I need to find a way to discover source and destination IPs from a IPTV traffic flow.
When I have that info, I will create a new VPN Policy based on my findings.
Basically I want to create this new rule related to a streaming service running as a app in a Samsung SmarTV from my LAN.
I would like to set the traffic from that specific app to go via the VPN and the other streaming services to skip the VPN.
From Status > Firewall I can see the counters increasing, but not the detailed IPs or names.
Thanks in advance.
Perhaps you want to try this ...
- You know the port: netstat -tanp | grep
- You want to screen all traffic:
opkg install tcpdump
typdump -I (here: br-wan)
Wireshark is another option.
I managed to find out that Amazon hosts the IPTV service.
But every time I shut down my TV and turn it back on again, the source IP of the streams change and to make things worse, those IPs are in different subnets. Not really scalable to create rules on dynamic IP addresses. The same constraint is valid for the domain names I've seen.
I will keep investigating.
That tends to be the issue with these endeavours these days and in the presence of content delivery networks and services changing data centres and the number of vservers as they go.
So here is my idea:
TV app X -- router -- VPN to a foreign country
Rest of TV apps and LAN devices -- router -- local Internet
So far, thanks to a VPN Policy, I managed to push all the TV traffic towards the tunnel, while the remaining LAN devices go around the tunnel straight to local Internet.
VPN Policy #1 - Source IP: TV / Destination IP: any / Interface: VPN
VPN Policy #2 - Source IP: LAN subnet / Destination IP: any / Interface: WAN
In order for the remaining apps to work, they must go through local Internet and not the VPN.
What I want now is to be more specific and create a policy where it matches only the TV app X and send its traffic via the VPN.
Then I will be able to change apps while watching TV and they will work without me switching on/off the VPN or any other manual mechanism.
Thanks to OpenWrt so far I was able to:
1 - Deploy the OpenVPN client in the router
2 - Create VPN Policies