multicast video through vpn

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Bryan00
OpenVpn Newbie
Posts: 3
Joined: Tue Nov 29, 2022 5:48 pm

multicast video through vpn

Post by Bryan00 » Tue Nov 29, 2022 6:22 pm

I would like to forward multicast video through the vpn. The vpn server would have 2 physical interfaces. One facing the video network and one facing the internet through a router configured with 1to1 Nat. The goal is to replace the now retired Sling technology that would allow me to watch tv from my home stb from anywhere. The path would be: Video Network --> OpenVPN Server --> Natted 1to1 Internet --> OpenVPN client --> stb (set top box). The few details I have found state that I need to use TAP and build a bridge between server and client but I'm not finding anything on how to get the multicast traffic from the video interface to the public facing interface and then out the client. I am using linux for the server side and mikrotik for the client side. Is there a sample config out there that would give me a place to start?

User avatar
Pippin
Forum Team
Posts: 1185
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: multicast video through vpn

Post by Pippin » Tue Nov 29, 2022 9:07 pm

Hi,

Won't be able to help on this one but I once found this:
https://blog.danman.eu/multicast-over-stupid-networks/
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Bryan00
OpenVpn Newbie
Posts: 3
Joined: Tue Nov 29, 2022 5:48 pm

Re: multicast video through vpn

Post by Bryan00 » Wed Nov 30, 2022 4:10 pm

Pippin,

Thanks for the reply and link. It gave me a good starting place.

Bryan00
OpenVpn Newbie
Posts: 3
Joined: Tue Nov 29, 2022 5:48 pm

Re: multicast video through vpn

Post by Bryan00 » Wed Dec 07, 2022 3:55 pm

Hoping I can get some help with the basics. I've read numerous pages about getting a DHCP server on the server lan to hand out IPs to the remote clients but I'm having no luck. I've tried on both Windows and Linux. Windows will connect but no IP. Linux will not connect.

I have br0 created with only the lan port in the bridge then have a script that openvpn runs to add TAP0 to the bridge. TAP0 state always shows "UNKNOWN" but when I start openvpn (not setup as a service), I can see where it builds the TAP interface and it says it goes into the forwarding state.

From the server I can ping the DHCP server and br0 pulls an ip from it.
When I set a gatweway on the windows remote client, I can see the arp traffic show up on the server lan interface but never a reply from the dhcp server.

I have set IP forwarding to enabled on the server
Firewall is disabled until I get it working without it.

I do need TAP for this configuration to get multicast working (if I ever get to that point)
Server_Conf

;mode server
tls-server
;local a.b.c.d
# TCP or UDP server?
;proto tcp
proto udp4
dev tap0
;dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
dh dh2048.pem
;topology subnet
;bridge 10.8.0.0 255.255.255.0
;ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
server-bridge
;route-default-gateway 172.16.96.1
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;push "route 224.0.0.0 240.0.0.0"
;push "route 172.16.96.0 255.255.254.0"
;push "route 172.16.150.0 255.255.255.0"
;push "route 192.168.145.0 255.255.255.0"
;push "route-gateway 192.168.145.1"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
max-clients 2
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
log-append openvpn.log
verb 6
;mute 20
explicit-exit-notify 1
script-security 2
up "/etc/openvpn/server/up.sh nm-bridge tap0 1500"
down "/etc/openvpn/server/down.sh nm-bridge tap0"
[root@RockyVPN server]#

