Hi,

I moved from a Ubiquity Edge router to VYOS on KVM. Everything is working fine, ipv6 is much more stable as on ERX. Hairpin NAT is also ok. I’m very happy
The last issue I have, is to make working IP-TV with IGMP, I didn’t have any luck for now.

This is my current configuration on 1.4-rolling-202307090317

firewall {
all-ping enable
broadcast-ping disable
config-trap disable
group {
network-group IPTV-Multicast {
network 224.0.0.0/4
network 239.0.0.0/8
network 195.186.0.0/16
}
network-group SCTV-MC-Source {
network 213.3.72.0/24
}
}
interface eth1.10 {
in {
ipv6-name WAN6_IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
out {
ipv6-name WAN6_OUT
name WAN_OUT
}
}
ipv6-name WAN6_IN {
default-action drop
description “WAN6 to internal”
rule 10 {
action accept
description “Allow established/related”
state {
established enable
related enable
}
}
rule 20 {
action drop
description “Drop invalid state”
state {
invalid enable
}
}
rule 30 {
action accept
description “allow ICMPv6”
protocol ipv6-icmp
}
rule 2000 {
action accept
description “for caddy”
destination {
address xxxx:xxxx:xxxx:xxxx:xxxx:xx:xxxx:xxxx
port 443
}
protocol tcp
}
}
ipv6-name WAN6_LOCAL {
default-action drop
description “WAN6 to router”
rule 10 {
action accept
description “Allow established/related”
state {
established enable
related enable
}
}
rule 20 {
action drop
description “Drop invalid state”
state {
invalid enable
}
}
rule 30 {
action accept
description “allow ICMPv6”
protocol ipv6-icmp
}
rule 40 {
action accept
description “allow DHCPv6 client/server”
destination {
port 546
}
protocol udp
source {
port 547
}
}
rule 50 {
action drop
description “Block port 53”
destination {
port 53
}
protocol tcp_udp
}
}
ipv6-name WAN6_OUT {
default-action accept
description “IPv6 WAN out”
rule 10 {
action accept
description “Allow established/related”
state {
established enable
related enable
}
}
rule 20 {
action reject
description “Allow established/related”
state {
invalid enable
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description WAN-to-internal
enable-default-log
rule 10 {
action drop
log enable
source {
geoip {
country-code ru
}
}
}
rule 20 {
action accept
description Allow-established/related
state {
established enable
related enable
}
}
rule 21 {
action accept
description wireguard
destination {
address 192.168.178.22
port 51820
}
log enable
protocol udp
}
rule 23 {
action accept
destination {
address 192.168.178.20
port 80,443
}
protocol tcp
state {
new enable
}
}
rule 30 {
action drop
description Drop-invalid-state
log enable
state {
invalid enable
}
}
rule 31 {
action accept
destination {
address 192.168.178.19
port 25,110,143,587,993,4190
}
protocol tcp
state {
new enable
}
}
rule 40 {
action accept
description Allow-IPTV-Multicast-UDP
destination {
group {
network-group IPTV-Multicast
}
port 10000
}
log enable
protocol udp
source {
group {
network-group SCTV-MC-Source
}
port 10000
}
}
rule 50 {
action accept
description Allow-IGMP
log disable
protocol igmp
}
}
name WAN_LOCAL {
default-action drop
description “WAN to local”
rule 10 {
action accept
description Allow-established/related
state {
established enable
related enable
}
}
rule 20 {
action drop
description Drop-invalid-state
state {
invalid enable
}
}
rule 21 {
action accept
description “Swisscom IPTV”
destination {
group {
network-group IPTV-Multicast
}
port 10000
}
log disable
protocol udp
source {
group {
network-group SCTV-MC-Source
}
port 10000
}
}
rule 22 {
action accept
description Allow-IGMP
log disable
protocol igmp
}
rule 23 {
action drop
description openvpn
destination {
port 1194
}
log enable
protocol udp
}
rule 24 {
action accept
description “ESP Protocol”
log disable
protocol esp
}
rule 30 {
action accept
destination {
address 192.168.178.20
port 80,443
}
log enable
protocol tcp
state {
new enable
}
}
rule 31 {
action accept
destination {
address 192.168.178.19
port 25,110,143,587,993,4190
}
protocol tcp
state {
new enable
}
}
}
name WAN_OUT {
default-action accept
description “Internal to WAN”
rule 10 {
action accept
description “Allow established/related”
log disable
state {
established enable
related enable
}
}
rule 20 {
action reject
description “Reject invalid state”
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address 192.168.178.1/24
address 192.168.178.251/24
description Local
duplex auto
hw-id xx:xx:xx:xx:xx:xx
ipv6 {
dup-addr-detect-transmits 1
}
offload {
gro
lro
sg
tso
}
speed auto
}
ethernet eth1 {
duplex auto
hw-id xx:xx:xx:xx:xx:xx
offload {
gro
lro
sg
tso
}
speed auto
vif 10 {
address dhcp
address dhcpv6
description Internet
dhcp-options {
default-route-distance 201
host-name ubnt-sw
vendor-class-id 100008,0001
}
dhcpv6-options {
duid xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
pd 0 {
interface eth0 {
address 1
sla-id 0
}
length 56
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
}
loopback lo {
}
}
nat {
destination {
rule 10 {
description dans-ssh
destination {
port xxx
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.20
port xxxx
}
}
rule 11 {
description “caddy http”
destination {
port 80
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.20
port 80
}
}
rule 12 {
description “caddy https”
destination {
port 443
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.20
port 443
}
}
rule 13 {
description submission
destination {
port 587
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 587
}
}
rule 14 {
description IMAP/S
destination {
port 993
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 993
}
}
rule 15 {
description POP3/S
destination {
port 995
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 995
}
}
rule 16 {
description “for mail”
destination {
port 4190
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 4190
}
}
rule 17 {
description SMTP
destination {
port 25
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 25
}
}
rule 18 {
description POP3
destination {
port 110
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 110
}
}
rule 19 {
description IMAP
destination {
port 143
}
inbound-interface eth1.10
protocol tcp
translation {
address 192.168.178.19
port 143
}
}
rule 20 {
description WIREGUARD
destination {
port 51820
}
inbound-interface eth1.10
protocol udp
translation {
address 192.168.178.22
port 51820
}
}
rule 100 {
description “NAT reflection inside”
destination {
address my dynamic external IP
port 80,443
}
inbound-interface eth0
protocol tcp
translation {
address 192.168.178.20
}
}
}
source {
rule 110 {
description “NAT Reflection: INSIDE”
destination {
address 192.168.178.0/24
}
log
outbound-interface eth0
protocol tcp
source {
address 192.168.178.0/24
}
translation {
address masquerade
}
}
rule 5010 {
description “masquerade for WAN”
outbound-interface eth1.10
protocol all
source {
address 192.168.178.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
igmp-proxy {
interface eth0 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
interface eth1.10 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
}
static {
route6 ::/0 {
interface eth1.10 {
}
}
}
}
service {
dhcp-server {
listen-address 192.168.178.1
shared-network-name LAN {
authoritative
name-server 192.168.178.20
name-server 192.168.178.1
subnet 192.168.178.0/24 {
default-router 192.168.178.1
domain-name home
lease 86400
range 0 {
start 192.168.178.40
stop 192.168.178.249
}

