How to make multicast work within the OpenVPN tunnel network?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
How to make multicast work within the OpenVPN tunnel network?
So I have an OpenVPN remote access server setup and the clients connect just fine. The only problem is that Upnp does not work because the client -> server multicast traffic is not being received by the server. On the other hand, the server -> client multicast traffic is received by the client perfectly. I've been reading and realized that multicast traffic is not sent through the tunnel network natively. If that's the case, what do I do to make this work? I don't believe I need an IGMP proxy because I'm not trying to make multicast traffic in between networks. I only need it within the OpenVPN tunnel network. I'm currently using tun instead of tap.
As for the packet capture files, here you go:
1. Without OpenVPN:
Packet capture from pfsense LAN interface: https://www.dropbox.com/s/f92vxyd6muuec ... .pcap?dl=0
Packet capture from client LAN interface: https://www.dropbox.com/s/cxl4esvxr1kzf ... capng?dl=0
* Server (192.168.10.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (192.168.10.13) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server receives it
2. With OpenVPN:
Packet capture from pfsense OpenVPN interface: https://www.dropbox.com/s/u8mh6vg24hw77 ... .pcap?dl=0
Packet capture from client OpenVPN interface: https://www.dropbox.com/s/025ctzhr2ghll ... capng?dl=0
* Server (10.0.1.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (10.0.1.101) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server DOES NOT RECEIVE it
If it helps, my OpenVPN remote access server settings are posted here: https://forum.netgate.com/post/911141
As for the packet capture files, here you go:
1. Without OpenVPN:
Packet capture from pfsense LAN interface: https://www.dropbox.com/s/f92vxyd6muuec ... .pcap?dl=0
Packet capture from client LAN interface: https://www.dropbox.com/s/cxl4esvxr1kzf ... capng?dl=0
* Server (192.168.10.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (192.168.10.13) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server receives it
2. With OpenVPN:
Packet capture from pfsense OpenVPN interface: https://www.dropbox.com/s/u8mh6vg24hw77 ... .pcap?dl=0
Packet capture from client OpenVPN interface: https://www.dropbox.com/s/025ctzhr2ghll ... capng?dl=0
* Server (10.0.1.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (10.0.1.101) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server DOES NOT RECEIVE it
If it helps, my OpenVPN remote access server settings are posted here: https://forum.netgate.com/post/911141
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
You may have to experiment with --dev-type tap
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Can you do tap without any bridging?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Inside the tunnel only possibly, I have never tried..
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: How to make multicast work within the OpenVPN tunnel network?
multicast is nonrouting protocol so forget working over vpn or over difference ip subnet , if you want you can make it tap connection . tap connection will send full of broadcast so the more device the more traffic . it will slow down everything . if you want play game or stream over vpn that is you need tap connection .
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Yeah but that's the thing, I'm not routing multicast packets. I just need multicast to work on the same subnet (the VPN tunnel network). I don't need the openvpn server to route it to another subnet. The openvpn client has IP addresses in the 10.0.1.0/24 subnet and the openvpn server has an interface IP of 10.0.1.1.
SSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
Which part is the routing happening there? I'm confused.
SSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
Which part is the routing happening there? I'm confused.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
tcpdump those packets and log them here.kevindd992002 wrote: ↑Wed May 20, 2020 2:32 amSSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
I already have packet capture logs in my first post. What difference does a tcpdump (also a packet capture CLI tool) result do for this case? I'm not sure I understand.TinCanTech wrote: ↑Wed May 20, 2020 11:57 amtcpdump those packets and log them here.kevindd992002 wrote: ↑Wed May 20, 2020 2:32 amSSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
@TinCanTech, did you anything else to get this going?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
As for your packet captures, I don't use dropbox ...
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Are you saying that you don't trust dropbox so you won't download the files from those links? If so, which file sharing site do you want me to upload the files to?
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Also, before I try the tap device, I would really want to understand first why I'm having this issue with the tun device because basic networking principles indicate that there shouldn't be any issues with tun for my use case.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Openvpn in server mode with multiple clients is not basic networking.kevindd992002 wrote: ↑Sat May 23, 2020 12:50 pmbasic networking principles indicate that there shouldn't be any issues with tun for my use case
On top of that, you are using pfSense which I don't support for free.
And as I said before,
I have never tried to configure openvpn the way you are
and I do not know if it will work as you expect, if at all.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
I don't even have multiple clients. I only have two clients. By basic networking, I specifically mean that the packets I'm trying to analyze don't even need to traverse through different subnets. I'm only talking about a single subnet, the openvpn tunnel network.
What would be the purpose of asking for the packet capture logs then? Sorry, but I'm still confused.
What would be the purpose of asking for the packet capture logs then? Sorry, but I'm still confused.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Because we cannot see them on dropbox.kevindd992002 wrote: ↑Sat May 23, 2020 3:32 pmWhat would be the purpose of asking for the packet capture logs then?
Anyway, I have given you all the help I can, now you must try it for yourself.
If you want me to do this for you then you will need to financially incentivise me.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu May 07, 2020 3:24 pm
Re: How to make multicast work within the OpenVPN tunnel network?
Ok, so the packet capture files are in this post here:
https://forum.netgate.com/post/911438
I wouldn't mind paying you a fee if this was for work or something but since, like I said, this is for merely two clients I'd rather post in forums and ask for free advice.
https://forum.netgate.com/post/911438
I wouldn't mind paying you a fee if this was for work or something but since, like I said, this is for merely two clients I'd rather post in forums and ask for free advice.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Dec 26, 2021 4:58 am
Re: How to make multicast work within the OpenVPN tunnel network?
Did you manage to get it working ?