Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not getting IP on IPTV vlan via ISP

    Scheduled Pinned Locked Moved General pfSense Questions
    37 Posts 5 Posters 11.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Maarten90
      last edited by

      Thanks in advance for this, PDJ. I have a (V)DSL line.

      1 Reply Last reply Reply Quote 0
      • P Offline
        PDJ
        last edited by

        There is a difference in setup, I have fiber and Telfort as provider, the IPTV is the same, only Telfort is not using a pppoe tunnel.
        Let's do it step by step.
        I think the IPTV will not connect over the pppoe tunnel.
        First the Draytek should be configure as a bridge.
        The WAN side should have a VLAN with tag 4 (you allready set that up)
        The PPPOE tunnel should be setup on em0
        Make a vlan tag 4 on em0 and go to settings

        Note: I gave my IPTV a sepperate network, it got also vlan tag 4 and my switch will "forward" it to a port where the IPTV box is connected to, it could also be your standard lan

        Then go to Interfaces settings and set it up as this picture

        If it is setup right, you should get an ip on the IPTV WAN interface, something like 10.x.x.x subnet 255.255.248.0

        after ttha you need to setup IGMP proxy, but first you need to update it manually in the console, the standard IGMP proxy has a bug, it will freeze the TV after a while, with the latest version this has been fixed. I can help you with doing that.

        1 Reply Last reply Reply Quote 0
        • M Offline
          Maarten90
          last edited by

          Thanks for your reply! Sadly it still does not get an IP. ~~I think its because VLANs and PPPoE connections work differently or something like that. Last night I've spent hours on getting it to work, with no luck so far. Even bridged my WAN interface with 'VLAN 4 on em0', still no luck. As you said, I also do not think that vlan 4 should be a interface on the PPPoE connection. But I'm currently out of ideas when it comes to how to get this to work. Just to mention: My network is already using VLANs with managed switches. Inside VMWare ESX I assigned the network where my pfsense box and draytek are connected to vlan 4095 so that all VLANs would pass. I think this is setup the correct way since vlan 6 is able to pass.

          Just a thought: How should Pfsense know where to send VLAN 4? Because VLAN 4 on em0 is non-existent right? I mean VLAN 4 lives on the other side of the PPPoE connection right?~~

          EDIT:

          Looked at the request thats being done by tcpdump, and I dont see option 60 specified in the request:

          
          18:33:58.244426 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
              0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:0c:29:d4:64:2b (oui Unknown), length 300, xid 0xf21823d6, secs 41, Flags [none]
                    Client-Ethernet-Address 00:0c:29:d4:64:2b (oui Unknown)
                    Vendor-rfc1048 Extensions
                      Magic Cookie 0x63825363
                      DHCP-Message Option 53, length 1: Discover
                      Client-ID Option 61, length 7: hardware-type 73, 50:54:56:5f:52:47
                      Hostname Option 12, length 4: "fw01"
                      Parameter-Request Option 55, length 9:
                        Subnet-Mask, BR, Time-Zone, Classless-Static-Route
                        Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
                        Option 119
          
          

          So the question would be, should it show option 60 in this dump (I am actually sure it should)? And if it should, why doesnt it show? I checked the DHCP logs to see if I maybe misspelled the option name which throws an error, but that aint the case.

          1 Reply Last reply Reply Quote 0
          • P Offline
            PDJ
            last edited by

            That's strange, I should check if it will send the option in my setup.
            Did you fill in a hostname?
            Did you get the pppoe tunnel to work on the PFSense?
            And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)

            the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
            The option is correct, you can see it on my screendump, that setup is working fine

            1 Reply Last reply Reply Quote 0
            • M Offline
              Maarten90
              last edited by

              @PDJ:

              That's strange, I should check if it will send the option in my setup.
              Did you fill in a hostname?
              Did you get the pppoe tunnel to work on the PFSense?
              And did you alter the MTU settings? (for the dhcp request it shouldn't be a problem, but becuase it uses vlans, the mtu should be a bit bigger)

              the vlan 4 should be directly on the interface not at the end of the pppoe tunnel.
              The option is correct, you can see it on my screendump, that setup is working fine

              The PPPoE tunnel works just fine, since I'm having internet access. I had changed the MTU to 1504 previously as it is in your screenshot, but didnt check with TCPdump that time.

              1 Reply Last reply Reply Quote 0
              • P Offline
                PDJ
                last edited by

                That's good, please check if you dissbaled the vlan's in the pppoe tunnel, that could interfere with the em0 vlan.
                I checked if I can get an ip without the extra settings (dhcp-class-identifier "IPTV_RG"), without those settings I don't get an ip on my TVWAN interface.
                What I recently found out that there is something strange with the dhcp client, I wanted to make a dump for you aswell, but when I release the IP (to do a new request) I do not get an ip anymore and the webgui is very very slow (2 mins to load a page) I had to restart my pfsense (tried it 2 times with the same results)
                So try to reboot you pfsense

                1 Reply Last reply Reply Quote 0
                • M Offline
                  Maarten90
                  last edited by

                  Solved by specifying dhcp-class-identifier instead of dhcp-client-identifier . I can now see option 60 being sent. Still no IP though.