        }
    }
}
dns {
    forwarding {
        allow-from 192.168.178.0/24
        listen-address 192.168.178.1
        name-server 8.8.8.8 {
        }
    }
}
ntp {
    allow-client {
        address 0.0.0.0/0
        address ::/0
    }
    server 0.ch.pool.ntp.org {
    }
    server 0.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
}
router-advert {
    interface eth0 {
        default-preference high
        hop-limit 64
        interval {
            max 600
        }
        link-mtu 1500
        name-server xxxx:xxxx:xxxx:xxxx:xxxx:xx:xxxx:xxxx
        other-config-flag
        prefix 0::/64 {
            valid-lifetime 2592000
        }
        reachable-time 0
        retrans-timer 0
    }
}
ssh {
    listen-address 192.168.178.1
    listen-address 192.168.178.251
    port 22
}

}
system {

conntrack {
    modules {
        ftp
        h323
        nfs
        pptp
        sip
        sqlnet
        tftp
    }
}
domain-name home
host-name vyos-sw
login {
    user me {
        authentication {
            encrypted-password !
            plaintext-password ""
        }
    }
}

name-server 1.1.1.1
option {
    performance throughput
}

}
syslog {
    global {
        facility all {
            level notice
        }
        facility local7 {
            level debug
        }
    }
    host 192.168.178.3 {
        facility all {
            level info
        }
    }
}
time-zone Europe/Zurich

}

// Warning: Do not remove the following line.
// vyos-config-version: “bgp@4:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-dynamic@1:dns-forwarding@4:firewall@10:flow-accounting@1:https@4:ids@1:interfaces@29:ipoe-server@1:ipsec@12:isis@3:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@2:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@11:rip@1:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@26:vrf@3:vrrp@3:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2”
// Release version: 1.4-rolling-202307090317

I should add I can see IGMP reports with tcpdump on a client, maybe it is more a UDP problem when a client tries to stream a video. Sorry I do not know much about this protocols. The same configuration did work very well with the ERX.

