Not getting IP on IPTV vlan via ISP

Maarten90 · Jan 14, 2016, 12:55 AM

After I've successfully setup my internet connection (XS4ALL, Dutch provider), I'm now trying to get routed IPTV working.

Some details:

em0: NIC connected to my Draytek vigor 130
vlan6: ISP provided VLAN for internet access
vlan4: ISP provided VLAN for IPTV
PFSense is running on version 2.2.5

Screenshots with current non-working config

According to http://netwerkje.com/routed-iptv I should get an IP as long as I specify dhcp-option 60. But I dont get one. For testing purposes I've also added a any/any firewall rule for the IPTV interface. I'm also notblocking private or bogon networks on this interface. Any ideas on how to get this going?

PDJ · Jan 14, 2016, 8:39 PM

I'll make a post how to set everything up this weekend.
I have Telfort (exactly the same as XS4ALL) and have replaced the exepriabox with PFSense, and IPTV is routed.
Do you have a fiber or DSL connection?

Maarten90 · Jan 15, 2016, 1:27 AM

Thanks in advance for this, PDJ. I have a (V)DSL line.

PDJ · Jan 15, 2016, 10:10 PM

There is a difference in setup, I have fiber and Telfort as provider, the IPTV is the same, only Telfort is not using a pppoe tunnel.
Let's do it step by step.
I think the IPTV will not connect over the pppoe tunnel.
First the Draytek should be configure as a bridge.
The WAN side should have a VLAN with tag 4 (you allready set that up)
The PPPOE tunnel should be setup on em0
Make a vlan tag 4 on em0 and go to settings

Note: I gave my IPTV a sepperate network, it got also vlan tag 4 and my switch will "forward" it to a port where the IPTV box is connected to, it could also be your standard lan

Then go to Interfaces settings and set it up as this picture

If it is setup right, you should get an ip on the IPTV WAN interface, something like 10.x.x.x subnet 255.255.248.0

after ttha you need to setup IGMP proxy, but first you need to update it manually in the console, the standard IGMP proxy has a bug, it will freeze the TV after a while, with the latest version this has been fixed. I can help you with doing that.

Maarten90 · Jan 16, 2016, 5:38 PM

Thanks for your reply! Sadly it still does not get an IP. ~~I think its because VLANs and PPPoE connections work differently or something like that. Last night I've spent hours on getting it to work, with no luck so far. Even bridged my WAN interface with 'VLAN 4 on em0', still no luck. As you said, I also do not think that vlan 4 should be a interface on the PPPoE connection. But I'm currently out of ideas when it comes to how to get this to work. Just to mention: My network is already using VLANs with managed switches. Inside VMWare ESX I assigned the network where my pfsense box and draytek are connected to vlan 4095 so that all VLANs would pass. I think this is setup the correct way since vlan 6 is able to pass.

Just a thought: How should Pfsense know where to send VLAN 4? Because VLAN 4 on em0 is non-existent right? I mean VLAN 4 lives on the other side of the PPPoE connection right?~~

EDIT:

Looked at the request thats being done by tcpdump, and I dont see option 60 specified in the request:


18:33:58.244426 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0c:29:d4:64:2b (oui Unknown), length 300, xid 0xf21823d6, secs 41, Flags [none]
          Client-Ethernet-Address 00:0c:29:d4:64:2b (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: hardware-type 73, 50:54:56:5f:52:47
            Hostname Option 12, length 4: "fw01"
            Parameter-Request Option 55, length 9:
              Subnet-Mask, BR, Time-Zone, Classless-Static-Route
              Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
              Option 119

So the question would be, should it show option 60 in this dump (I am actually sure it should)? And if it should, why doesnt it show? I checked the DHCP logs to see if I maybe misspelled the option name which throws an error, but that aint the case.

