Not getting IP on IPTV vlan via ISP

PDJ

What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

Maarten90

@PDJ:

What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

Thanks for getting back to this. I'll try to describe my setup as good as I can:

I have two switches  a HP V1810, and a HP V1910 , both already do VLANS. The V1810 is downstairs. It has got one cable running to the other switch. This is the trunk connection over which all VLANS pass tagged, also VLAN 4 and 6. Then on that same switch I have my bridged vigor 130. The Draytek is tagged in VLAN 4 and 6. Also on this switch is my Settopbox, untagged in VLAN 4.

Upstairs I have the V1910, aside from the earlier mentioned trunk connection, it has my ESX 6.1 machine, which is tagged in all VLANS,also VLAN 4 and 6. Then, Inside VMWare I defined a VM Network with VLAN 4095 (all VLANs). The WAN connection on Pfsense uses an interface thats connected to this VM Network. VLAN 4 and 6 are created within Pfsense (2.2.6 now). Thee WAN connection is setup using PPPoE and over that interface goes em0_vlan6. This is how its setup. Internet works well this way. But I cant get VLAN 4 to work.

However I'm starting to think that it might be better to, instead of having one VM Network on vlan 4095, Create two VM Networks, one in VLAN 4, and one in VLAN6, and then assign the networks to pfsense.
I just created two new networks inside ESX, one tagged with vlan 4, and one tagged with vlan 6. Assigned them to Pfsense and Internet is working again, but IPTV still doesnt get an IP. At this time i'm not doing any VLAN tagging inside Pfsense.

Edit:
Just setup a debian box on vlan 4 to act as a dhcpserver, and that works. So VLAN4 seems fine. The only thing is, I think, that pfsense somehow doesnt know how to get a IP address from my ISP.

Maarten90

Tested some more. I have two trunk connections between my switches. I took one of them and connected one end to the Draytek, and one end to my ESX box. This to eliminate the possibility that the configuration of my switches is wrong. Created a new VM Network with VLAN 4095, and did the tagging within Pfsense. Internet works immediately, but VLAN 4 for IPTV still doesnt get an IP. Also tried it with two VM networks one with VLAN 6, and one with VLAN 4, and no tagging inside Pfsense, same results. Note that everything works like it should when I connect my Fritzbox again, so the problem should be somewhere on the end of Pfsense, or ESX.

Note that everything works as it should when I connect my Fritzbox again.

PDJ

Maybe you could lt PFSense do the VLAN tagging and connect it directly to the modem.
I think you should also remove the hostname in you DHCP request, it's now pfsense, this should be left blank

ThinkPadNL

Hi Maarten90,

Did you get this working in the end? I am running pfSense (2.3.2-RELEASE-p1) on my ESXi box with two network interfaces and i got internet up and running quickly after i bridged my Experiabox V8 that i have on my VDSL-line from Telfort, but IPTV isn't working yet (although on the Experiabox the LED for 'TV' is on, so it should be okay i guess?).

I have configured a separate interface (OPT1) that listens to VLAN4 on WAN, but it doesn't receive an IP unfortunately. I already have the option below configured for that interface:

dhcp-class-identifier "IPTV_RG"

I know i am kicking an old topic, but you were having the same exact problem, so please help me ;D
See also the Dutch discussion here: https://gathering.tweakers.net/forum/list_message/49823429#49823429

KOM

This thread is ancient and I don't recognize these guys at all so I doubt they're respond.  PDJ last logged on Jan 6 so you might try making a new post here and then PMing him and ask him to look at it.

jahonix

Chances are that your provider is doing Multicast traffic for IP-TV.
Bad news is that, if you need an IGMP proxy for that, it won't work on your VLANs.
It's a long known bug never fixed but considered "rarely used" and pushed from release to release to release.  >:(
Basically every Telekom T-Entertain customer in Germany with a pfSense is affected by this.

https://redmine.pfsense.org/issues/6099
It seems like the next release will have it fixed. Finally.

ThinkPadNL

Thanks for your reply.

Configuring IGMP Proxy is probably the next step. But i thought i would stop for now and first ask, because the OPT1 (VLAN4 on WAN) interface not receiving an IP seems quite problematic to me.

PDJ

I have sent you a PM allready.
You said you have Internet up and running and you said the TV LED is on? did you use a VLAN for internet? or is it without VLAN's?
Did you get a public IP?
Internet should run over a VLAN aswell, if not, you don't have the modem in full bridge the modem is still handeling the VLAN traffic.

BTW, I encourage everyone to get pfsense do all the stuff instead of your experiabox, because your provider can and will look into your LAN network!!
The modem is reporting back what your pc are doing in "your" LAN network.

ThinkPadNL

Internet is running, without configuring a VLAN it worked immediately. The LED for TV is on indeed.
I have a public IP (145.x.x.x) on the WAN-interface, a traceroute shows pfSense as first hop and then some KPN hop (i have Telfort) so the Experiabox is in bridge.

In the PM (lets discuss it here, so others can also possibly have benefits from it) you said: "It is important that if you run pfSense in a ESXi environment, pfSense should do the VLAN tagging". I didn't change anything in ESXi, just attached the WAN-adapter to a vSwitch. Should i turn on the option in ESXi that the network adapter should listen to all VLANs (4095) ? In pfSense i have a OPT1 interface that listens to VLAN4 on the WAN-adapter.