A hint, when posting full config its often easier to read in the set-commands mode rather than json mode.

Also piping through strip-private can be a good thing too like so:

show configuration commands | strip-private

And finally when posting the config encapsulate it by three ` chars before and after the codeblock you like to have quoted like so:

text

When it comes to your multicast question you do seem to have igmp-proxy setup but what about PIM and IGMP itself?

https://docs.vyos.io/en/latest/configuration/protocols/igmp.html

Hi,
I did try to activate PIM, it didn’t work at all:
set protocols pim interface eth0
set protocols pim interface eth1.10
set protocols pim rp address 1.1.1.1 group ‘224.0.0.0/4’
set protocols pim rp address 1.1.1.1 group ‘239.0.0.0/8’
set protocols igmp interface eth0
set protocols ospf area 0 network ‘92.107.116.0/22’
set protocols ospf area 0 network ‘192.168.178.0/24’

Jul 25 23:36:53 vyos-sw pimd[897]: [VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [create] xpath [/frr-routing:routing/control-plane-protocols/control-plane-protocol[type=‘frr-pim:pimd’][name=‘pim’][vrf=‘default’]/frr-pim:pim/address-family[address-family=‘frr-routing:ipv4’]/frr-pim-rp:rp/static-rp/rp-list[rp-address=‘1.1.1.1’]/group-list[.=‘224.0.0.0/4’]] message: No Path to RP address specified: 1.1.1.1
Jul 25 23:36:53 vyos-sw pimd[897]: [VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [create] xpath [/frr-routing:routing/control-plane-protocols/control-plane-protocol[type=‘frr-pim:pimd’][name=‘pim’][vrf=‘default’]/frr-pim:pim/address-family[address-family=‘frr-routing:ipv4’]/frr-pim-rp:rp/static-rp/rp-list[rp-address=‘1.1.1.1’]/group-list[.=‘239.0.0.0/8’]] message: No Path to RP address specified: 1.1.1.1
Jul 25 23:42:19 vyos-sw kernel: [ 2130.015032] [SRC-NAT-110-MASQ]IN=eth0 OUT=eth0 MAC=52:54:00:3f:3f:51:52:54:00:2d:95:b4:08:00 SRC=192.168.178.21 DST=192.168.178.20 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=49250 DF PROTO=TCP SPT=53754 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

then I went back to igmp-proxy, to me it doesn’t look to bad but it isn’t working.
I see this on a linux client connected to the same network.
tcpdump -i br0 -vv igmp
tcpdump: listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:49:33.602119 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
192.168.178.231 > igmp.mcast.net: igmp v2 report igmp.mcast.net
15:49:33.609004 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
dans-srv5 > 224.0.0.251: igmp v2 report 224.0.0.251
15:49:33.805250 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
192.168.178.27 > 239.254.127.63: igmp v2 report 239.254.127.63

When I switch from edge router to VYOS TV is working. But after reboot of the TV box it doesnt anymore as it looses some informations it kept in memory.

