The pfSense Store

Author Topic: Openvpn and virgin media v6  (Read 296 times)

0 Members and 1 Guest are viewing this topic.

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Openvpn and virgin media v6
« on: September 17, 2017, 11:14:52 am »
Hi alli have a virgin media v6 box and I'm using pia

I have a lan rule to pass straight to the wan gateway bypassing openvpn

Dns connects okay ETC,  however it is failing to download the program guide and shows a negotation error

Any ideas

Thanks very much

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11912
  • Karma: +467/-15
    • View Profile
Re: Openvpn and virgin media v6
« Reply #1 on: September 17, 2017, 05:02:54 pm »
This is version 6 of the IPTV box not an IPv6 question I assume?

What rules are you using on LAN exactly? Guess work otherwise.

What error does it show?

Steve

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #2 on: September 18, 2017, 05:36:03 am »
Hi

Yes it is a cable tv box but it uses the network now instead of the old type with a cable modem built in

I have a lan rule set as shown, I can use on demand services but for some reason it doesn't download the EPG and reports that it cannot connect? no error is shown on the cable tv box apart from the negotiation error, i have ran the dns test on the cable tv box and that works fine.

Thanks very much



Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11912
  • Karma: +467/-15
    • View Profile
Re: Openvpn and virgin media v6
« Reply #3 on: September 18, 2017, 09:34:37 am »
Is it using IPv6?

Try checking the state table for all states from 192.168.0.211. Make sure they are all via WAN and are NAT'd correctly.

That box streams live TV also? Does it require multicast or a specific VLAN or even 802.1p tags? This could be far more complex than just passing traffic through the firewall.

Steve

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #4 on: September 19, 2017, 02:11:01 am »
it is ipv4

Thanks i'll check the state table

The box is for live tv but it does this via coax, it uses the network for youtube, epg, on demand etc

I have my ps4 setup in the same way, so I wasnt sure if there server trys to connect back to the box

Thanks again

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #5 on: September 19, 2017, 03:21:13 am »
I have had a look at the state table

and on the lan interface it is showing the ip going straight out to the correct destination

there is another wan entry showing my openvpn ip going out to the correct destination

both entries show the same sized packets and bytes?

Thanks

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11912
  • Karma: +467/-15
    • View Profile
Re: Openvpn and virgin media v6
« Reply #6 on: September 19, 2017, 07:20:14 am »
If you are policy routing the traffic then you must have the OpenVPN interface assigned and if that traffic were going over the VPN you would see an outbound state on the OpenVPN interface.

I expect to see a state on the LAN from your v6box to the public IP and another state on the WAN showing the same traffic but NAT'd to the WAN address for each outbound connection.

That must be working to some extent to allow on demand services.

Steve

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #7 on: September 19, 2017, 10:01:41 am »
it is really strange, everything works fine on it apart from the negotiation bit, which looks to download the epg every few weeks, could the virgin server be trying to get access back to the box and is being blocked for some reason?

it is setup the same way as my ps4 bypass, which works fine

Thanks again!


Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11912
  • Karma: +467/-15
    • View Profile
Re: Openvpn and virgin media v6
« Reply #8 on: September 20, 2017, 10:23:32 am »
It could be though that seems odd if it is.

You'd have to try and catch it doing it to find out what's happening. Or find some other useful person who's already done it.  ;)
If you can trigger it try catching the states or logging everything it opens with a specific firewall rule. Or run a packet capture filtered for it.

Steve

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #9 on: October 07, 2017, 01:43:18 pm »
Has anyone else got a virgin media v6 box and a similar issue?

I have ran packet monitoring and can't see anything that stands out, if I disable open vpn it works fine but it's a pain every week, it only seems to effect downloading the epg

On demand services work fine

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11912
  • Karma: +467/-15
    • View Profile
Re: Openvpn and virgin media v6
« Reply #10 on: October 12, 2017, 09:59:37 pm »
You could try reversing your policy routing rules.

Add a rule that policy routes everything you need to via the OpenVPN and leaves everything else to go straight to WAN.

The only reasonable explanation here is that the EPG is reaching out and being routed via the VPN currently where it cannot reach the server.

Steve

Offline techy82

  • Jr. Member
  • **
  • Posts: 83
  • Karma: +2/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #11 on: December 05, 2017, 01:24:55 pm »
Thanks I'll give that a go, as it does seem strange how it's only effecting the epg, thanks very much!

Offline conor

  • Newbie
  • *
  • Posts: 23
  • Karma: +4/-0
    • View Profile
Re: Openvpn and virgin media v6
« Reply #12 on: December 05, 2017, 02:29:12 pm »
@techy82

That LAN rule you show a snip of, is there anything above that? If it works with the openvpn off then it really looks like an incorrect rule.