PDJ · Jan 16, 2016, 6:57 PM

That's strange, I should check if it will send the option in my setup.
Did you fill in a hostname?
Did you get the pppoe tunnel to work on the PFSense?
And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)

the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
The option is correct, you can see it on my screendump, that setup is working fine

Maarten90 · Jan 16, 2016, 7:29 PM

@PDJ:

That's strange, I should check if it will send the option in my setup.
Did you fill in a hostname?
Did you get the pppoe tunnel to work on the PFSense?
And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)

the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
The option is correct, you can see it on my screendump, that setup is working fine

The PPPoE tunnel works just fine, since I'm having internet access. I had changed the MTU to 1504 previously as it is in your screenshot, but didnt check with TCPdump that time.

PDJ · Jan 16, 2016, 9:21 PM

That's good, please check if you dissbaled the vlan's in the pppoe tunnel, that could interfere with the em0 vlan.
I checked if I can get an ip without the extra settings (dhcp-class-identifier "IPTV_RG"), without those settings I don't get an ip on my TVWAN interface.
What I recently found out that there is something strange with the dhcp client, I wanted to make a dump for you aswell, but when I release the IP (to do a new request) I do not get an ip anymore and the webgui is very very slow (2 mins to load a page) I had to restart my pfsense (tried it 2 times with the same results)
So try to reboot you pfsense

Maarten90 · Jan 17, 2016, 1:25 AM

Solved by specifying dhcp-class-identifier instead of dhcp-client-identifier . I can now see option 60 being sent. Still no IP though.

PDJ · Jan 17, 2016, 8:21 AM

What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

Maarten90 · Jan 18, 2016, 3:36 PM

@PDJ:

What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

Thanks for getting back to this. I'll try to describe my setup as good as I can:

I have two switches a HP V1810, and a HP V1910 , both already do VLANS. The V1810 is downstairs. It has got one cable running to the other switch. This is the trunk connection over which all VLANS pass tagged, also VLAN 4 and 6. Then on that same switch I have my bridged vigor 130. The Draytek is tagged in VLAN 4 and 6. Also on this switch is my Settopbox, untagged in VLAN 4.

Upstairs I have the V1910, aside from the earlier mentioned trunk connection, it has my ESX 6.1 machine, which is tagged in all VLANS,also VLAN 4 and 6. Then, Inside VMWare I defined a VM Network with VLAN 4095 (all VLANs). The WAN connection on Pfsense uses an interface thats connected to this VM Network. VLAN 4 and 6 are created within Pfsense (2.2.6 now). Thee WAN connection is setup using PPPoE and over that interface goes em0_vlan6. This is how its setup. Internet works well this way. But I cant get VLAN 4 to work.

However I'm starting to think that it might be better to, instead of having one VM Network on vlan 4095, Create two VM Networks, one in VLAN 4, and one in VLAN6, and then assign the networks to pfsense.
I just created two new networks inside ESX, one tagged with vlan 4, and one tagged with vlan 6. Assigned them to Pfsense and Internet is working again, but IPTV still doesnt get an IP. At this time i'm not doing any VLAN tagging inside Pfsense.

Edit:
Just setup a debian box on vlan 4 to act as a dhcpserver, and that works. So VLAN4 seems fine. The only thing is, I think, that pfsense somehow doesnt know how to get a IP address from my ISP.

Maarten90 · Jan 19, 2016, 5:54 PM

Tested some more. I have two trunk connections between my switches. I took one of them and connected one end to the Draytek, and one end to my ESX box. This to eliminate the possibility that the configuration of my switches is wrong. Created a new VM Network with VLAN 4095, and did the tagging within Pfsense. Internet works immediately, but VLAN 4 for IPTV still doesnt get an IP. Also tried it with two VM networks one with VLAN 6, and one with VLAN 4, and no tagging inside Pfsense, same results. Note that everything works like it should when I connect my Fritzbox again, so the problem should be somewhere on the end of Pfsense, or ESX.

Note that everything works as it should when I connect my Fritzbox again.

PDJ · Jan 21, 2016, 5:23 PM

Maybe you could lt PFSense do the VLAN tagging and connect it directly to the modem.
I think you should also remove the hostname in you DHCP request, it's now pfsense, this should be left blank

ThinkPadNL · Jan 11, 2017, 8:29 PM

Hi Maarten90,

Did you get this working in the end? I am running pfSense (2.3.2-RELEASE-p1) on my ESXi box with two network interfaces and i got internet up and running quickly after i bridged my Experiabox V8 that i have on my VDSL-line from Telfort, but IPTV isn't working yet (although on the Experiabox the LED for 'TV' is on, so it should be okay i guess?).

