How to make multicast work within the OpenVPN tunnel network?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Tue May 12, 2020 2:17 pm

So I have an OpenVPN remote access server setup and the clients connect just fine. The only problem is that Upnp does not work because the client -> server multicast traffic is not being received by the server. On the other hand, the server -> client multicast traffic is received by the client perfectly. I've been reading and realized that multicast traffic is not sent through the tunnel network natively. If that's the case, what do I do to make this work? I don't believe I need an IGMP proxy because I'm not trying to make multicast traffic in between networks. I only need it within the OpenVPN tunnel network. I'm currently using tun instead of tap.

As for the packet capture files, here you go:

1. Without OpenVPN:

Packet capture from pfsense LAN interface: https://www.dropbox.com/s/f92vxyd6muuec ... .pcap?dl=0
Packet capture from client LAN interface: https://www.dropbox.com/s/cxl4esvxr1kzf ... capng?dl=0

* Server (192.168.10.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (192.168.10.13) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server receives it

2. With OpenVPN:

Packet capture from pfsense OpenVPN interface: https://www.dropbox.com/s/u8mh6vg24hw77 ... .pcap?dl=0
Packet capture from client OpenVPN interface: https://www.dropbox.com/s/025ctzhr2ghll ... capng?dl=0

* Server (10.0.1.1) sends multicast packet (NOTIFY method) to 239.255.255.250 and client receives it
* Client (10.0.1.101) sends multicast packet (M-SEARCH method) to 239.255.255.250 and server DOES NOT RECEIVE it

If it helps, my OpenVPN remote access server settings are posted here: https://forum.netgate.com/post/911141

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Tue May 12, 2020 5:08 pm

You may have to experiment with --dev-type tap

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Wed May 13, 2020 12:20 am

Can you do tap without any bridging?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Wed May 13, 2020 1:21 am

kevindd992002 wrote:
Wed May 13, 2020 12:20 am
Can you do tap without any bridging?
Inside the tunnel only possibly, I have never tried..

300000
OpenVPN Power User
Posts: 153
Joined: Tue May 01, 2012 9:30 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by 300000 » Wed May 20, 2020 2:02 am

multicast is nonrouting protocol so forget working over vpn or over difference ip subnet , if you want you can make it tap connection . tap connection will send full of broadcast so the more device the more traffic . it will slow down everything . if you want play game or stream over vpn that is you need tap connection .

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Wed May 20, 2020 2:32 am

Yeah but that's the thing, I'm not routing multicast packets. I just need multicast to work on the same subnet (the VPN tunnel network). I don't need the openvpn server to route it to another subnet. The openvpn client has IP addresses in the 10.0.1.0/24 subnet and the openvpn server has an interface IP of 10.0.1.1.

SSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface

Which part is the routing happening there? I'm confused.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Wed May 20, 2020 11:57 am

kevindd992002 wrote:
Wed May 20, 2020 2:32 am
SSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
tcpdump those packets and log them here.

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Wed May 20, 2020 3:13 pm

TinCanTech wrote:
Wed May 20, 2020 11:57 am
kevindd992002 wrote:
Wed May 20, 2020 2:32 am
SSDP packets from the server to client -> successfully received by the client
SSDP packets from the client to the server -> generated by client on the openvpn interface but not received by the server interface
tcpdump those packets and log them here.
I already have packet capture logs in my first post. What difference does a tcpdump (also a packet capture CLI tool) result do for this case? I'm not sure I understand.

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Sat May 23, 2020 8:57 am

@TinCanTech, did you anything else to get this going?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Sat May 23, 2020 11:36 am

TinCanTech wrote:
Tue May 12, 2020 5:08 pm
You may have to experiment with --dev-type tap
As for your packet captures, I don't use dropbox ...

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Sat May 23, 2020 12:48 pm

Are you saying that you don't trust dropbox so you won't download the files from those links? If so, which file sharing site do you want me to upload the files to?

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Sat May 23, 2020 12:50 pm

Also, before I try the tap device, I would really want to understand first why I'm having this issue with the tun device because basic networking principles indicate that there shouldn't be any issues with tun for my use case.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Sat May 23, 2020 1:24 pm

kevindd992002 wrote:
Sat May 23, 2020 12:50 pm
basic networking principles indicate that there shouldn't be any issues with tun for my use case
Openvpn in server mode with multiple clients is not basic networking.

On top of that, you are using pfSense which I don't support for free.

And as I said before,
I have never tried to configure openvpn the way you are
and I do not know if it will work as you expect, if at all.

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Sat May 23, 2020 3:32 pm

I don't even have multiple clients. I only have two clients. By basic networking, I specifically mean that the packets I'm trying to analyze don't even need to traverse through different subnets. I'm only talking about a single subnet, the openvpn tunnel network.

What would be the purpose of asking for the packet capture logs then? Sorry, but I'm still confused.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7151
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by TinCanTech » Sat May 23, 2020 3:56 pm

kevindd992002 wrote:
Sat May 23, 2020 3:32 pm
What would be the purpose of asking for the packet capture logs then?
Because we cannot see them on dropbox.

Anyway, I have given you all the help I can, now you must try it for yourself.

If you want me to do this for you then you will need to financially incentivise me.

kevindd992002
OpenVpn Newbie
Posts: 14
Joined: Thu May 07, 2020 3:24 pm

Re: How to make multicast work within the OpenVPN tunnel network?

Post by kevindd992002 » Sat May 23, 2020 4:12 pm

Ok, so the packet capture files are in this post here:

https://forum.netgate.com/post/911438

I wouldn't mind paying you a fee if this was for work or something but since, like I said, this is for merely two clients I'd rather post in forums and ask for free advice.

Post Reply