On Wed, May 18, 2011 at 13:37, Evgeny Yurchenko <e...@tm-k.com> wrote: > On 11-05-17 01:38 PM, Kurt Buff wrote: >> >> On Tue, May 17, 2011 at 10:18,<e...@tm-k.com> wrote: >>>> >>>> All, >>>> >>>> We have a subnet with a public IP address fronted by a pfsense >>>> (1.2.3R) box with routing and OpenVPN enabled and configured. We're >>>> testing this with a product that uses multicast - the server is in the >>>> network protected by the pfsense box, and there will be one or more >>>> clients connecting to it from the field.. While most network >>>> functionality is present, the multicast traffic is not being seen on >>>> the client. >>>> >>>> Does pfsense/OpenVPN support multicast in this kind of arrangement? >>>> >>>> We've added in the IGMPProxy package, which so far doesn't seem to be >>>> doing anything for us, though we may not have configured that >>>> correctly. >>>> >>>> Thanks, >>>> >>>> Kurt >>>> >>> I do not think igmpproxy will be in any use here. >>> Try routing multicast IPs/subnet over the tunnel explicitly. >>> Evgeny. >> >> I'm a complete newb at multicast stuff - never used it before. Since >> this traffic will be completely contained over the OpenVPN link, >> should I be using (per this link: >> http://www.tcpipguide.com/free/t_IPMulticastAddressing.htm) addresses >> from the administratively (or locally) scoped range? >> >> Also, what might a route statement look like for multicast - different >> than normal unicast routing, or pretty much the same? >> >> Thanks, >> >> Kurt >> > Don't try to route all multicast addresses (like 224.0.0.0/4) find out what > IP address(es) your application is using and try to route only this > one(these ones). Do not forget to allow it in Rules. > Route statement will look exactly like for 'normal' unicast. > Remember: I never tried that, just do not see why it will not work -))) I > guess it is worth to try. > Evgeny.
After a buncha research, I found that this is a known issue, with a hackish workaround. You have to enable tap, vs. tun, and the directions are here: http://doc.pfsense.org/index.php/OpenVPN_Bridging - I found it in pfSense, The Definitive Guide. I haven't tried it yet, so we'll see how it goes. If that doesn't work, I will probably try the tun/routing approach again. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