this is some output form igmp-proxy
root@vyos-sw:/home/danu# kill 4894
root@vyos-sw:/home/danu# /usr/sbin/igmpproxy -d -vvvv /etc/igmpproxy.conf
Searching for config file at ‘/etc/igmpproxy.conf’
Config: Quick leave mode enabled.
Config: Got a phyint token.
Config: IF: Config for interface eth0.
Config: IF: Got downstream token.
Config: IF: Got ratelimit token ‘0’.
Config: IF: Got threshold token ‘1’.
Config: IF: Got altnet token 0.0.0.0/0.
Config: IF: Altnet: Parsed altnet to default.
IF name : eth0
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 2
Allowednet ptr : e0761700
Config: Got a phyint token.
Config: IF: Config for interface eth1.10.
Config: IF: Got upstream token.
Config: IF: Got ratelimit token ‘0’.
Config: IF: Got threshold token ‘1’.
Config: IF: Got altnet token 0.0.0.0/0.
Config: IF: Altnet: Parsed altnet to default.
IF name : eth1.10
Next ptr : 0
Ratelimit : 0
Threshold : 1
State : 1
Allowednet ptr : e0761780
buildIfVc: Interface lo Addr: 127.0.0.1, Flags: 0x0049, Network: 127/8
buildIfVc: Interface eth0 Addr: 192.168.178.1, Flags: 0x1043, Network: 192.168.178/24
buildIfVc: Interface eth0 Addr: 192.168.178.251, Flags: 0x1043, Network: 192.168.178/24
buildIfVc: Interface eth1.10 Addr: 92.107.116.248, Flags: 0x1043, Network: 92.107.116/22
Found config for eth0
Found config for eth0
Found config for eth1.10
adding VIF, Ix 0 Fl 0x0 IP 0x01b2a8c0 eth0, Threshold: 1, Ratelimit: 0
Network for [eth0] : 192.168.178/24
Network for [eth0] : default
adding VIF, Ix 1 Fl 0x0 IP 0xfbb2a8c0 eth0, Threshold: 1, Ratelimit: 0
Network for [eth0] : 192.168.178/24
Network for [eth0] : default
Found upstrem IF #0, will assing as upstream Vif 3
adding VIF, Ix 2 Fl 0x0 IP 0xf8746b5c eth1.10, Threshold: 1, Ratelimit: 0
Network for [eth1.10] : 92.107.116/22
Network for [eth1.10] : default
Got 262144 byte buffer size in 0 iterations
Joining all-routers group 224.0.0.2 on vif 192.168.178.1
Joining group 224.0.0.2 on interface eth0
Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.178.1
Joining group 224.0.0.22 on interface eth0
Joining all-routers group 224.0.0.2 on vif 192.168.178.251
Joining group 224.0.0.2 on interface eth0
can’t join group 224.0.0.2 on interface eth0; Errno(98): Address already in use
Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.178.251
Joining group 224.0.0.22 on interface eth0
can’t join group 224.0.0.22 on interface eth0; Errno(98): Address already in use
SENT Membership query from 192.168.178.1 to 224.0.0.1
Sent membership query from 192.168.178.1 to 224.0.0.1. Delay: 10
SENT Membership query from 192.168.178.251 to 224.0.0.1
Sent membership query from 192.168.178.251 to 224.0.0.1. Delay: 10
Created timeout 1 (#0) - delay 10 secs
(Id:1, Time:10)
Created timeout 2 (#1) - delay 21 secs
(Id:1, Time:10)
(Id:2, Time:21)
RECV Membership query from 192.168.178.1 to 224.0.0.1
RECV Membership query from 192.168.178.251 to 224.0.0.1
The IGMP message was local multicast. Ignoring.
RECV V2 member report from 192.168.178.231 to 224.0.0.22
Should insert group 224.0.0.22 (from: 192.168.178.231) to route table. Vif Ix : 0
No existing route for 224.0.0.22. Create new.
No routes in table. Insert at beginning.
Inserted route table entry for 224.0.0.22 on VIF #0
Joining group 224.0.0.22 upstream on IF address 92.107.116.248
Joining group 224.0.0.22 on interface eth1.10

Current routing table (Insert Route):

#0: Dst: 224.0.0.22, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes

RECV V2 member report from 192.168.178.1 to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report from 192.168.178.169 to 225.0.71.1
Should insert group 225.0.71.1 (from: 192.168.178.169) to route table. Vif Ix : 0
No existing route for 225.0.71.1. Create new.
Found existing routes. Find insert location.
Inserting at beginning, before route 224.0.0.22
Inserted route table entry for 225.0.71.1 on VIF #0
Joining group 225.0.71.1 upstream on IF address 92.107.116.248
Joining group 225.0.71.1 on interface eth1.10

Current routing table (Insert Route):

#0: Dst: 225.0.71.1, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Dst: 224.0.0.22, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes

