Not getting IP on IPTV vlan via ISP
-
After I've successfully setup my internet connection (XS4ALL, Dutch provider), I'm now trying to get routed IPTV working.
Some details:
em0: NIC connected to my Draytek vigor 130
vlan6: ISP provided VLAN for internet access
vlan4: ISP provided VLAN for IPTV
PFSense is running on version 2.2.5Screenshots with current non-working config
According to http://netwerkje.com/routed-iptv I should get an IP as long as I specify dhcp-option 60. But I dont get one. For testing purposes I've also added a any/any firewall rule for the IPTV interface. I'm also notblocking private or bogon networks on this interface. Any ideas on how to get this going?
-
I'll make a post how to set everything up this weekend.
I have Telfort (exactly the same as XS4ALL) and have replaced the exepriabox with PFSense, and IPTV is routed.
Do you have a fiber or DSL connection? -
Thanks in advance for this, PDJ. I have a (V)DSL line.
-
There is a difference in setup, I have fiber and Telfort as provider, the IPTV is the same, only Telfort is not using a pppoe tunnel.
Let's do it step by step.
I think the IPTV will not connect over the pppoe tunnel.
First the Draytek should be configure as a bridge.
The WAN side should have a VLAN with tag 4 (you allready set that up)
The PPPOE tunnel should be setup on em0
Make a vlan tag 4 on em0 and go to settings
Note: I gave my IPTV a sepperate network, it got also vlan tag 4 and my switch will "forward" it to a port where the IPTV box is connected to, it could also be your standard lanThen go to Interfaces settings and set it up as this picture
If it is setup right, you should get an ip on the IPTV WAN interface, something like 10.x.x.x subnet 255.255.248.0
after ttha you need to setup IGMP proxy, but first you need to update it manually in the console, the standard IGMP proxy has a bug, it will freeze the TV after a while, with the latest version this has been fixed. I can help you with doing that.
-
Thanks for your reply! Sadly it still does not get an IP. ~~I think its because VLANs and PPPoE connections work differently or something like that. Last night I've spent hours on getting it to work, with no luck so far. Even bridged my WAN interface with 'VLAN 4 on em0', still no luck. As you said, I also do not think that vlan 4 should be a interface on the PPPoE connection. But I'm currently out of ideas when it comes to how to get this to work. Just to mention: My network is already using VLANs with managed switches. Inside VMWare ESX I assigned the network where my pfsense box and draytek are connected to vlan 4095 so that all VLANs would pass. I think this is setup the correct way since vlan 6 is able to pass.
Just a thought: How should Pfsense know where to send VLAN 4? Because VLAN 4 on em0 is non-existent right? I mean VLAN 4 lives on the other side of the PPPoE connection right?~~
EDIT:
Looked at the request thats being done by tcpdump, and I dont see option 60 specified in the request:
18:33:58.244426 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0c:29:d4:64:2b (oui Unknown), length 300, xid 0xf21823d6, secs 41, Flags [none] Client-Ethernet-Address 00:0c:29:d4:64:2b (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: hardware-type 73, 50:54:56:5f:52:47 Hostname Option 12, length 4: "fw01" Parameter-Request Option 55, length 9: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Default-Gateway, Domain-Name, Domain-Name-Server, Hostname Option 119So the question would be, should it show option 60 in this dump (I am actually sure it should)? And if it should, why doesnt it show? I checked the DHCP logs to see if I maybe misspelled the option name which throws an error, but that aint the case.
-
That's strange, I should check if it will send the option in my setup.
Did you fill in a hostname?
Did you get the pppoe tunnel to work on the PFSense?
And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
The option is correct, you can see it on my screendump, that setup is working fine -
@PDJ:
That's strange, I should check if it will send the option in my setup.
Did you fill in a hostname?
Did you get the pppoe tunnel to work on the PFSense?
And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
The option is correct, you can see it on my screendump, that setup is working fineThe PPPoE tunnel works just fine, since I'm having internet access. I had changed the MTU to 1504 previously as it is in your screenshot, but didnt check with TCPdump that time.
-
That's good, please check if you dissbaled the vlan's in the pppoe tunnel, that could interfere with the em0 vlan.
I checked if I can get an ip without the extra settings (dhcp-class-identifier "IPTV_RG"), without those settings I don't get an ip on my TVWAN interface.
