Openvpn and virgin media v6

stephenw10

Is it using IPv6?

Try checking the state table for all states from 192.168.0.211. Make sure they are all via WAN and are NAT'd correctly.

That box streams live TV also? Does it require multicast or a specific VLAN or even 802.1p tags? This could be far more complex than just passing traffic through the firewall.

Steve

techy82

it is ipv4

Thanks i'll check the state table

The box is for live tv but it does this via coax, it uses the network for youtube, epg, on demand etc

I have my ps4 setup in the same way, so I wasnt sure if there server trys to connect back to the box

Thanks again

techy82

I have had a look at the state table

and on the lan interface it is showing the ip going straight out to the correct destination

there is another wan entry showing my openvpn ip going out to the correct destination

both entries show the same sized packets and bytes?

Thanks

stephenw10

If you are policy routing the traffic then you must have the OpenVPN interface assigned and if that traffic were going over the VPN you would see an outbound state on the OpenVPN interface.

I expect to see a state on the LAN from your v6box to the public IP and another state on the WAN showing the same traffic but NAT'd to the WAN address for each outbound connection.

That must be working to some extent to allow on demand services.

Steve

techy82

it is really strange, everything works fine on it apart from the negotiation bit, which looks to download the epg every few weeks, could the virgin server be trying to get access back to the box and is being blocked for some reason?

it is setup the same way as my ps4 bypass, which works fine

Thanks again!

stephenw10

It could be though that seems odd if it is.

You'd have to try and catch it doing it to find out what's happening. Or find some other useful person who's already done it.  ;)
If you can trigger it try catching the states or logging everything it opens with a specific firewall rule. Or run a packet capture filtered for it.

Steve

techy82

Has anyone else got a virgin media v6 box and a similar issue?

I have ran packet monitoring and can't see anything that stands out, if I disable open vpn it works fine but it's a pain every week, it only seems to effect downloading the epg

On demand services work fine

stephenw10

You could try reversing your policy routing rules.

Add a rule that policy routes everything you need to via the OpenVPN and leaves everything else to go straight to WAN.

The only reasonable explanation here is that the EPG is reaching out and being routed via the VPN currently where it cannot reach the server.

Steve

techy82

Thanks I'll give that a go, as it does seem strange how it's only effecting the epg, thanks very much!

conor

@techy82

That LAN rule you show a snip of, is there anything above that? If it works with the openvpn off then it really looks like an incorrect rule.