RECV V3 member report from 92.107.116.248 to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V3 member report from 92.107.116.248 to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV Membership query from 1.1.1.1 to 224.0.0.1
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V3 member report from 92.107.116.248 to 224.0.0.22
The IGMP message was from myself. Ignoring.
The IGMP message was from myself. Ignoring.
The IGMP message was from myself. Ignoring.
The IGMP message was from myself. Ignoring.
RECV V2 member report from 192.168.178.27 to 239.254.127.63
Should insert group 239.254.127.63 (from: 192.168.178.27) to route table. Vif Ix : 0
No existing route for 239.254.127.63. Create new.
Found existing routes. Find insert location.
Inserting after route 224.0.0.22
Inserted route table entry for 239.254.127.63 on VIF #0
Joining group 239.254.127.63 upstream on IF address 92.107.116.248
Joining group 239.254.127.63 on interface eth1.10

Current routing table (Insert Route):

#0: Dst: 225.0.71.1, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#1: Dst: 224.0.0.22, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes
#2: Dst: 239.254.127.63, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes

I hope somebody can help with this details

regards
Daniel

Do you have any routes to RPs IP except the default route? If not, create a static route to RP.

That what I was thinking, I not to create a static host gateway in Linux but I could not figure out how to do this in vyos.

Hi,

I was able to solve the problem with the route
root@vyos-sw:/home/danu# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=5.92 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=57 time=5.94 ms

now I get this
Jul 27 11:14:39 vyos-sw bgpd[855]: [VCGF0-X62M1][EC 100663301] INTERFACE_STATE: Cannot find IF pimreg in VRF 0
Jul 27 11:14:39 vyos-sw zebra[848]: [GE156-FS0MJ][EC 100663299] stream_read_try: read failed on fd 72: Connection reset by peer
Jul 27 11:14:39 vyos-sw zebra[848]: [VXKFG-8SJRV][EC 4043309121] Client ‘pim’ encountered an error and is shutting down.
Jul 27 11:14:39 vyos-sw zebra[848]: [VXKFG-8SJRV][EC 4043309121] Client ‘system’ encountered an error and is shutting down.
Jul 27 11:14:39 vyos-sw watchfrr[811]: [HD38Q-0HBRT][EC 268435457] pimd state → down : read returned EOF

Any idea what is wrong now? I meantime id dit open PIM in the firewall for WAN_IN and WAN_LOCAL

Have you configured PIM on all routers between Source - RP - Destination ?

I had an error in the configuration with an empty route to the WAN interface. I removed this and vyos gets now the route from dhclient
Destination Gateway Genmask Flags Metric Ref Use Iface
default 1.116.107.92.dy 0.0.0.0 UG 20 0 0 eth1.10
92.107.116.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1.10
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

I gave the wrong information, sorry. Yes I enabled PIM on both interfaces I have
danu@vyos-sw# show protocols
igmp {
interface eth0 {
}
}
ospf {
area 0 {
network 92.107.116.0/22
network 192.168.178.0/24
}
}
pim {
interface eth0 {
}
interface eth1.10 {
}
rp {
address 1.1.1.1 {
group 224.0.0.0/4
group 239.0.0.0/8
}
}
}

I’m an home user and I have one router, the other one is at the ISP and he seems to support PIM. I’ve seen some success reports from user using CISCO routers

@dan1012
You should create static route to RP
In your case

set protocols static route 1.1.1.1 next-hop {NEXT HOP IP}

Hi,

Thank you for your reply, as next hope is at ISP I do nao have any idea what this address is.

As IGMP proxy works well on my aging Vyatta router I went back to the proxy solution. The problem is the multicast groups are not replicated to downstream interface.
root@vyos-rt:/home/danu# ip -f inet maddr show dev eth1.10
4: eth1.10 → upstream interface
inet 239.254.127.63 ← IP-TV address
inet 239.186.68.18 ← IP-TV address
inet 225.0.71.1
inet 224.0.0.1
2: eth0 ← downstream interface
inet 224.0.0.22
inet 224.0.0.2
inet 224.0.0.1

