Receive iptv over wireguard interface

I want to get access to paid iptv by tunneling rtp traffic over wireguard from my parents home, which has access to the tv streams over rtp. From within my parents home I can access for example rtp://87.141.215.251@232.0.20.234:10000 over wifi without any problems. I created a wg-interface on openwrt with my parents router as a peer. I added 87.141.215.251 to the AllowedIPs and configured pbr to route all traffic going to 87.141.215.251 over this wireguard interface. I still cannot get the stream to work.
How can I troubleshoot my issue? How can I receive the iptv stream over wireguard? Does anyone have any experience with such endeavors?

Thank you!
protman

In URI syntax, @ normally splits user and host:
https://en.wikipedia.org/wiki/Uniform_Resource_Identifier#Example_URIs

And what about 232.0.20.234?

Hi, thank you for the answer.
I added 232.0.20.234 to my pbr rules / AllowedIPs of the wireguard interface, but unfortunately it does not resolve my issue.

Regards,
protman

1 Like

232.0.20.234 is multicast IP address.

It's not meant as one computer connecting to it (from client to server, establishing a connection on which the server then will answer with the video stream you want to have).

The flow is bascially the other way around. One server IP address (source might be e.g. any 10.0.0.0/16 from within your ISPs network) broadcasts: "hey, I'm gonna send data to 232.0.20.234, whoever whants that data, just pick it up". Then it's your routers responsiblity to transport that broadcast into your local network, where your client can respond with "yes pease". Then your router forwards that "yes please" to that initial sender. From that moment on, the initial sender will send that video traffic to 232.0.20.234 but targeting your routers MAC address, so traffic directed not from but at this IP address will hit your router and its your routers job to now forward that traffic to your client.

So you want to somehow "receive multicast traffic via wireguard".

As far as I could read up (meaning: I just googled it, have no experience at all), just turning the multicast configuration on your wireguard setup might not work because that just forwards local multicast traffic from one lan to another (where the origin is within the allowed IP addresses and within the same subnet as one of your routers networks), but that's not the case for WAN multicast traffic because the origin of this traffic is an external, routed IP address. But again, I might be wrong about understanding whow that stting is supposed to work. Maybe give it a try.

If you want to build that yourself, at first glance, you could create a "gre tunnel" network ontop of your wireguard network. That puts your personal router and your parents router in another, shared L2 broadcast domain. Now "something something IGMP snooping", don't now exactly how to move on from here.

To illustrate the GRE thing:

Router 1:

  • lan: 192.168.100.1/24
  • wireguard: 10.0.0.1/32, allow 192.168.200.0/24 + 10.0.0.2/32
  • shared bridge: 10.0.100.1/24
  • gre tunnel to 10.0.0.2, bridge to shared bridge

Router 2:

  • lan 192.168.200.1/24
  • wireguard: 10.0.0.2/32, allow 192.168.100.0/24 + 10.0.0.1/32
  • shared bridge: 10.0.100.2/24
  • gre tunnel to 10.0.0.1, bridge to shared bridge

If that works: Monitor the traffic coming through. It might saturate your WAN bandwith with Fire-TV, Apple-TV and printer devices trying to announce they are ready for action from one location to another. So there's a reason why this is not how VPN usually works.

2 Likes

Hey @golialive
thank you for your extensive answer.
In my particular case, I use my parents router as a peer which is a fritzbox without openwrt installed. Ideally, I want to avoid buying additional equipment to use as another peer in my parents network, but as I understand from your answer this is not possible because wireguard only forwards local multicast traffic and the iptv stream is not originating from within my local network. Maybe I can configure the fritzbox so that it works as a kind of proxy or middle-man for iptv streaming?

Regards,
protman