What I recently found out that there is something strange with the dhcp client, I wanted to make a dump for you aswell, but when I release the IP (to do a new request) I do not get an ip anymore and the webgui is very very slow (2 mins to load a page) I had to restart my pfsense (tried it 2 times with the same results)
So try to reboot you pfsense -
Solved by specifying dhcp-class-identifier instead of dhcp-client-identifier . I can now see option 60 being sent. Still no IP though.
-
What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked. -
@PDJ:
What is your setup?
Is the PFSense connected directly to the modem?
You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.Thanks for getting back to this. I'll try to describe my setup as good as I can:
I have two switches a HP V1810, and a HP V1910 , both already do VLANS. The V1810 is downstairs. It has got one cable running to the other switch. This is the trunk connection over which all VLANS pass tagged, also VLAN 4 and 6. Then on that same switch I have my bridged vigor 130. The Draytek is tagged in VLAN 4 and 6. Also on this switch is my Settopbox, untagged in VLAN 4.
Upstairs I have the V1910, aside from the earlier mentioned trunk connection, it has my ESX 6.1 machine, which is tagged in all VLANS,also VLAN 4 and 6. Then, Inside VMWare I defined a VM Network with VLAN 4095 (all VLANs). The WAN connection on Pfsense uses an interface thats connected to this VM Network. VLAN 4 and 6 are created within Pfsense (2.2.6 now). Thee WAN connection is setup using PPPoE and over that interface goes em0_vlan6. This is how its setup. Internet works well this way. But I cant get VLAN 4 to work.
However I'm starting to think that it might be better to, instead of having one VM Network on vlan 4095, Create two VM Networks, one in VLAN 4, and one in VLAN6, and then assign the networks to pfsense.
I just created two new networks inside ESX, one tagged with vlan 4, and one tagged with vlan 6. Assigned them to Pfsense and Internet is working again, but IPTV still doesnt get an IP. At this time i'm not doing any VLAN tagging inside Pfsense.
Edit:
Just setup a debian box on vlan 4 to act as a dhcpserver, and that works. So VLAN4 seems fine. The only thing is, I think, that pfsense somehow doesnt know how to get a IP address from my ISP. -
Tested some more. I have two trunk connections between my switches. I took one of them and connected one end to the Draytek, and one end to my ESX box. This to eliminate the possibility that the configuration of my switches is wrong. Created a new VM Network with VLAN 4095, and did the tagging within Pfsense. Internet works immediately, but VLAN 4 for IPTV still doesnt get an IP. Also tried it with two VM networks one with VLAN 6, and one with VLAN 4, and no tagging inside Pfsense, same results. Note that everything works like it should when I connect my Fritzbox again, so the problem should be somewhere on the end of Pfsense, or ESX.
Note that everything works as it should when I connect my Fritzbox again.
-
Maybe you could lt PFSense do the VLAN tagging and connect it directly to the modem.
I think you should also remove the hostname in you DHCP request, it's now pfsense, this should be left blank -
Hi Maarten90,
Did you get this working in the end? I am running pfSense (2.3.2-RELEASE-p1) on my ESXi box with two network interfaces and i got internet up and running quickly after i bridged my Experiabox V8 that i have on my VDSL-line from Telfort, but IPTV isn't working yet (although on the Experiabox the LED for 'TV' is on, so it should be okay i guess?).
I have configured a separate interface (OPT1) that listens to VLAN4 on WAN, but it doesn't receive an IP unfortunately. I already have the option below configured for that interface:
dhcp-class-identifier "IPTV_RG"I know i am kicking an old topic, but you were having the same exact problem, so please help me ;D
See also the Dutch discussion here: https://gathering.tweakers.net/forum/list_message/49823429#49823429 -
This thread is ancient and I don't recognize these guys at all so I doubt they're respond. PDJ last logged on Jan 6 so you might try making a new post here and then PMing him and ask him to look at it.
-
Chances are that your provider is doing Multicast traffic for IP-TV.
Bad news is that, if you need an IGMP proxy for that, it won't work on your VLANs.
It's a long known bug never fixed but considered "rarely used" and pushed from release to release to release. >:(
Basically every Telekom T-Entertain customer in Germany with a pfSense is affected by this.https://redmine.pfsense.org/issues/6099
It seems like the next release will have it fixed. Finally. -
Thanks for your reply.