root@vyos-rt:/home/danu# /usr/sbin/igmpproxy -d -vvv /etc/igmpproxy.conf
adding VIF, Ix 0 Fl 0x0 IP 0x01b2a8c0 eth0, Threshold: 1, Ratelimit: 0
adding VIF, Ix 1 Fl 0x0 IP 0xfbb2a8c0 eth0, Threshold: 1, Ratelimit: 0
adding VIF, Ix 2 Fl 0x0 IP 0xf8746b5c eth1.10, Threshold: 1, Ratelimit: 0
Joining group 224.0.0.2 on interface eth0
Joining group 224.0.0.22 on interface eth0
Joining group 224.0.0.2 on interface eth0
can’t join group 224.0.0.2 on interface eth0; Errno(98): Address already in use
Joining group 224.0.0.22 on interface eth0
can’t join group 224.0.0.22 on interface eth0; Errno(98): Address already in use
RECV Membership query from 192.168.178.1 to 224.0.0.1
RECV Membership query from 192.168.178.251 to 224.0.0.1
RECV V2 member report from 192.168.178.1 to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report from 192.168.178.1 to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report from 192.168.178.169 to 225.0.71.1
Inserted route table entry for 225.0.71.1 on VIF #0
Joining group 225.0.71.1 on interface eth1.10
The IGMP message was local multicast. Ignoring.
RECV Leave message from 192.168.178.15 to 224.0.0.2
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V2 member report from 192.168.178.27 to 239.254.127.63
Inserted route table entry for 239.254.127.63 on VIF #0
Joining group 239.254.127.63 on interface eth1.10
RECV V2 member report from 192.168.178.15 to 239.186.68.18
Inserted route table entry for 239.186.68.18 on VIF #0
Joining group 239.186.68.18 on interface eth1.10
RECV Membership query from 192.168.178.1 to 224.0.0.1
RECV Membership query from 192.168.178.251 to 224.0.0.1
RECV Membership query from 1.1.1.1 to 224.0.0.1
The IGMP message was local multicast. Ignoring.
RECV V2 member report from 192.168.178.15 to 239.186.68.18
Updated route entry for 239.186.68.18 on VIF #0
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V2 member report from 192.168.178.1 to 224.0.0.2
The IGMP message was from myself. Ignoring.
The IGMP message was local multicast. Ignoring.
The IGMP message was local multicast. Ignoring.
RECV V2 member report from 192.168.178.1 to 224.0.0.22
The IGMP message was from myself. Ignoring.
RECV V2 member report from 192.168.178.27 to 239.254.127.63
Updated route entry for 239.254.127.63 on VIF #0
RECV V2 member report from 192.168.178.169 to 225.0.71.1
Updated route entry for 225.0.71.1 on VIF #0
RECV Leave message from 192.168.178.114 to 224.0.0.2
RECV Membership query from 192.168.178.1 to 224.0.0.1
RECV Membership query from 192.168.178.251 to 224.0.0.1
RECV V2 member report from 192.168.178.231 to 224.0.0.22
Inserted route table entry for 224.0.0.22 on VIF #0

this is my config
root@vyos-rt:/home/danu# cat /etc/igmpproxy.conf
########################################################

autogenerated by igmp_proxy.py

The configuration file must define one upstream interface, and one or more

downstream interfaces.

If multicast traffic originates outside the upstream subnet, the “altnet”

option can be used in order to define legal multicast sources.

The “quickleave” should be used to avoid saturation of the upstream link. The

option should only be used if it’s absolutely nessecary to accurately imitate

just one Client.

########################################################

quickleave

Configuration for eth0 (downstream interface)

phyint eth0 downstream ratelimit 0 threshold 1
altnet 192.168.178.0/24

Configuration for eth1.10 (upstream interface)

phyint eth1.10 upstream ratelimit 0 threshold 1
altnet 224.0.0.0/4
altnet 239.0.0.0/8
altnet 195.186.0.0/16

log output
Aug 6 23:00:51 vyos-rt igmpproxy[5732]: can’t join group 224.0.0.2 on interface eth0; Errno(98): Address already in use
Aug 6 23:00:51 vyos-rt igmpproxy[5732]: can’t join group 224.0.0.22 on interface eth0; Errno(98): Address already in use

Does anybody have a idea ?

Found the issue, not a VYOS problem but related to the virtualization of VYOS. It’s running on KVM and KVM filters multicast trafic on macvtab interfaces. I had to add “trust GuestRxFilters=yes” and IPTV is working.
This is the configuration of the LAN and WAN interfaces:
NIC 1 for LAN (eth0)

NIC 2 for WAN (eth1)

<interface type=“direct trustGuestRxFilters=“yes””>

It’s always nice when people come back and share how they’ve solved a problem. Thank you, glad you got it working!

Yes, two thumbs up for that

Worst thing when one find a thread online with exactly the same problem as one self have and then the proper fix (in that particular case) is missing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.