I have configured a separate interface (OPT1) that listens to VLAN4 on WAN, but it doesn't receive an IP unfortunately. I already have the option below configured for that interface:

dhcp-class-identifier "IPTV_RG"

I know i am kicking an old topic, but you were having the same exact problem, so please help me ;D
See also the Dutch discussion here: https://gathering.tweakers.net/forum/list_message/49823429#49823429

KOM · Jan 11, 2017, 8:46 PM

This thread is ancient and I don't recognize these guys at all so I doubt they're respond. PDJ last logged on Jan 6 so you might try making a new post here and then PMing him and ask him to look at it.

jahonix · Jan 11, 2017, 9:26 PM

Chances are that your provider is doing Multicast traffic for IP-TV.
Bad news is that, if you need an IGMP proxy for that, it won't work on your VLANs.
It's a long known bug never fixed but considered "rarely used" and pushed from release to release to release. >:(
Basically every Telekom T-Entertain customer in Germany with a pfSense is affected by this.

https://redmine.pfsense.org/issues/6099
It seems like the next release will have it fixed. Finally.

ThinkPadNL · Jan 11, 2017, 10:08 PM

Thanks for your reply.

Configuring IGMP Proxy is probably the next step. But i thought i would stop for now and first ask, because the OPT1 (VLAN4 on WAN) interface not receiving an IP seems quite problematic to me.

PDJ · Jan 12, 2017, 6:07 AM

I have sent you a PM allready.
You said you have Internet up and running and you said the TV LED is on? did you use a VLAN for internet? or is it without VLAN's?
Did you get a public IP?
Internet should run over a VLAN aswell, if not, you don't have the modem in full bridge the modem is still handeling the VLAN traffic.

BTW, I encourage everyone to get pfsense do all the stuff instead of your experiabox, because your provider can and will look into your LAN network!!
The modem is reporting back what your pc are doing in "your" LAN network.

ThinkPadNL · Jan 12, 2017, 7:15 AM

Internet is running, without configuring a VLAN it worked immediately. The LED for TV is on indeed.
I have a public IP (145.x.x.x) on the WAN-interface, a traceroute shows pfSense as first hop and then some KPN hop (i have Telfort) so the Experiabox is in bridge.

In the PM (lets discuss it here, so others can also possibly have benefits from it) you said: "It is important that if you run pfSense in a ESXi environment, pfSense should do the VLAN tagging". I didn't change anything in ESXi, just attached the WAN-adapter to a vSwitch. Should i turn on the option in ESXi that the network adapter should listen to all VLANs (4095) ? In pfSense i have a OPT1 interface that listens to VLAN4 on the WAN-adapter.

You said that internet should run over a VLAN as well, but i think that is different with VDSL and a fiber connection. In the blog you pointed me to (https://venxir.tweakblogs.net/blog/12507/kpn-glasvezel-via-pfsense) they have a VLAN6 for internet. With VDSL, the internet VLAN is on 34. I'm not sure if i need to do anything with VLANs for the internet now, as my internet connection is working fine. Maybe the Experiabox isn't sending out the VLAN4 for IPTV and thus, i'm not getting an IP on that interface.

I'm hoping 'Maarten90' comes by, as he had exact the same problem, got it fixed, but didn't post the answer unfortunately :(

PDJ · Jan 12, 2017, 8:36 AM

What's not right is the WAN connection, this should run on VLAN 34, it seems like the modem, or something else is already filtering the VLAN tagging.
I see this issue popping up with ESXi more often, what you also culd try to do is let ESXi do the VLAN tagging, you should make new connections in ESXi one with VLAN ID 34, one with VLAN 4 and if you want to use the telephone as well… also the one for TEL (I don't know what ID that one is), add the network connections to your pfsense host and add the interfaces to pfsense (now ESXi will do the filtering)