Configuring IGMP Proxy is probably the next step. But i thought i would stop for now and first ask, because the OPT1 (VLAN4 on WAN) interface not receiving an IP seems quite problematic to me.
-
I have sent you a PM allready.
You said you have Internet up and running and you said the TV LED is on? did you use a VLAN for internet? or is it without VLAN's?
Did you get a public IP?
Internet should run over a VLAN aswell, if not, you don't have the modem in full bridge the modem is still handeling the VLAN traffic.BTW, I encourage everyone to get pfsense do all the stuff instead of your experiabox, because your provider can and will look into your LAN network!!
The modem is reporting back what your pc are doing in "your" LAN network. -
Internet is running, without configuring a VLAN it worked immediately. The LED for TV is on indeed.
I have a public IP (145.x.x.x) on the WAN-interface, a traceroute shows pfSense as first hop and then some KPN hop (i have Telfort) so the Experiabox is in bridge.In the PM (lets discuss it here, so others can also possibly have benefits from it) you said: "It is important that if you run pfSense in a ESXi environment, pfSense should do the VLAN tagging". I didn't change anything in ESXi, just attached the WAN-adapter to a vSwitch. Should i turn on the option in ESXi that the network adapter should listen to all VLANs (4095) ? In pfSense i have a OPT1 interface that listens to VLAN4 on the WAN-adapter.
You said that internet should run over a VLAN as well, but i think that is different with VDSL and a fiber connection. In the blog you pointed me to (https://venxir.tweakblogs.net/blog/12507/kpn-glasvezel-via-pfsense) they have a VLAN6 for internet. With VDSL, the internet VLAN is on 34. I'm not sure if i need to do anything with VLANs for the internet now, as my internet connection is working fine. Maybe the Experiabox isn't sending out the VLAN4 for IPTV and thus, i'm not getting an IP on that interface.
I'm hoping 'Maarten90' comes by, as he had exact the same problem, got it fixed, but didn't post the answer unfortunately :(
-
What's not right is the WAN connection, this should run on VLAN 34, it seems like the modem, or something else is already filtering the VLAN tagging.
I see this issue popping up with ESXi more often, what you also culd try to do is let ESXi do the VLAN tagging, you should make new connections in ESXi one with VLAN ID 34, one with VLAN 4 and if you want to use the telephone as well… also the one for TEL (I don't know what ID that one is), add the network connections to your pfsense host and add the interfaces to pfsense (now ESXi will do the filtering) -
It looks indeed like the VLANs are being stripped before they reach pfSense.
Regarding your suggestion to create separate interfaces in ESXi for the VLANs, that is also what is being suggested here.I will try that when i get home tonight. Is there an easy way that i can test if the VLAN4 is being sent by the Experiabox V8 correctly? Can i setup a temporary VM that listens to the VLAN4 adapter to see if that VM receives an IP. Or connect my Windows laptop to the Experiabox and configure it to listen on VLAN4 with the IPTV_RG request option (how do i do that on Windows?) to see if it receives an IP? That way i can pinpoint the problem to ESXi/Experiabox.
-
Not really, what you could do is install wireshark, let pfsense capture all packages on the VLAN4 interface and analyze what's going on. maybe you see some arp messages from other devices, but I think those will be filtered.
Actually, when you add the dhcp-class-identifier "IPTV_RG" to the dhcp request, that should be enough, so if the VLANs are working it should give you an IP address.
I would suggest focus on the internet connection get that one working on VLAN 34, then you know the VLAN tagging works.I didn't have VDSL, so for me it was just connecting PFSense to the fiber (via the media converter) so I don't know what to do to let the experiabox not to fuck up…
-
Another test could be to setup a networkcard in ESXi that listens to VLAN34, give that NIC to pfSense and see if it gets an IP through DHCP i guess?
-
That's what I ment, but you don't need to add a physical network adapter, this should be a virtual adapter
-
I think i found the problem
The bridge of the Experiabox is only putting through the VLAN34 i guess. That is also the reason i didn't have to do anything with VLAN34 inside pfSense to get internet, it was directly working by putting a DHCP on the WAN-interface in pfSenseThe dropdown contained the option 'iptv', when i selected that and applied the bridge again, the internet didn't work anymore and also still no IP on VLAN4 interface.
