OpenWrt Forum Archive

Topic: Multicast into VPN

The content of this topic has been archived on 5 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
worko
9 Jan 2017, 22:26

Hi all. I am new here. I successfully installed an openWRT router (out of a Linksys EA4500). Now I am able to:
1. Browse internet
2. Open multicast streams sourced by ISP (232.x.y.z) on the Home PC
3. Establish a VPN connection over OpenVPN to this router from a different ISP (openvpn over TUN) and connect to local resources.

The last thing I want to establish is watching multicast streams over OpenVPN. In other words I want to create an openVPN connection to the openwrt router and connect to the multicast addresses which do work from the Home PC. I am not able to despite creating:

config rule                   
        option name 'Multicast2VPN'
        option src 'wan'       
        option proto 'udp'     
        option dest 'vpn'      
        option dest_ip '224.0.0.0/4'
        option target 'ACCEPT'      
        option family 'ipv4'

and

config interface 'vpn0'
        option ifname 'tun0'
        option proto 'none'
        option auto '1'
        option igmp_snooping '1'

and lastly

config openvpn 'myvpn'
        option enabled '1'
        option verb '3'
        option port '1194'
        option proto 'udp'
        option dev 'tun'
        option server '10.8.0.0 255.255.255.0'
        option keepalive '10 120'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/my-server.crt'
        option key '/etc/openvpn/my-server.key'
        option dh '/etc/openvpn/dh2048.pem'
        list push 'redirect-gateway def1'

The topology is very easy: I am not able to add images here sad

Any suggestions what should be added to my cnfiguration? Thanx !!!

Post #2
mirridius
9 Mar 2017, 09:40

The same issue. If you ever discover the solution, please, share.

Post #3
jolouis
9 Mar 2017, 14:30

Try using the VPN in bridge mode (TAP) instead of routed mode (TUN). Can't guarantee it will do what you want, but for reference we do this on a few customer sites and actually ran into an issue where somebody at the main location accidentally started a multicast broadcast and it flooded the Internet link since OpenWRT was forwarding the traffic out to the VPN clients...

Not sure if it's the best approach but pretty sure it will work for you...

The discussion might have continued from here.