                  1 Reply Last reply Reply Quote 0
                  • P Offline
                    PDJ
                    last edited by

                    What is your setup?
                    Is the PFSense connected directly to the modem?
                    You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      Maarten90
                      last edited by

                      @PDJ:

                      What is your setup?
                      Is the PFSense connected directly to the modem?
                      You said it's running PFSense in vmware, is the vmware itself allready using vlans? you can't use 2 vlans stacked.

                      Thanks for getting back to this. I'll try to describe my setup as good as I can:

                      I have two switches  a HP V1810, and a HP V1910 , both already do VLANS. The V1810 is downstairs. It has got one cable running to the other switch. This is the trunk connection over which all VLANS pass tagged, also VLAN 4 and 6. Then on that same switch I have my bridged vigor 130. The Draytek is tagged in VLAN 4 and 6. Also on this switch is my Settopbox, untagged in VLAN 4.

                      Upstairs I have the V1910, aside from the earlier mentioned trunk connection, it has my ESX 6.1 machine, which is tagged in all VLANS,also VLAN 4 and 6. Then, Inside VMWare I defined a VM Network with VLAN 4095 (all VLANs). The WAN connection on Pfsense uses an interface thats connected to this VM Network. VLAN 4 and 6 are created within Pfsense (2.2.6 now). Thee WAN connection is setup using PPPoE and over that interface goes em0_vlan6. This is how its setup. Internet works well this way. But I cant get VLAN 4 to work.

                      However I'm starting to think that it might be better to, instead of having one VM Network on vlan 4095, Create two VM Networks, one in VLAN 4, and one in VLAN6, and then assign the networks to pfsense.
                      I just created two new networks inside ESX, one tagged with vlan 4, and one tagged with vlan 6. Assigned them to Pfsense and Internet is working again, but IPTV still doesnt get an IP. At this time i'm not doing any VLAN tagging inside Pfsense.




                      Edit:
                      Just setup a debian box on vlan 4 to act as a dhcpserver, and that works. So VLAN4 seems fine. The only thing is, I think, that pfsense somehow doesnt know how to get a IP address from my ISP.

                      1 Reply Last reply Reply Quote 0
                      • M Offline
                        Maarten90
                        last edited by

                        Tested some more. I have two trunk connections between my switches. I took one of them and connected one end to the Draytek, and one end to my ESX box. This to eliminate the possibility that the configuration of my switches is wrong. Created a new VM Network with VLAN 4095, and did the tagging within Pfsense. Internet works immediately, but VLAN 4 for IPTV still doesnt get an IP. Also tried it with two VM networks one with VLAN 6, and one with VLAN 4, and no tagging inside Pfsense, same results. Note that everything works like it should when I connect my Fritzbox again, so the problem should be somewhere on the end of Pfsense, or ESX.

                        Note that everything works as it should when I connect my Fritzbox again.

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          PDJ
                          last edited by

                          Maybe you could lt PFSense do the VLAN tagging and connect it directly to the modem.
                          I think you should also remove the hostname in you DHCP request, it's now pfsense, this should be left blank

                          1 Reply Last reply Reply Quote 0
                          • T Offline
                            ThinkPadNL
                            last edited by

                            Hi Maarten90,

                            Did you get this working in the end? I am running pfSense (2.3.2-RELEASE-p1) on my ESXi box with two network interfaces and i got internet up and running quickly after i bridged my Experiabox V8 that i have on my VDSL-line from Telfort, but IPTV isn't working yet (although on the Experiabox the LED for 'TV' is on, so it should be okay i guess?).

                            I have configured a separate interface (OPT1) that listens to VLAN4 on WAN, but it doesn't receive an IP unfortunately. I already have the option below configured for that interface:

                            dhcp-class-identifier "IPTV_RG"
                            

                            I know i am kicking an old topic, but you were having the same exact problem, so please help me ;D
                            See also the Dutch discussion here: https://gathering.tweakers.net/forum/list_message/49823429#49823429

                            1 Reply Last reply Reply Quote 0
                            • KOMK Offline
                              KOM
                              last edited by

                              This thread is ancient and I don't recognize these guys at all so I doubt they're respond.  PDJ last logged on Jan 6 so you might try making a new post here and then PMing him and ask him to look at it.

                              1 Reply Last reply Reply Quote 0
                              • jahonixJ Offline
                                jahonix
                                last edited by

                                Chances are that your provider is doing Multicast traffic for IP-TV.
                                Bad news is that, if you need an IGMP proxy for that, it won't work on your VLANs.
                                It's a long known bug never fixed but considered "rarely used" and pushed from release to release to release.  >:(
                                Basically every Telekom T-Entertain customer in Germany with a pfSense is affected by this.

