168.3.1     to 233.136.0.202
About to call timeout 6 (#0)
Removing group 233.136.0.202. Died of old age.
Removed route entry for 233.136.0.202 from table.
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Removing MFC: 77.130.48.82 -> 233.136.0.202, InpVIf: 2

Current routing table (Remove route):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
About to call timeout 4 (#0)
SENT Membership query   from 192.168.3.1     to 224.0.0.1
Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10
SENT Membership query   from 192.168.99.1    to 224.0.0.1
Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10
Created timeout 7 (#0) - delay 10 secs
(Id:7, Time:10) 
Created timeout 8 (#1) - delay 115 secs
(Id:7, Time:10) 
(Id:8, Time:115) 
RECV Membership query   from 192.168.3.1     to 224.0.0.1
RECV Membership query   from 192.168.99.1    to 224.0.0.1
RECV Membership query   from 1.1.1.1         to 224.0.0.1
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 7 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
#0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
#2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
About to call timeout 8 (#0)
SENT Membership query   from 192.168.3.1     to 224.0.0.1
Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10
SENT Membership query   from 192.168.99.1    to 224.0.0.1
Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10
Created timeout 9 (#0) - delay 10 secs
(Id:9, Time:10) 
Created timeout 10 (#1) - delay 115 secs
(Id:9, Time:10) 
(Id:10, Time:115) 
RECV Membership query   from 192.168.3.1     to 224.0.0.1
RECV Membership query   from 192.168.99.1    to 224.0.0.1
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
About to call timeout 9 (#0)
Aging routes in table.
Removing group 239.255.255.246. Died of old age.
Removed route entry for 239.255.255.246 from table.

Current routing table (Remove route):
-----------------------------------------------------
#0: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
#1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
Removing group 239.255.255.250. Died of old age.
Removed route entry for 239.255.255.250 from table.
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Removing MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Removing MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2

Current routing table (Remove route):
-----------------------------------------------------
#0: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes
-----------------------------------------------------
Removing group 224.2.127.254. Died of old age.
Removed route entry for 224.2.127.254 from table.
Vif bits : 0x00000001
Setting TTL for Vif 0 to 1
Removing MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2

Current routing table (Remove route):
-----------------------------------------------------
No routes in table...
-----------------------------------------------------

Current routing table (Age active routes):
-----------------------------------------------------
No routes in table...
-----------------------------------------------------
About to call timeout 10 (#0)
SENT Membership query   from 192.168.3.1     to 224.0.0.1
Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10
SENT Membership query   from 192.168.99.1    to 224.0.0.1
Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10
Created timeout 11 (#0) - delay 10 secs
(Id:11, Time:10) 
Created timeout 12 (#1) - delay 115 secs
(Id:11, Time:10) 
(Id:12, Time:115) 
RECV Membership query   from 192.168.3.1     to 224.0.0.1
RECV Membership query   from 192.168.99.1    to 224.0.0.1
RECV V2 member report   from 192.168.99.1    to 224.0.0.2
The IGMP message was from myself. Ignoring.
About to call timeout 11 (#0)
Aging routes in table.

Current routing table (Age active routes):
-----------------------------------------------------
No routes in table...
-----------------------------------------------------
RECV Membership query   from 1.1.1.1         to 224.0.0.1
RECV V2 member report   from 192.168.99.1    to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.251
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.3.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.

                          So as you can see, after leaving the stream, it is not receiving any join group anymore (even if I try to join this multicast stream again on my PC).

                          Because the igmpproxy binary was not changed, I think this is a kernel/pfSense issue with rule/state/filter table between 2.7.0 and 2.7.2,

                          What do you think about it ?
                          Thanks

                          1 Reply Last reply Reply Quote 0
                          • M
                            maximushugus
                            last edited by

                            Also if it can help, here is netstat -g results at different moment during the problem :

                            Before lauching igmpproxy :

                            netstat -g

IPv4 Virtual Interface Table is empty

IPv4 Multicast Forwarding Table is empty


IPv6 Multicast Interface Table is empty

IPv6 Multicast Forwarding Table is empty

                            After starting igmpproxy but before asking for the stream on my PC :

                            netstat -g

IPv4 Virtual Interface Table
 Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
  0         1   192.168.3.1                             0          0
  1         1   192.168.99.1                            0          0
  2         1   109.11.243.7                            0          0
  3         1   192.168.4.253                           0          0

IPv4 Multicast Forwarding Table
 Origin          Group             Packets In-Vif  Out-Vifs:Ttls
 192.168.3.31    224.2.127.254           0    2    0:1
 192.168.3.4     239.255.255.250         0    2    0:1

                            After asking for the multicast stream on my PC and receiving the stream :

