Plex over two LANs video Judder / LAN to LAN routing issue - pls help
-
Hi,
I am not a networking guy so excuse my lack of correct terminology. I managed to get pfsense up and running and on the whole everything is good.
I have one particular problem i have no clue on how to solve.WAN
- i have a 50M cable connection
- i use openvpn for all traffic except my voip phone and work laptop. (seems to work ok)
LAN
- i have two lans
20.x where my nas and work machines are
30.x where my android media devices, dvd, etc are.
I don't have any VLANs, etc setup.
HD youtube video play fine from both networks. no video Judder or audio stuttering
all devices on the 20.x network have no problem to play HD movies from the OMV NAS (Plex) on the 20.x of course.The problem is on the 30.x network.
the devices when playing HD videos from the Plex server have no audio problems but the video skips/hops frames and is therefore not smooth to watch.Would really appreciate some guidance on how to resolve this.
cheers
-
It's likely because your stream is going out through your WAN and back into your second LAN causing Plex to transcode your stream. In other words your 2 LAN subnets by default can't communicate with each other and it's working as it should.
-
I guessed it was probably something like that as I have;
- ports open from LAN B -> A
- basically everything open from LAN A -> B
but default gateway is setup to go to OpenVPN
can i create a route from LAN B -> A to bypass the OpenVPN but still retain the port blocking rules?
obviously i don't want any LAN to LAN traffic to have to go out via the WAN or VPN.
-
Actually i don't think that should happen right….
Green (20.x) Rules
Src: GreenNet Dst: LocalSub Ports: AllowedOutLAN Gateway: *
Src: GreenNet Dst: !LocalSub Ports: AllowedOutWAN Gateway: VPNBlue (30.x) Rules
Src: BlueNet Dst: LocalSub Ports: AllowedOutLAN Gateway: *
Src: BlueNet Dst: !LocalSub Ports: AllowedOutWAN Gateway: VPN -
well how are you accessing plex? if using like plex.direct you would resolve to a public IP. There is a whole about making plex a private domain all over the place for pfsense
private-domain: "plex.direct"
Or just access the server via its local name. For example my plex runs on storage.local.lan - this is how I access so via web http://storage.local.lan:32400 via any app on my phone or tablet use storage.local.lan
Your rules look fine for allowing access without going out the vpn as long as your allowedoutlan ports include your 32400 port for plex, or if you changed it. Do a traceroute to how your accessing your plex, what does it show for your trace?
-
hey john, it is definitely going out over the wan, but i don't understand why.
LAN:Green (media server, internal LAN 192.168.1.x)
LAN:Blue (media players, playstation, LAN 192.168.2.x
WAN: Red
VPN: OpenVPNFloating Rules - Quick
Interface: Green/Blue
Protocol: TCP/UDP
Direction: Any
Source: LocalLAN Alias
Source Port: *
Destination: LocalLAN Alias
Ports: LocalLAN_Ports Alias
Gateway: *Interface: Green/Blue
Protocol: ICMP
Direction: Any
Source: LocalLAN Alias
Source Port: *
Destination: LocalLAN Alias
Ports: *
Gateway: *Interface: Green/Blue
Protocol: ICMP
Direction: Any
Source: LocalLAN Alias
Source Port: *
Destination: !LocalLAN Alias
Ports: *
Gateway: OpenVPN_GWGreen Rules
Interface: Green/Blue
Protocol: TCP/UDP
Direction: Any
Source: LocalLAN Alias
Source Port: *
Destination: !LocalLAN Alias
Ports: LocalWAN_Ports Alias
Gateway: OpenVPNGreen Rules
Interface: Green/Blue
Protocol: TCP/UDP
Direction: Any
Source: LocalLAN Alias
Source Port: *
Destination: !LocalLAN Alias
Ports: LocalWAN_Ports Alias
Gateway: OpenVPNLocalLAN_Ports Alias includes 33434:33464
Linux Green -> Blue
traceroute bluedevice = 1 hops via green_fw_int ** gateway 12.2ms but then 30 hop timeout **
traceroute -I bluedevice = 1 hops via green_fw_int ** instant name resolution repeatedly 8ms to gw 10ms to device**Linux Green -> Green
traceroute greendevice = 0 hops no gateway ** instant name resolution repeatedly but completion on 2nd successive attempt takes 2-3s but trip is .211ms **
traceroute -I greendevice = 0 hops via green_fw_int ** instant name resolution repeatedly 0.16ms to device**Linux Blue -> Green
traceroute -I greendevice = 1 hops via blue_fw_int ** instant name resolution repeatedly 15ms to gw 22ms to device**
traceroute greendevice = 2 hops via blue_fw_int ** instant name resolution and completion on first attempt repeatedly **
traceroute greendevice = 2 hops via blue_fw_int ** instant name resolution repeatedly but completion on 2nd successive attempt takes 2-3s but trip is .211ms **could it be going on the 2nd attempt out the VPN/WAN?
- how can i find / provide this?
- is there something wrong in the logic of my rules above?
- or, is this possibly a packet loss problem…but how can i check it?
-
Why are you putting rules on your floating tab???
Please post up you rules so they are easy to read – ie screenshots!! Are so much quicker to get.. See my example..
Also without the details of the aliases - can not even tell what you wan those rules to do even..
-
why would/should i not use floating rules?
e.g. DNS 53 for both lan interfaces.
instead of two rules, i can make one floating rule.
Isn't that better for management, or is there some other reason i shouldn't do that?
-
Its easy to see quickly your rules if on their own interfaces. To be honest easier to setup as well for source and destination.
Floating rules make sense if you need to do outbound rules. Or you need some rule that is common that applies to all interfaces sure, floating rules apply before rules on the interface.
And with you using aliases and not posting the details of those it makes it very difficult to make heads or tails of your rules.