Server_Log

2022-12-07 09:11:45 us=398889 MULTI: multi_create_instance called
2022-12-07 09:11:45 us=399115 :60672 Re-using SSL/TLS context
2022-12-07 09:11:45 us=399255 :60672 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-07 09:11:45 us=399283 :60672 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-07 09:11:45 us=399504 :60672 Control Channel MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2022-12-07 09:11:45 us=399528 :60672 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
2022-12-07 09:11:45 us=399599 :60672 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2022-12-07 09:11:45 us=399620 :60672 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2022-12-07 09:11:45 us=399683 :60672 UDPv4 READ [42] from [AF_INET]:60672: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2022-12-07 09:11:45 us=399716 :60672 TLS: Initial packet from [AF_INET]:60672, sid=6343fab8 c528ef7a
2022-12-07 09:11:45 us=399765 :60672 UDPv4 WRITE [54] to [AF_INET]:60672: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2022-12-07 09:11:45 us=403633 :60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
2022-12-07 09:11:45 us=403800 :60672 UDPv4 READ [319] from [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277
2022-12-07 09:11:45 us=406460 :60672 UDPv4 WRITE [1172] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1118
2022-12-07 09:11:45 us=406555 :60672 UDPv4 WRITE [1160] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1118
2022-12-07 09:11:45 us=406653 :60672 UDPv4 WRITE [171] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=129
2022-12-07 09:11:45 us=409730 :60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
2022-12-07 09:11:45 us=411094 :60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2022-12-07 09:11:45 us=415112 :60672 UDPv4 READ [1172] from [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=2 DATA len=1118
2022-12-07 09:11:45 us=415188 :60672 UDPv4 WRITE [50] to [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2022-12-07 09:11:45 us=415355 :60672 UDPv4 READ [1160] from [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=3 DATA len=1118
2022-12-07 09:11:45 us=417094 :60672 VERIFY OK: depth=1, CN=videoVPN
2022-12-07 09:11:45 us=417269 :60672 VERIFY OK: depth=0, CN=Bryan
2022-12-07 09:11:45 us=417586 :60672 UDPv4 WRITE [212] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=4 DATA len=158
2022-12-07 09:11:45 us=417680 :60672 UDPv4 READ [397] from [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=4 DATA len=355
2022-12-07 09:11:45 us=417725 :60672 peer info: IV_VER=2.5.8
2022-12-07 09:11:45 us=417750 :60672 peer info: IV_PLAT=win
2022-12-07 09:11:45 us=417770 :60672 peer info: IV_PROTO=6
2022-12-07 09:11:45 us=417790 :60672 peer info: IV_NCP=2
2022-12-07 09:11:45 us=417809 :60672 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2022-12-07 09:11:45 us=417846 :60672 peer info: IV_LZ4=1
2022-12-07 09:11:45 us=417867 :60672 peer info: IV_LZ4v2=1
2022-12-07 09:11:45 us=417886 :60672 peer info: IV_LZO=1
2022-12-07 09:11:45 us=417905 :60672 peer info: IV_COMP_STUB=1
2022-12-07 09:11:45 us=417924 :60672 peer info: IV_COMP_STUBv2=1
2022-12-07 09:11:45 us=417944 :60672 peer info: IV_TCPNL=1
2022-12-07 09:11:45 us=417963 :60672 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-12-07 09:11:45 us=417983 :60672 peer info: IV_SSO=openurl,crtext
2022-12-07 09:11:45 us=418070 :60672 UDPv4 WRITE [291] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #7 ] [ 4 ] pid=5 DATA len=237
2022-12-07 09:11:45 us=420021 :60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #9 ] [ 4 ]
2022-12-07 09:11:45 us=420096 :60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #10 ] [ 5 ]
2022-12-07 09:11:45 us=420128 :60672 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-12-07 09:11:45 us=420157 :60672 [Bryan] Peer Connection Initiated with [AF_INET]:60672
2022-12-07 09:11:45 us=420227 Bryan/:60672 MULTI: no dynamic or static remote--ifconfig address is available for Bryan/:60672
2022-12-07 09:11:45 us=420254 Bryan/:60672 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-12-07 09:11:45 us=420284 Bryan/:60672 Data Channel MTU parms [ L:1581 D:1450 EF:49 EB:411 ET:32 EL:3 ]
2022-12-07 09:11:45 us=420398 Bryan/:60672 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-12-07 09:11:45 us=420427 Bryan/:60672 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-12-07 09:11:45 us=420467 Bryan/:60672 SENT CONTROL [Bryan]: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 0,cipher AES-256-GCM' (status=1)
2022-12-07 09:11:45 us=420517 Bryan/:60672 UDPv4 WRITE [148] to [AF_INET]:60672: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=6 DATA len=106
2022-12-07 09:11:45 us=429280 Bryan/:60672 UDPv4 READ [50] from [AF_INET]:60672: P_ACK_V1 kid=0 pid=[ #11 ] [ 6 ]
2022-12-07 09:11:45 us=436423 Bryan/:60672 UDPv4 READ [366] from [AF_INET]:60672: P_DATA_V2 kid=0 DATA len=365
2022-12-07 09:11:45 us=436467 Bryan/:60672 MULTI: Learn: 00:ff:7b:14:59:dd@0 -> Bryan/:60672
2022-12-07 09:11:45 us=436504 Bryan/:60672 TUN WRITE [342]
2022-12-07 09:11:45 us=758000 Bryan/:60672 UDPv4 READ [66] from [AF_INET]:60672: P_DATA_V2 kid=0 DATA len=65

Post Reply