Openvpn and virgin media v6



  • Hi alli have a virgin media v6 box and I'm using pia

    I have a lan rule to pass straight to the wan gateway bypassing openvpn

    Dns connects okay ETC,  however it is failing to download the program guide and shows a negotation error

    Any ideas

    Thanks very much


  • Netgate Administrator

    This is version 6 of the IPTV box not an IPv6 question I assume?

    What rules are you using on LAN exactly? Guess work otherwise.

    What error does it show?

    Steve



  • Hi

    Yes it is a cable tv box but it uses the network now instead of the old type with a cable modem built in

    I have a lan rule set as shown, I can use on demand services but for some reason it doesn't download the EPG and reports that it cannot connect? no error is shown on the cable tv box apart from the negotiation error, i have ran the dns test on the cable tv box and that works fine.

    Thanks very much

    ![image test.JPG_thumb](/public/imported_attachments/1/image test.JPG_thumb)
    ![image test.JPG](/public/imported_attachments/1/image test.JPG)


  • Netgate Administrator

    Is it using IPv6?

    Try checking the state table for all states from 192.168.0.211. Make sure they are all via WAN and are NAT'd correctly.

    That box streams live TV also? Does it require multicast or a specific VLAN or even 802.1p tags? This could be far more complex than just passing traffic through the firewall.

    Steve



  • it is ipv4

    Thanks i'll check the state table

    The box is for live tv but it does this via coax, it uses the network for youtube, epg, on demand etc

    I have my ps4 setup in the same way, so I wasnt sure if there server trys to connect back to the box

    Thanks again



  • I have had a look at the state table

    and on the lan interface it is showing the ip going straight out to the correct destination

    there is another wan entry showing my openvpn ip going out to the correct destination

    both entries show the same sized packets and bytes?

    Thanks


  • Netgate Administrator

    If you are policy routing the traffic then you must have the OpenVPN interface assigned and if that traffic were going over the VPN you would see an outbound state on the OpenVPN interface.

    I expect to see a state on the LAN from your v6box to the public IP and another state on the WAN showing the same traffic but NAT'd to the WAN address for each outbound connection.

    That must be working to some extent to allow on demand services.

    Steve



  • it is really strange, everything works fine on it apart from the negotiation bit, which looks to download the epg every few weeks, could the virgin server be trying to get access back to the box and is being blocked for some reason?

    it is setup the same way as my ps4 bypass, which works fine

    Thanks again!


  • Netgate Administrator

    It could be though that seems odd if it is.

    You'd have to try and catch it doing it to find out what's happening. Or find some other useful person who's already done it.  ;)
    If you can trigger it try catching the states or logging everything it opens with a specific firewall rule. Or run a packet capture filtered for it.

    Steve



  • Has anyone else got a virgin media v6 box and a similar issue?

    I have ran packet monitoring and can't see anything that stands out, if I disable open vpn it works fine but it's a pain every week, it only seems to effect downloading the epg

    On demand services work fine


  • Netgate Administrator

    You could try reversing your policy routing rules.

    Add a rule that policy routes everything you need to via the OpenVPN and leaves everything else to go straight to WAN.

    The only reasonable explanation here is that the EPG is reaching out and being routed via the VPN currently where it cannot reach the server.

    Steve



  • Thanks I'll give that a go, as it does seem strange how it's only effecting the epg, thanks very much!



  • @techy82

    That LAN rule you show a snip of, is there anything above that? If it works with the openvpn off then it really looks like an incorrect rule.


Log in to reply