Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Multicast to a GRE tunnel using IGMP Proxy

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MSilva
      last edited by

      Hello,

      I am trying to route some multicast stream (UDP 239.x.x.x) to one GRE interface on pFsense 2.2.
      But I am not having success in doing it.

      I have done the following:

      1)Create de GRE tunnel + create the GRE interface
        I am able to ping the other endpoint of the GRE tunnel with success.

      1. I have configured the IGMP proxy to have one Upstream and two downstreams.
          First Interface Downstream is the GRE interface
          Second Donwstream Interface is one physical interface.

      2. I have step up the firewall rules to permit everyting, and also in the rules "Advanced Options" I have activated the flag "This allows packets with IP Options to pass".

      I see that the multicast routed to the other Tunnel endpoint for some seconds and then stop!
      I can see, on pfsense, using tcpdump that the IGMP requests are arriving from the GRE tunnel, but for some reason the multicasts are not routed to it.

      I see that if i restart the IGMP Proxy service, the multicast start being routed again to the tunnel interface, but only for a short period of time.

      I already read almost all the posts about this topic, and it were them that show me the right path, but now I am not able to figured out what is happening.

      Can some have an idea of is the cause?

      Thanks in advance!

      Manuel Silva.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        https://redmine.pfsense.org/issues/4672

        1 Reply Last reply Reply Quote 0
        • M
          MSilva
          last edited by

          Hello,

          I have done the configuration mentioned on the post, but still no multicast is arriving on the tunnel.

          The configurations are:

          1. IGMP Proxy

          :more igmpproxy.conf

          ##–----------------------------------------------------

          Enable Quickleave mode (Sends Leave instantly)

          ##------------------------------------------------------
          quickleave
          phyint em3 upstream ratelimit 0 threshold 1
          altnet 192.168.113.0/24
          altnet 239.255.1.8/8

          phyint gre0 downstream ratelimit 0 threshold 1
          altnet 10.10.10.0/30
          altnet 239.255.1.8/8

          phyint bge0 disabled
          phyint em0 disabled
          phyint bge1 disabled
          phyint em1 disabled
          phyint em2 disabled

          1. The firewall rules are:  pfctl -sr | grep allow-opts

          pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
          pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
          pass out route-to (bge0 192.168.0.254) inet from 192.168.0.25 to ! 192.168.0.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
          pass out route-to (bge1 REMOTE_SERVER) inet from REMOTE_SERVER to ! REMOTE_SERVER/16 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
          pass out route-to (em2 192.168.3.254) inet from 192.168.3.25 to ! 192.168.3.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
          pass out route-to (gre0 10.10.10.2) inet from 10.10.10.1 to ! 10.10.10.0/30 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
          pass in quick on em3 inet proto udp from any to 224.0.0.0/4 keep state allow-opts label "USER_RULE"
          pass in quick on em3 inet from any to 192.168.113.0/24 flags S/SA keep state allow-opts label "USER_RULE"
          pass in quick on em3 inet proto icmp all keep state allow-opts label "USER_RULE"
          pass in quick on em3 inet proto udp all keep state allow-opts label "USER_RULE"
          pass in quick on em3 inet all flags S/SA keep state allow-opts label "USER_RULE"
          pass in quick on em1 inet proto igmp all keep state allow-opts label "USER_RULE: Multicat traffic IGMP"
          pass in quick on em1 inet proto udp from any to 224.0.0.0/4 keep state allow-opts label "USER_RULE: Multicat traffic UDP"
          pass in quick on em2 reply-to (em2 192.168.3.254) inet proto igmp all no state allow-opts label "USER_RULE"
          pass in quick on em2 reply-to (em2 192.168.3.254) inet proto icmp all keep state allow-opts label "USER_RULE"
          pass in quick on em2 reply-to (em2 192.168.3.254) inet proto udp all keep state allow-opts label "USER_RULE"
          pass in quick on em2 reply-to (em2 192.168.3.254) inet all flags S/SA keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet proto igmp from 10.10.10.0/30 to 224.0.0.0/8 keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet from any to 192.168.113.0/24 flags S/SA keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet all flags S/SA keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet proto igmp all keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet proto udp all keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet proto icmp all keep state allow-opts label "USER_RULE"
          pass in quick on gre0 reply-to (gre0 10.10.10.2) inet proto gre all keep state allow-opts label "USER_RULE"

          The multicast are arriving in interface EM3 and should be routed to tunnel interface GRE0

          I see the multicast report arriving on the GRE0 interface, 10.10.10.2 is the remote tunnel endpoint :
          15:39:04.138013 IP 10.10.10.2 > 239.255.1.8: igmp v2 report 239.255.1.8
          15:39:11.757964 IP 10.10.10.2 > 239.255.1.8: igmp v2 report 239.255.1.8
          15:39:16.461933 IP 10.10.10.2 > 239.255.1.8: igmp v2 report 239.255.1.8

          When these igmp are arriving on the GRE0 interface I see on the igmpproxy logs the error message:
          No interfaces found for source 10.10.10.2

          And I see not igmp traffic on EM3 interface when i do "tcpdump -vvni em3 igmp.

          I can not understand why this is not working, do someone has some advise for me please?

          Best

          Manuel

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @MSilva:

            I have done the configuration mentioned on the post, but still no multicast is arriving on the tunnel.

            What post? Already linked you to a bug which tells you that the package (which alone is totally dead upstream) is about 5 years behind the dead upstream on pfSense.  ::) It's broken, stop wasting your time.

            1 Reply Last reply Reply Quote 0
            • M
              MSilva
              last edited by

              Hello,

              well, there are several post in this forum and i read all of them, to see if I could have some solution using pFsense.

              I have done the IGMPPROXY pkg upgrade, and was hopping it could work as indicated in the post https://forum.pfsense.org/index.php?topic=93293.0.

              I could try other approaches like xorp/smcroute/mroute or similar. But i like pfSense, so I doing an effort to see if the igmpproxy could work for me.

              If that will never work, then i will put it aside and explore other solutions.

              Best.

              Manuel

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                I have absolutely zero clue what "upgrade" are you talking about. The binary shipped with pfSense core is about 10 years old broken code. There is no pkg anywhere and nothing got upgraded anywhere.

                1 Reply Last reply Reply Quote 0
                • M
                  MSilva
                  last edited by

                  I am talking about the post done by "Andrew453"
                  "
                  First you need to upgrade igmpproxy in the shell.

                  pkg
                  pkg update
                  pkg install igmpproxy

                  However, once you've done this, because the command line options for igmpproxy 0.1 are different to the existing version on pfSense, igmpproxy won't start on boot.  You therefore need a custom shell script to do it:

                  "

                  Possibly i read it wrong and get the wrong idea.

                  Regards,

                  MP

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Perhaps ask someone who's using it on the other thread…

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.