You said that internet should run over a VLAN as well, but i think that is different with VDSL and a fiber connection. In the blog you pointed me to (https://venxir.tweakblogs.net/blog/12507/kpn-glasvezel-via-pfsense) they have a VLAN6 for internet. With VDSL, the internet VLAN is on 34. I'm not sure if i need to do anything with VLANs for the internet now, as my internet connection is working fine. Maybe the Experiabox isn't sending out the VLAN4 for IPTV and thus, i'm not getting an IP on that interface.

I'm hoping 'Maarten90' comes by, as he had exact the same problem, got it fixed, but didn't post the answer unfortunately :(

PDJ

What's not right is the WAN connection, this should run on VLAN 34, it seems like the modem, or something else is already filtering the VLAN tagging.
I see this issue popping up with ESXi more often, what you also culd try to do is let ESXi do the VLAN tagging, you should make new connections in ESXi one with VLAN ID 34, one with VLAN 4 and if you want to use the telephone as well… also the one for TEL (I don't know what ID that one is), add the network connections to your pfsense host and add the interfaces to pfsense (now ESXi will do the filtering)

ThinkPadNL

It looks indeed like the VLANs are being stripped before they reach pfSense.
Regarding your suggestion to create separate interfaces in ESXi for the VLANs, that is also what is being suggested here.

I will try that when i get home tonight. Is there an easy way that i can test if the VLAN4 is being sent by the Experiabox V8 correctly? Can i setup a temporary VM that listens to the VLAN4 adapter to see if that VM receives an IP.  Or connect my Windows laptop to the Experiabox and configure it to listen on VLAN4 with the IPTV_RG request option (how do i do that on Windows?) to see if it receives an IP? That way i can pinpoint the problem to ESXi/Experiabox.

PDJ

Not really, what you could do is install wireshark, let pfsense capture all packages on the VLAN4 interface and analyze what's going on. maybe you see some arp messages from other devices, but I think those will be filtered.
Actually, when you add the dhcp-class-identifier "IPTV_RG" to the dhcp request, that should be enough, so if the VLANs are working it should give you an IP address.
I would suggest focus on the internet connection get that one working on VLAN 34, then you know the VLAN tagging works.

I didn't have VDSL, so for me it was just connecting PFSense to the fiber (via the media converter) so I don't know what to do to let the experiabox not to fuck up…

ThinkPadNL

Another test could be to setup a networkcard in ESXi that listens to VLAN34, give that NIC to pfSense and see if it gets an IP through DHCP i guess?

PDJ

That's what I ment, but you don't need to add a physical network adapter, this should be a virtual adapter

ThinkPadNL

I think i found the problem

The bridge of the Experiabox is only putting through the VLAN34 i guess. That is also the reason i didn't have to do anything with VLAN34 inside pfSense to get internet, it was directly working by putting a DHCP on the WAN-interface in pfSense

The dropdown contained the option 'iptv', when i selected that and applied the bridge again, the internet didn't work anymore and also still no IP on VLAN4 interface.

I also had the possibility to go to the 'LAN' settings tab on the Experiabox. I could assign the VLAN called 'iptv' to a LAN port. I picked port 4 and switched the cable going to my ESXi server from LAN #1 on the Experiabox, to LAN #4 of the Experiabox.

Still: no IP on the VLAN interface. ???

I have connected my Fritz!box back again and turned off the pfSense VM. I think the Experiabox is messing around, i have no clue how to get this working >:( :o Maybe i need a modem that does a full transparent bridge. I thought a 'Draytek Vigor 130' can do such things. However i don't want to spend money on that now.

PDJ

Well first that modem should go to full bridge, you could search the web a bit to do so.
Otherwise try to get a used one.
You could also choose to let the Experibox handle the TV and VOIP and have a bridge for you WAN (that worked and so you still have full control of your internet connection)

ThinkPadNL

None of the options are possible.

A year (or two) ago they used bridged mode for TV, where the LAN #4 was dedicated for IPTV. When you bridged the Experiabox, the internet was passed thru, but for IPTV you still had to connect the settopbox directly to the Experiabox. But now it is changed to routed mode (settopbox is in LAN, not dependent of a specific LAN-port anymore). I don't know how to pull this apart in the Experiabox, as the settings are limited on this.

So for now it is not possible to get IPTV working.

PDJ

Well, I wouldn't give up so easily, I doubt there isn't a way to get a bridge mode… what version of experiabox do you have?
And what are the options in the drop down menu for VLAN, is there an option disable?

ThinkPadNL

I have the Experiabox V8 i received from Telfort.
The only option in the dropdown is 'iptv', the VLAN that is preconfigured on the Experiabox.

I have tried setting that option and pressing 'apply' but that didn't have any effect. I lost my internet connection it seemed, and also still no IP on VLAN4 interface in pfSense.
Maybe the bridge has to be disabled first, and then apply it again with that 'iptv' option selected.

On Tweakers.net forum i read someone ('wizai') that has mapped the 'iptv' to LAN #2 of the Experiabox, and then connected a separate networkcable from that port to his router.
Unfortunately i only have two network adapters on my ESXi host (LAN & WAN), so i can't try that now.