Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)DE
Devious76 @lemmy.world
Posts 1
Comments 0
OPNsense @lemmy.world Devious76 @lemmy.world

Need Help with UDP Broadcast Relay for SSDP in OPNsense

Hi There,

Please excuse the lenghty post, I wanted to explain/have all the information I can possibly write down

I've been trying to have "udpbroadcastrelay" plugin to relay SSDP (Simple Service Discovery Protocol) between two subnets, LAN and Bridge. However, I've hit a roadblock with this setup.

The peculiar thing is that mDNS (Multicast DNS) works flawlessly using the same plugin and setup!

I hope that someone can help shed some light on this issue and help me get SSDP relay working as smoothly as mDNS does in my setup. If anyone has experience with the "udpbroadcastrelay" plugin in OPNsense or has encountered a similar issue, your insights and guidance would be greatly appreciated. Thanks in advance for any assistance or suggestions!

SIDENOTE:-

I have used BOTH of :

- os-udpbroadcastrelay 1.0_3 (frpm repo) - compiled from source (Github) so i can use --msearch option

  1. My Setup

    • Virtualized OPNsense in Proxmox
      • Pass-Through (WAN)
      • 2 VirtIO Interfaces (LAN & Bridge)
    • OPNsense Version: OPNsense 23.7.10_1-amd64 FreeBSD 13.2-RELEASE-p7
    • Proxmox Version: proxmox-ve: 8.1.0 (running kernel: 6.5.11-7-pve)

  2. Troubleshooting Attempts:

I've tried various solutions from different sources to resolve this issue, including:

  • HOW TO - Configure OPNsense for TV7 (init7) Multicast Stream > LAN > First we have to enable allow options on the default LAN rule Default allow LAN to any rule. > > - Navigate to Firewall -> Rules -> LAN > - Edit the rule with the description "Default allow LAN to any rule" by clicking the pencil. > - Scroll down until you see Advanced Options: and click on Show/Hide > - Make sure that the allow options checkbox is checked > - Click Save > - Back on Overview click on Apply changes to enable the changed rule

  • [SOLVED] - Multicast bridge problem | Proxmox Support Forum

    > maybe try to disable multicast snooping on bridges ? > > echo 0 > /sys/class/net/vmbrX/bridge/multicast\_snooping >

  • Multicast notes - Proxmox VE

    > #### Linux: Disabling Multicast snooping on bridges > > Snooping should be enabled on either the router / switch or on the linux bridge, but it may not work if enabled on both. If you have a > hosting provider that has igmp snooping enabled on the multicast switch, it may be necessary to disable snooping on the linux bridge. > In that case use: > > post-up ( echo 1 > /sys/devices/virtual/net/$IFACE/bridge/multicast\_querier ) > > post-up ( echo 0 > /sys/class/net/$IFACE/bridge/multicast\_snooping )

To help diagnose the issue effectively, here is what i managed to gather:

FW Ruleset

| LAN Rule Set | | | | | | | | | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description | | IPv4 | LAN net | * | * | * | * | * | Default allow LAN to any |

| Bridge Rule Set | | | | | | | | | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description | | IPv4 | Bridge net | * | * | * | * | * | Allow Bridge to any rule (Manual Entry) |

cat /tmp/rules.debug

LAN Rule Set pass in log quick on vtnet0 inet from {(vtnet0:network)} to {any} keep state label "3070463c8d527cf93da451fa4f88c7cb" # Default allow LAN to any rule

Bridge Rule Set pass in log quick on vtnet1 inet from {(vtnet1:network)} to {any} keep state label "2681e3c4a046e0ab9b3ab64679df3edc" # Allow Bridge to any rule

Interfaces

igc0: flags=8963 metric 0 mtu 1500 description: WAN (wan) options=4802028 ether xx:xx:xx:xx:xx:xx inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 vtnet0: flags=8963 metric 0 mtu 1500 description: LAN (lan) options=800a8 ether xx:xx:xx:xx:xx:xx inet 192.168.100.3 netmask 0xffffff00 broadcast 192.168.100.255 media: Ethernet autoselect (10Gbase-T ) status: active nd6 options=29 vtnet1: flags=8963 metric 0 mtu 1500 description: Bridge (opt1) options=800a8 ether xx:xx:xx:xx:xx:xx inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 media: Ethernet autoselect (10Gbase-T ) status: active nd6 options=29

CLI USED

./udpbroadcastrelay -d -d --id 1 --port 1900 --dev vtnet1 --dev vtnet0 --multicast 239.255.255.250 --msearch dial

