Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Multicast video traffic over OpenVPN

OpenVPN

2

4

621

Log in to reply

C

chiefsfan
last edited by

Hello, I am trying to setup a test lab for our developer so we can work on an IPTV app. We've got a DirectTV com box that uses multicast addresses for each channel.

I've got a PFSense box infront of it and have setup OpenVPN on it so our Developer can get connected, however I've been unable to send the mutlicast traffic over the VPN and was hoping someone can help.

I've got it setup with a TAP adapter
my local subnet is 192.168.0.0/16
My remote subnet is 10.99.99.0/24
My multicast addresses are 239.255.0.18-67

I've tried both redirecting all traffic over the VPN
I am not advertising the multicast addresses over the VPN, does that need to be done?

Any advice would be appreciated thank you
M 1 Reply Last reply
Reply Quote 0
M

michmoor LAYER 8 Rebel Alliance @chiefsfan
last edited by

@chiefsfan
Multicast between networks will require PIM.
Typically PIM Sparse mode is used in which case you will need an RP.
PIM Dense doesnt require an RP but will instead flood the multicast downstream from the source to each 'branch' [where a PIM Join was heard].

There is a pimd package available.
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise
1 Reply Last reply
Reply Quote 0
C

chiefsfan
last edited by chiefsfan

Ok I've just installed the PIMd package.

On the interfaces I've added the OpenVPN interface and I set it to always bind.

I've left everything else as default. Is that correct?

Thank you

Here is what I'm showing on the status. I went into the RP address and added my switch which is 192.168.0.2 since it's the querier

Virtual Interface Table ======================================================
Vif Local Address Subnet Thresh Flags Neighbors

0 192.168.0.1 192.168/16 1 DR NO-NBR
1 14.0.0.1 14.0.0.1/28 1 DR NO-NBR
2 10.99.99.1 10.99.99/24 1 DR NO-NBR
3 192.168.0.1 register_vif0 1

Vif SSM Group Sources

Multicast Routing Table ======================================================
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.18 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.19 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.34 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.35 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.50 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.51 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.66 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...

TIMERS: Entry JP RS Assert VIFS: 0 1 2 3
210 50 0 0 0 0 0 0
----------------------------------- (S,G) ------------------------------------
Source Group RP Address Flags

192.168.0.3 239.255.0.67 192.168.0.2 CACHE SG
Joined oifs: ...j
Pruned oifs: ....
Leaves oifs: ....
Asserted oifs: ....
Outgoing oifs: ...o
Incoming : I...
M 1 Reply Last reply
Reply Quote 0
M

michmoor LAYER 8 Rebel Alliance @chiefsfan
last edited by

@chiefsfan The remote side needs to have PIM enabled as well. You could have it point to your switch or maybe firewall as the RP (up to you). The main thing is that if the firewall is the RP, then all network points need to know who the RP is. That means your switch, firewalls, remote switches.
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1