                                https://redmine.pfsense.org/issues/6099
                                It seems like the next release will have it fixed. Finally.

                                1 Reply Last reply Reply Quote 0
                                • T Offline
                                  ThinkPadNL
                                  last edited by

                                  Thanks for your reply.

                                  Configuring IGMP Proxy is probably the next step. But i thought i would stop for now and first ask, because the OPT1 (VLAN4 on WAN) interface not receiving an IP seems quite problematic to me.

                                  1 Reply Last reply Reply Quote 0
                                  • P Offline
                                    PDJ
                                    last edited by

                                    I have sent you a PM allready.
                                    You said you have Internet up and running and you said the TV LED is on? did you use a VLAN for internet? or is it without VLAN's?
                                    Did you get a public IP?
                                    Internet should run over a VLAN aswell, if not, you don't have the modem in full bridge the modem is still handeling the VLAN traffic.

                                    BTW, I encourage everyone to get pfsense do all the stuff instead of your experiabox, because your provider can and will look into your LAN network!!
                                    The modem is reporting back what your pc are doing in "your" LAN network.

                                    1 Reply Last reply Reply Quote 0
                                    • T Offline
                                      ThinkPadNL
                                      last edited by

                                      Internet is running, without configuring a VLAN it worked immediately. The LED for TV is on indeed.
                                      I have a public IP (145.x.x.x) on the WAN-interface, a traceroute shows pfSense as first hop and then some KPN hop (i have Telfort) so the Experiabox is in bridge.

                                      In the PM (lets discuss it here, so others can also possibly have benefits from it) you said: "It is important that if you run pfSense in a ESXi environment, pfSense should do the VLAN tagging". I didn't change anything in ESXi, just attached the WAN-adapter to a vSwitch. Should i turn on the option in ESXi that the network adapter should listen to all VLANs (4095) ? In pfSense i have a OPT1 interface that listens to VLAN4 on the WAN-adapter.

                                      You said that internet should run over a VLAN as well, but i think that is different with VDSL and a fiber connection. In the blog you pointed me to (https://venxir.tweakblogs.net/blog/12507/kpn-glasvezel-via-pfsense) they have a VLAN6 for internet. With VDSL, the internet VLAN is on 34. I'm not sure if i need to do anything with VLANs for the internet now, as my internet connection is working fine. Maybe the Experiabox isn't sending out the VLAN4 for IPTV and thus, i'm not getting an IP on that interface.

                                      I'm hoping 'Maarten90' comes by, as he had exact the same problem, got it fixed, but didn't post the answer unfortunately :(

                                      1 Reply Last reply Reply Quote 0
                                      • P Offline
                                        PDJ
                                        last edited by

                                        What's not right is the WAN connection, this should run on VLAN 34, it seems like the modem, or something else is already filtering the VLAN tagging.
                                        I see this issue popping up with ESXi more often, what you also culd try to do is let ESXi do the VLAN tagging, you should make new connections in ESXi one with VLAN ID 34, one with VLAN 4 and if you want to use the telephone as well… also the one for TEL (I don't know what ID that one is), add the network connections to your pfsense host and add the interfaces to pfsense (now ESXi will do the filtering)

                                        1 Reply Last reply Reply Quote 0
                                        • T Offline
                                          ThinkPadNL
                                          last edited by

                                          It looks indeed like the VLANs are being stripped before they reach pfSense.
                                          Regarding your suggestion to create separate interfaces in ESXi for the VLANs, that is also what is being suggested here.

                                          I will try that when i get home tonight. Is there an easy way that i can test if the VLAN4 is being sent by the Experiabox V8 correctly? Can i setup a temporary VM that listens to the VLAN4 adapter to see if that VM receives an IP.  Or connect my Windows laptop to the Experiabox and configure it to listen on VLAN4 with the IPTV_RG request option (how do i do that on Windows?) to see if it receives an IP? That way i can pinpoint the problem to ESXi/Experiabox.

                                          1 Reply Last reply Reply Quote 0
                                          • P Offline
                                            PDJ
                                            last edited by

                                            Not really, what you could do is install wireshark, let pfsense capture all packages on the VLAN4 interface and analyze what's going on. maybe you see some arp messages from other devices, but I think those will be filtered.
                                            Actually, when you add the dhcp-class-identifier "IPTV_RG" to the dhcp request, that should be enough, so if the VLANs are working it should give you an IP address.
                                            I would suggest focus on the internet connection get that one working on VLAN 34, then you know the VLAN tagging works.

                                            I didn't have VDSL, so for me it was just connecting PFSense to the fiber (via the media converter) so I don't know what to do to let the experiabox not to fuck up…

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.