I also had the possibility to go to the 'LAN' settings tab on the Experiabox. I could assign the VLAN called 'iptv' to a LAN port. I picked port 4 and switched the cable going to my ESXi server from LAN #1 on the Experiabox, to LAN #4 of the Experiabox.
Still: no IP on the VLAN interface. ???
I have connected my Fritz!box back again and turned off the pfSense VM. I think the Experiabox is messing around, i have no clue how to get this working >:( :o Maybe i need a modem that does a full transparent bridge. I thought a 'Draytek Vigor 130' can do such things. However i don't want to spend money on that now.
-
Well first that modem should go to full bridge, you could search the web a bit to do so.
Otherwise try to get a used one.
You could also choose to let the Experibox handle the TV and VOIP and have a bridge for you WAN (that worked and so you still have full control of your internet connection) -
None of the options are possible.
A year (or two) ago they used bridged mode for TV, where the LAN #4 was dedicated for IPTV. When you bridged the Experiabox, the internet was passed thru, but for IPTV you still had to connect the settopbox directly to the Experiabox. But now it is changed to routed mode (settopbox is in LAN, not dependent of a specific LAN-port anymore). I don't know how to pull this apart in the Experiabox, as the settings are limited on this.
So for now it is not possible to get IPTV working.
-
Well, I wouldn't give up so easily, I doubt there isn't a way to get a bridge mode… what version of experiabox do you have?
And what are the options in the drop down menu for VLAN, is there an option disable? -
I have the Experiabox V8 i received from Telfort.
The only option in the dropdown is 'iptv', the VLAN that is preconfigured on the Experiabox.I have tried setting that option and pressing 'apply' but that didn't have any effect. I lost my internet connection it seemed, and also still no IP on VLAN4 interface in pfSense.
Maybe the bridge has to be disabled first, and then apply it again with that 'iptv' option selected.On Tweakers.net forum i read someone ('wizai') that has mapped the 'iptv' to LAN #2 of the Experiabox, and then connected a separate networkcable from that port to his router.
Unfortunately i only have two network adapters on my ESXi host (LAN & WAN), so i can't try that now. -
In many post I see that you have to disable the wifi as well, did you do that also? It could be that the Experiabox won't go to bridge if wifi is still on.
what you could try is, disconnect the DSL connection, reset the modem to factory default and see if you could set it to bridge and then connect the DSL again. I did a package capture on the modem, when you go to factory default, the modem will retrieve settings from KPN/Telfort parts of the modem will be disabled after the settings are in. -
Yes, i disabled DHCP and wifi as per the tutorial.
I will try resetting the Experiabox to defaults and then connecting it to DSL again. Don't know when, my girlfriend got pretty irritated when she couldn't watch her TV shows hehe :-X -
There is also an option to go to another provider.
I must say, Telfort and KPN are not the best in customer service -
I don't have any complaints on Telfort. Speed is good (100/30), my connection has a good uptime and i was able to negotiate a good price (6 months free!) when i renewed my subscription ;D
The new house that we're moving in soon also has fiber, but my DSL subscription runs till October. So maybe after that period i will switch to fiber.
-
I have set the Experiabox to defaults and then (without having it connected to VDSL) applied the bridge.
Before:
After:
Shouldn't the VLAN4 also have the protocol 'Bridging' ?
-
Sorry for the late reply.
There should only be one WAN actually like WAN2… no VLAN ID nothing I don't know what PPOE passhtrough stands for, but even the modem should not make the ppoe tunnel.
It should only act as a converter..
Is it possible to get rid of all the VLAN stuff? (I dont have much experience with the experiabox, haven't use that with the fiber)
BTW, it is possible that Telfort will change your account to fiber under the same conditions as you have now. -
Thanks.
Telfort doesn't use PPPoE, they use MPoA i saw somewhere in a manual of configuring a Draytek Vigor 130 for Telfort.
I think i will ditch the Experiabox and get myself a Draytek Vigor 130 if i can find it for a reasonable price. -
Today i received the Draytek Vigor 130. I will continue with that modem + pfSense + managed switch for VLANs.
I am not going to put any more effort in the Experiabox V8.When i have Routed IPTV working with the Draytek + pfSense (can take a while because i am going to move to an other house soon) i will write up my config here.
