Skip Navigation
OPNsense @lemmy.world
Devious76 @lemmy.world

Need Help with UDP Broadcast Relay for SSDP in OPNsense

Hi There,

Please excuse the lenghty post, I wanted to explain/have all the information I can possibly write down

I've been trying to have "udpbroadcastrelay" plugin to relay SSDP (Simple Service Discovery Protocol) between two subnets, LAN and Bridge. However, I've hit a roadblock with this setup.

The peculiar thing is that mDNS (Multicast DNS) works flawlessly using the same plugin and setup!

I hope that someone can help shed some light on this issue and help me get SSDP relay working as smoothly as mDNS does in my setup. If anyone has experience with the "udpbroadcastrelay" plugin in OPNsense or has encountered a similar issue, your insights and guidance would be greatly appreciated. Thanks in advance for any assistance or suggestions!

SIDENOTE:-

I have used BOTH of :

 
        - os-udpbroadcastrelay 1.0_3 (frpm repo)
    - compiled from source (Github) so i can use --msearch option
  1. My Setup
    1. Virtualized OPNsense in Proxmox
      1. Pass-Through (WAN)
      2. 2 VirtIO Interfaces (LAN & Bridge)
    2. OPNsense Version: OPNsense 23.7.10_1-amd64 FreeBSD 13.2-RELEASE-p7
    3. Proxmox Version: proxmox-ve: 8.1.0 (running kernel: 6.5.11-7-pve)
  2. Troubleshooting Attempts:

I've tried various solutions from different sources to resolve this issue, including:

  • HOW TO - Configure OPNsense for TV7 (init7) Multicast Stream

    LANFirst we have to enable allow options on the default LAN rule Default allow LAN to any rule.

    • Navigate to Firewall -> Rules -> LAN
    • Edit the rule with the description "Default allow LAN to any rule" by clicking the pencil.
    • Scroll down until you see Advanced Options: and click on Show/Hide
    • Make sure that the allow options checkbox is checked
    • Click Save
    • Back on Overview click on Apply changes to enable the changed rule
  • [SOLVED] - Multicast bridge problem | Proxmox Support Forum

    maybe try to disable multicast snooping on bridges ?

    echo 0 > /sys/class/net/vmbrX/bridge/multicastsnooping

  • Multicast notes - Proxmox VE

    Linux: Disabling Multicast snooping on bridges

    Snooping should be enabled on either the router / switch or on the linux bridge, but it may not work if enabled on both. If you have a hosting provider that has igmp snooping enabled on the multicast switch, it may be necessary to disable snooping on the linux bridge. In that case use:

    post-up ( echo 1 > /sys/devices/virtual/net/$IFACE/bridge/multicastquerier )

    post-up ( echo 0 > /sys/class/net/$IFACE/bridge/multicastsnooping )

To help diagnose the issue effectively, here is what i managed to gather:

FW Ruleset

 
        cat /tmp/rules.debug
    
    LAN Rule Set
    pass in log quick on vtnet0 inet from {(vtnet0:network)} to {any} keep state label "3070463c8d527cf93da451fa4f88c7cb" # Default allow LAN to any rule
    
    Bridge Rule Set
     pass in log quick on vtnet1 inet from {(vtnet1:network)} to {any} keep state label "2681e3c4a046e0ab9b3ab64679df3edc" # Allow Bridge to any rule

Interfaces

 
        igc0: flags=8963 metric 0 mtu 1500
    	description: WAN (wan)
    	options=4802028
    	ether xx:xx:xx:xx:xx:xx
    	inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
    	media: Ethernet autoselect (1000baseT )
    	status: active
    	nd6 options=29
    vtnet0: flags=8963 metric 0 mtu 1500
    	description: LAN (lan)
    	options=800a8
    	ether xx:xx:xx:xx:xx:xx
    	inet 192.168.100.3 netmask 0xffffff00 broadcast 192.168.100.255
    	media: Ethernet autoselect (10Gbase-T )
    	status: active
    	nd6 options=29
    vtnet1: flags=8963 metric 0 mtu 1500
    	description: Bridge (opt1)
    	options=800a8
    	ether xx:xx:xx:xx:xx:xx
    	inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
    	media: Ethernet autoselect (10Gbase-T )
    	status: active
    	nd6 options=29

CLI USED

./udpbroadcastrelay -d -d --id 1 --port 1900 --dev vtnet1 --dev vtnet0 --multicast 239.255.255.250 --msearch dial

 
        2023/12/29 21:48:17.555 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=438 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term upnp:rootdevice
    2023/12/29 21:48:17.555 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=438 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:17.593 <- [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet1 len=462 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term urn:schemas-sony-com:service:Party:1
    2023/12/29 21:48:17.593 -> [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet0 len=462 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:17.593 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=447 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term uuid:00000001-0000-1010-8000-045d4bdcbc2f
    2023/12/29 21:48:17.593 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=447 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:17.614 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=490 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term urn:schemas-upnp-org:device:MediaServer:1
    2023/12/29 21:48:17.614 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=490 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:17.637 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=502 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term urn:schemas-upnp-org:service:ContentDirectory:1
    2023/12/29 21:48:17.637 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=502 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:17.663 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=504 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term urn:schemas-upnp-org:service:ConnectionManager:1
    2023/12/29 21:48:17.663 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=504 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:18.315 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
       Applying default action FORWARD
    2023/12/29 21:48:18.315 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:18.373 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
       Applying default action FORWARD
    2023/12/29 21:48:18.373 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:18.460 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
       Applying default action FORWARD
    2023/12/29 21:48:18.460 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:24.824 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
       Applying default action FORWARD
    2023/12/29 21:48:24.824 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:24.924 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
       Applying default action FORWARD
    2023/12/29 21:48:24.924 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:25.425 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
       Applying default action FORWARD
    2023/12/29 21:48:25.425 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:48:25.525 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
       Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
       Applying default action FORWARD
    2023/12/29 21:48:25.525 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:49:16.556 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=267 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term upnp:rootdevice
    2023/12/29 21:49:16.556 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=267 tos=0x04 DSCP=1 ttl=4)
    
    2023/12/29 21:49:16.577 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=276 tos=0x00 DSCP=0 ttl=4)
       Found NOTIFY search term uuid:00000004-0000-1010-8000-045d4bdcbc2f
    2023/12/29 21:49:16.577 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=276 tos=0x04 DSCP=1 ttl=4)

Lan Wireshark Capture

Comments

0