Creating a seperate VLAN for IPTV on AC88U

[Xilv3r]

Hello Everyone,

I have been reading on and off on this forum and been trying various things and had a little luck on gettings things done. I am still learning this whole VLAN proces.

The goal:
Want to use the AC88U as main router and not use the one supplied by the ISP with this setup:
NTU -> AC88U - -> VLANx1 -> Internet (required VLAN 34 from ISP)
\ -> VLANx2 -> IPTV (SparqL) (required VLAN 4 from the ISP, additional static route needs to be supplied and igmp proxy/snooping needs to be setup for this VLAN)

Want the IPTV traffic seperated from home network traffic so all those multicast streams are in their own LAN. Prefer to use 2 dedicated ports for IPTV and the remaining 6 ports for regular networking.

What is done so far:
So far I have managed a routed IPTV setup to work (not 100%) but to get this to work I had to downgrade to a lower firmware 380.57 (it did not work on 380.66-6, 100% CPU 2 usage when set up, I think it has something to do with the disabled multicast snooping on the LAN bridge with the latest firmware but I am not sure)

To get this to work I (I followed a tutorial for a routed configuration) have enabled the Jffs partions and placed:
1 igmpproxy.conf in the configs directory

quickleave

phyint vlan4 upstream  ratelimit 0  threshold 1
        altnet 0.0.0.0/0
phyint br0 downstream  ratelimit 0  threshold 1

phyint lo disabled
phyint eth0 disabled
phyint eth1 disabled
phyint eth2 disabled
phyint vlan1 disabled
phyint vlan34 disabled
phyint wl0.1 disabled
phyint wl0.2 disabled
phyint tap21 disabled

1 wan-start in the scripts directory (route is not the default busybox route but via optware installed net-tools route)

#!/bin/sh

#iptv settings
/usr/sbin/robocfg vlan 4 ports "4t 8t"

# Add VLAN4 as a physical interface
/sbin/vconfig add eth0 4

# set vlan priority
vconfig set_egress_map  vlan4 5 5
vconfig set_ingress_map vlan4 5 5

# set static mac
ifconfig vlan4 hw ether XX:XX:XX:XX:XX:XX

#set interface up
ifconfig vlan4 multicast up

# Request an IP-address and setup static routes
udhcpc -i vlan4 -O msstaticroutes -O staticroutes -s /jffs/scripts/vlan4.script -p var/run/vlan4.pid -b -O33 -O249

#set return check vlan4 off
echo 0 > /proc/sys/net/ipv4/conf/vlan4/rp_filter

#static route to media portal
/opt/sbin/route add -net 185.6.48.0/26 gw 10.10.56.1

1 firewall-start in the scripts directory

#!/bin/sh

#Enable NAT for vlan4
iptables -t nat -A POSTROUTING -o vlan4 -j MASQUERADE

1 services-start in the scripts directory

#!/bin/sh

# Restart IGMP proxy
sleep 60
/usr/bin/killall igmpproxy
sleep 1
/usr/sbin/igmpproxy /jffs/configs/igmpproxy.conf

1 vlan4-script (triggerd by wan.start) in the scripts directory

#!/bin/sh

[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1

[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"

set_classless_routes() {
   local max=10
   local type
   while [ -n "$1" -a -n "$2" -a $max -gt 0 ]; do
    [ ${1##*/} -eq 32 ] && type=host || type=net
    echo "udhcpc: adding route for $type $1 via $2"
    /sbin/route add -$type "$1" gw "$2" dev "$interface"
    max=$(($max-1))
    shift 2
    done
    }

case "$1" in
      deconfig)
      /sbin/ifconfig $interface 0.0.0.0
      ;;

      leasefail|nak)
      echo "Failed to obtain lease..."
      ;;

      renew|bound)
      /sbin/ifconfig $interface $ip $BROADCAST $NETMASK
      [ -n "$staticroutes" ] && set_classless_routes $staticroutes
      [ -n "$msstaticroutes" ] && set_classless_routes $msstaticroutes
      ;;
esac
                                                                              
exit 0

All scripts in the scripts directory are made executable. This works semi OK, internet works fine but after watching around 15 min of TV, the screen freezes..switching the channel and back again makes everything work again...(This doesn't happen with the router from the ISP).
This setup makes it so that all lan ports can be used to connect IPTV but also makes those multicast streams go through the entire network (until the igmp snooping kicks in)

So I though of having 2 ports dedicated for IPTV and the remaing for Internet. So I went back to factory settings...cleared JFFS partition and wanted to start over using this script for inspiration:

#vlan10 only for sparql box
#strip port 1 from vlan1
/usr/sbin/robocfg vlan 1 ports "2 3 4 8t"
#create vlan10 and put port 1 in
/usr/sbin/robocfg vlan 10 ports "1 8t"
/sbin/vconfig add eth0 10
#bring up vlan10 interface
ifconfig vlan10 multicast up
#create br1 bridge and add vlan10
/usr/sbin/brctl addbr br1
/usr/sbin/brctl addif br1 vlan10
#set ip address on br1 interface
ifconfig br1 192.168.3.1 netmask 255.255.255.0
ifconfig br1 multicast up
#iptables to allow traffic to br1 and not to br0
/usr/sbin/iptables -I FORWARD -i br1 -j ACCEPT
/usr/sbin/iptables -I INPUT -i br1 -j ACCEPT
/usr/sbin/ebtables -t broute -I BROUTING -p ipv4 -i br1 -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p ipv6 -i br1 -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p arp -i br1 -j DROP
/usr/sbin/iptables -I FORWARD -i br1 -j ACCEPT
/usr/sbin/iptables -I INPUT -i br1 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i br1 -d 192.168.36.1/24 -j DROP
/usr/sbin/iptables -I INPUT -i br1 -d 192.168.36.1/24 -j DROP

But for some reason I am unable to do:

#strip LAN/Port 3 and 4 from vlan1
/usr/sbin/robocfg vlan 1 ports "2 3 5 7 8t" (0 is port 4 and 1 is port 3)

When using this command manually, the CLI just freezes and nothing happens...eventually the connection is lost and I have to restart the router....don't know what's wrong.
Could anyone assist me to get this work, help is really much appriciated!
Thanks in advance


Xil

 

[Xilv3r]

Hallo again,

Well after some fiddling I managed to get most of the goal working with Asuswrt Merlin 380.65.
The only thing that is still a problem is that after the TV has been on for a random amount of time the screen freezes (if you change channel the TV works again). This leads me to believe there is something with the Igmpproxy configuration if anyone could help with that, much appriciated.

I will share what I managed to get working: (my ISP is Tweak from the Netherlands)
First I installed the Firmware 380.65 (been having issues with the 380.66 version) for Router RT-AC88U
Then did a factory reset and setup up the basic configuration (Wifi, account etc etc)
(An additional step that is needed is to install Optware, you'll need a USB stick for this)
Once Otpware is installed, you install net-tools "ipkg install net-tools" (via SSH)

In the router GUI go to LAN ->IPTV
and set the following:
ISP Profile: manual
Internet: VID 34 Priority 0
(LAN Port 3 and 4 unchanged)
DHCP use routes: disabled
Disabled IGMP Proxy and Snooping
UDP Proxy: 0


Then I enabled SSH and custom user scripts (JFFS partition)
I then made some changes to the scripts I was using:
igmpproxy.conf

quickleave

phyint vlan4 upstream  ratelimit 0  threshold 1
        altnet 0.0.0.0/0
phyint br1 downstream  ratelimit 0  threshold 1

phyint lo disabled
phyint br0 disabled
phyint eth0 disabled
phyint eth1 disabled
phyint eth2 disabled
phyint vlan1 disabled
phyint vlan34 disabled
phyint wl0.1 disabled
phyint wl0.2 disabled
phyint tap21 disabled

dnsmasq.conf.add

interface=br1
dhcp-range=br1,192.168.3.2,192.168.3.250,255.255.255.0,86400s
dhcp-option=br1,3,192.168.3.1
dhcp-option=br1,6,192.168.3.1

services-start

#!/bin/sh

# Restart IGMP proxy
sleep 60
/usr/bin/killall igmpproxy
sleep 1
/usr/sbin/igmpproxy /jffs/configs/igmpproxy.conf

vlan4.script

#!/bin/sh

[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1

[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"

set_classless_routes() {
   local max=10
   local type
   while [ -n "$1" -a -n "$2" -a $max -gt 0 ]; do
    [ ${1##*/} -eq 32 ] && type=host || type=net
    echo "udhcpc: adding route for $type $1 via $2"
    /sbin/route add -$type "$1" gw "$2" dev "$interface"
    max=$(($max-1))
    shift 2
    done
    }

case "$1" in
      deconfig)
      /sbin/ifconfig $interface 0.0.0.0
      ;;

      leasefail|nak)
      echo "Failed to obtain lease..."
      ;;

      renew|bound)
      /sbin/ifconfig $interface $ip $BROADCAST $NETMASK
      [ -n "$staticroutes" ] && set_classless_routes $staticroutes
      [ -n "$msstaticroutes" ] && set_classless_routes $msstaticroutes
      ;;
esac
                                                                                