                            netstat -g

IPv4 Virtual Interface Table
 Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
  0         1   192.168.3.1                             0      16716
  1         1   192.168.99.1                            0          0
  2         1   109.11.243.7                        16716          0
  3         1   192.168.4.253                           0          0

IPv4 Multicast Forwarding Table
 Origin          Group             Packets In-Vif  Out-Vifs:Ttls
 192.168.3.31    224.2.127.254           0    2    0:1
 77.130.48.82    233.136.0.202       16716    2    0:1
 192.168.3.18    239.255.255.250         0    2    0:1
 192.168.3.4     239.255.255.250         0    2    0:1


IPv6 Multicast Interface Table is empty

IPv6 Multicast Forwarding Table is empty

                            After stopping the stream on my PC :

                            netstat -g

IPv4 Virtual Interface Table
 Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
  0         1   192.168.3.1                             0      16716
  1         1   192.168.99.1                            0          0
  2         1   109.11.243.7                        16716          0
  3         1   192.168.4.253                           0          0

IPv4 Multicast Forwarding Table
 Origin          Group             Packets In-Vif  Out-Vifs:Ttls
 192.168.3.31    224.2.127.254           0    2    0:1
 77.130.48.82    233.136.0.202       16716    2    0:1
 192.168.3.18    239.255.255.250         0    2    0:1
 192.168.3.4     239.255.255.250         0    2    0:1


IPv6 Multicast Interface Table is empty

IPv6 Multicast Forwarding Table is empty

                            And if I try again to ask for the multicast stream on my PC :

                            netstat -g

IPv4 Virtual Interface Table
 Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
  0         1   192.168.3.1                             0      16716
  1         1   192.168.99.1                            0          0
  2         1   109.11.243.7                        16716          0
  3         1   192.168.4.253                           0          0

IPv4 Multicast Forwarding Table
 Origin          Group             Packets In-Vif  Out-Vifs:Ttls
 192.168.3.31    224.2.127.254           0    2    0:1
 77.130.48.82    233.136.0.202       16716    2    0:1
 192.168.3.18    239.255.255.250         0    2    0:1
 192.168.3.4     239.255.255.250         0    2    0:1


IPv6 Multicast Interface Table is empty

IPv6 Multicast Forwarding Table is empty
                            1 Reply Last reply Reply Quote 0
                            • M
                              maximushugus
                              last edited by

                              Just to update, I still have the problem.
                              But I installed and properly configured PIMD, disabling IGMP proxy.

                              With this configuration I have the exact same problem : I only see multicast with IPv4 source of my pfSense, and MDNS, (224.0.0.251) from my lan and multicast leave group but not multicast join group from my lan.

                              So I this the problem is in pfSense itself and not in IGMPproxy nor PIMD

                              Also if from a PC on my lan I ping a multicast 224.0.0.2, I can see this on a capture on pfSense.

                              That's really weird

                              1 Reply Last reply Reply Quote 0
                              • M
                                maximushugus
                                last edited by

                                I found I have the same problem as discribed here

                                I have the same configuration with a LAGG of ixl0 and ixl1
                                I suspect this is the problem.
                                I get a lot of those errors

                                pfSense kernel: ixl1: Disabled multicast promiscuous mode

                                when enabling or disabling any multicast program (avahi, igmpproxy or pimd), even if I disable every program

                                1 Reply Last reply Reply Quote 0
                                • M
                                  maximushugus
                                  last edited by

                                  Ok I think I found the problem : it looks as a freebsd kernel bug with Intel x710 NIC.

                                  Here is the same problem in OPNsense : link

                                  Here is the Github OPNsense problem : link

                                  In OPNsense by reverting this freebsd commit it resolve the problem (see here)

                                  Can someone open an issue for next pfsense ?
                                  Does someone have skills to compile a pfsense kernel without the faulty commit ?

                                  Thanks ?

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Hmm, surprised you can't disable that kind of hardware offloading.🤔

                                    Since it can only handle 128 addresses and has a mode where it stops filtering in hardware when it goes above that anyway.....

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by stephenw10

                                      Seems to be setup with vlan hw filtering. Did you try disabling that?

                                      Like: ifconfig ixl0 -vlanhwfilter

                                      M 1 Reply Last reply Reply Quote 0
                                      • M
                                        maximushugus @stephenw10
                                        last edited by

                                        @stephenw10 It looks as if I cannot disable vlan hw filtering because if I run this command the interface doesn't go up anymore until I restart

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          maximushugus
                                          last edited by

                                          I created the bug in pfSense bugtracker : here

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Hmm, that's odd. Are you using VLANs on that? Do they all fail if so?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.