2023/12/29 21:48:17.555 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=438 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term upnp:rootdevice 2023/12/29 21:48:17.555 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=438 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.593 <- [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet1 len=462 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term urn:schemas-sony-com:service:Party:1 2023/12/29 21:48:17.593 -> [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet0 len=462 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.593 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=447 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term uuid:00000001-0000-1010-8000-045d4bdcbc2f 2023/12/29 21:48:17.593 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=447 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.614 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=490 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term urn:schemas-upnp-org:device:MediaServer:1 2023/12/29 21:48:17.614 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=490 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.637 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=502 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term urn:schemas-upnp-org:service:ContentDirectory:1 2023/12/29 21:48:17.637 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=502 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.663 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=504 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term urn:schemas-upnp-org:service:ConnectionManager:1 2023/12/29 21:48:17.663 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=504 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.315 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1 Applying default action FORWARD 2023/12/29 21:48:18.315 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.373 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1 Applying default action FORWARD 2023/12/29 21:48:18.373 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.460 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1 Applying default action FORWARD 2023/12/29 21:48:18.460 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:24.824 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1 Applying default action FORWARD 2023/12/29 21:48:24.824 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:24.924 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1 Applying default action FORWARD 2023/12/29 21:48:24.924 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:25.425 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:ses-com:device:SatIPServer:1 Applying default action FORWARD 2023/12/29 21:48:25.425 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:25.525 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4) Found M-SEARCH search term urn:ses-com:device:SatIPServer:1 Applying default action FORWARD 2023/12/29 21:48:25.525 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:49:16.556 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=267 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term upnp:rootdevice 2023/12/29 21:49:16.556 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=267 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:49:16.577 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=276 tos=0x00 DSCP=0 ttl=4) Found NOTIFY search term uuid:00000004-0000-1010-8000-045d4bdcbc2f 2023/12/29 21:49:16.577 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=276 tos=0x04 DSCP=1 ttl=4)

Lan Wireshark Capture

|No. |Time |Source |Destination |Protocol|Length|Info | |----|---------------|--------------|---------------|--------|------|---------------------| |920 |09:13:01.207756|10.10.10.46 |239.255.255.250|SSDP |349 |NOTIFY * HTTP/1.1 | |921 |09:13:01.229336|10.10.10.46 |239.255.255.250|SSDP |349 |NOTIFY * HTTP/1.1 | |922 |09:13:01.290046|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |923 |09:13:01.292706|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 59796 Len=312| |924 |09:13:02.292100|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |925 |09:13:02.294187|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 59796 Len=312| |926 |09:13:03.308643|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |928 |09:13:03.310873|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 59796 Len=312| |929 |09:13:04.309797|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |930 |09:13:04.311739|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 59796 Len=312| |932 |09:13:04.803218|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |933 |09:13:04.805015|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 53037 Len=264| |934 |09:13:05.800708|10.10.10.46 |192.168.100.75 |UDP |306 |37333 → 53037 Len=264| |936 |09:13:07.799676|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |937 |09:13:07.801449|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 53037 Len=264| |938 |09:13:08.045029|10.10.10.46 |192.168.100.75 |UDP |306 |37333 → 53037 Len=264| |962 |09:13:10.807982|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |963 |09:13:10.811017|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 53037 Len=264| |964 |09:13:12.695351|10.10.10.46 |192.168.100.75 |UDP |306 |37333 → 53037 Len=264| |1068|09:14:02.720283|192.168.100.75|239.255.255.250|UDP |1123 |49620 → 3702 Len=1081| |1080|09:14:02.977262|192.168.100.75|239.255.255.250|UDP |1123 |49620 → 3702 Len=1081| |1119|09:14:03.205658|192.168.100.75|239.255.255.250|UDP |666 |59260 → 3702 Len=624 | |1152|09:14:03.442876|192.168.100.75|239.255.255.250|UDP |1123 |49620 → 3702 Len=1081| |1237|09:14:03.907019|192.168.100.75|239.255.255.250|UDP |1123 |49620 → 3702 Len=1081| |1284|09:14:04.593450|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |1285|09:14:04.595580|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 52272 Len=264| |1286|09:14:04.608593|192.168.100.75|239.255.255.250|SSDP |179 |M-SEARCH * HTTP/1.1 | |1301|09:14:04.862324|192.168.100.75|239.255.255.250|UDP |666 |59260 → 3702 Len=624 | |1324|09:14:05.215444|10.10.10.46 |192.168.100.75 |UDP |306 |37333 → 52272 Len=264| |1371|09:14:06.231131|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |1372|09:14:06.233068|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 58452 Len=312| |1392|09:14:06.865155|192.168.100.75|239.255.255.250|UDP |666 |59260 → 3702 Len=624 | |1401|09:14:07.232162|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |1402|09:14:07.234422|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 58452 Len=312| |1408|09:14:07.595062|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |1409|09:14:07.597369|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 52272 Len=264| |1410|09:14:07.610422|192.168.100.75|239.255.255.250|SSDP |179 |M-SEARCH * HTTP/1.1 | |1443|09:14:08.234467|192.168.100.75|239.255.255.250|SSDP |217 |M-SEARCH * HTTP/1.1 | |1444|09:14:08.234644|192.168.100.75|239.255.255.250|SSDP |143 |M-SEARCH * HTTP/1.1 | |1445|09:14:08.236807|10.10.10.46 |192.168.100.75 |UDP |354 |50201 → 58452 Len=312| |1446|09:14:08.237538|10.10.10.46 |192.168.100.75 |UDP |306 |50201 → 52272 Len=264| |1448|09:14:08.265899|192.168.100.75|239.255.255.250|SSDP |175 |M-SEARCH * HTTP/1.1 | |1450|09:14:08.297109|192.168.100.75|239.255.255.250|SSDP |169 |M-SEARCH * HTTP/1.1 | |1453|09:14:08.334904|192.168.100.75|239.255.255.250|SSDP |167 |M-SEARCH * HTTP/1.1 |

0