exit 0

firewall-start

#!/bin/sh

#Enable NAT for vlan4
iptables -t nat -A POSTROUTING -o vlan4 -j MASQUERADE

#iptables to allow traffic to br1 and not to br0
/usr/sbin/iptables -I FORWARD -i br1 -j ACCEPT
/usr/sbin/iptables -I INPUT -i br1 -j ACCEPT
/usr/sbin/ebtables -t broute -I BROUTING -p ipv4 -i br1 -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p ipv6 -i br1 -j DROP
/usr/sbin/ebtables -t broute -I BROUTING -p arp -i br1 -j DROP
/usr/sbin/iptables -I FORWARD -i br1 -j ACCEPT
/usr/sbin/iptables -I INPUT -i br1 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i br1 -d 192.168.0.1/24 -j DROP
/usr/sbin/iptables -I INPUT -i br1 -d 192.168.0.1/24 -j DROP

wan-start

#!/bin/sh

#vlan10 only for sparql box
#strip port 3 and 4 from vlan 1
/usr/sbin/robocfg vlan 1 ports "2 3 5 7 8t"

#create vlan 4 and put port 3 and 4 in vlan 10
/usr/sbin/robocfg vlan 4 ports "4t 8t"
/sbin/vconfig add eth0 4

/usr/sbin/robocfg vlan 10 ports "0 1 8t"
/sbin/vconfig add eth0 10

#bring up vlan 4 and vlan 10 interface
ifconfig vlan4 multicast up
ifconfig vlan10 multicast up

# Request an IP-address and setup static routes
udhcpc -i vlan4 -O msstaticroutes -O staticroutes -s /jffs/scripts/vlan4.script -p var/run/vlan4.pid -b -O33 -O249

#set return check vlan 4 off
echo 0 > /proc/sys/net/ipv4/conf/vlan4/rp_filter

#static route to media portal
/opt/sbin/route add -net 185.6.48.0/26 gw 10.10.56.1

#create br1 bridge and add vlan 10
/usr/sbin/brctl addbr br1
/usr/sbin/brctl addif br1 vlan10

#set ip address on br1 interface
ifconfig br1 192.168.3.1 netmask 255.255.255.0
ifconfig br1 multicast up

Placed the above files in the jffs partition on the router via ssh
(dnsmasq.conf.add and igmpproxy.conf in /jffs/configs/ )
(services-start, vlan4.script, firewall-start and wan-start in /jffs/scripts, also do chmod +x to make all files executable)

Upon reboot:
The STB's got an IP within the br1 Range (connected to port 3 and 4 on the router) and all the other devices got an IP within the br0 Range connected to the other ports and wifi.
Internet is working.
And TV is semi working, just that after a random amount of time...the screen freezes...and changing the channel make it work again and then after an X amount of time the screen freezes again, and this proces repeats itself constantly. I am guessing it has something todo with the Igmproxy settings. I tried enabling them via the GUI but that didn't help. Tried to call /usr/sbin/snooper -s br1 directly but that didn't solve the problem eihter so I am now clueless as what to do next. Anyone with any insight?

Thanks in advance


Xil

 

[Denna]

@Xilv3r

Did you come up with a solution for the freezing issue ?​

 

[Xilv3r]

@Xilv3r

Did you come up with a solution for the freezing issue ?​

Hey Denna,

I think the freezing issue has something to do with the IGMP Proxy not being able to handle the streams on the router. I am not really @home regarding networking so I am not quite sure.
The way I solved it now is to use the ISP router for TV (since the IGMP Proxy works on that router) while the AC88U does the remaining traffic.
The connection schema is:

Modem -> AC88U -> (Vlan1) Internet
\-> (Vlan2) ISP router -> STB's

I would stil prefer to get rid of the ISP router entirely but haven't had any luck stopping the freezes.
Regards,


Xil

 

[tjhastings91]

@Xilv3r Looks like someone had the same problem here ... https://www.snbforums.com/threads/help-with-iptables-iptv-routing.27782/

 

[Xilv3r]

@Xilv3r Looks like someone had the same problem here ... https://www.snbforums.com/threads/help-with-iptables-iptv-routing.27782/

@tjhastings91

Yeah I saw that post and it is for the most part similar in getting your connection to work for IPTV (with a Dutch provider) however in this tread I wanted to seperate IPTV traffic with my normal LAN traffic so the multicast streams are on their own VLAN. So far only managed to get the seperate VLAN, getting the TV to work with the Asus router only hasn't been much of a succes.