OpenVPN - Untangle (1 Viewer)

[xPETEZx]

Hey Guys,

This is going to be another one of my strange Network problem threads.

Basically I have an Untangle Router/Firewall setup with Open VPN. I also have an ASUS AC66 Router with Open VPN and also a Server 2012R2 setup with SSTP VPN.

Now if I take the same Server and the Same client and place them on either side of these 3 setups:

Server --> Untangle -OpenVPN tunnel--> Client - TV FAILS
Server --> ASUS AC66 Router - OpenVPN tunnel --> Client - TV Works
Server --> Server 2012R2 -- SSTP VPN Tunnel --> Client - TV Works

(Please note I have somewhat simplified my network here. But for the purposes of this its easier to describe as above.
Note that full internetwork routing works on all 3 setups. Everything from File sharing / DNS / RDP. Basically nothing but MP is having any trouble in this network. (The range of things I have tested to work go from Video files from a file share / Remote management tools SSH/Server Manager / RDP and many more. Even used Telent to connect to various ports MP uses))


Now the obvious answer is that Untangle is blocking something. And I am sure it is, I just cant figure out what.
When looking in the UT admin pages it has very detailed reports on all traffic going through, and it logs anything it drops / blocks. Nothing is recorded as being dropped or blocked.

I can open Media Portal fine, view the TV guide and see whats on, I can even schedule things to record and also delete existing recordings.
But If I try and watch either live TV or a recording, MP will lock up. Have to end-task it. Sometimes it recovers itself, but only after a long time.
Strangely if I manually start a live TV stream and then open this over VLC, that works fine too. So RTSP over 554 is working.

I cannot seem to work out what the problem could be. I have attached 4 logs. 1 set of MediaPortal + Error for a working connection over the 2012R2 SSTP tunnel and 1 set over the failing Untangle Open VPN tunnel.

 

[mm1352000]

@xPETEZx
As usual, individual log files are fairly useless. They don't give a full picture of what's going on.

If you would like assistance, please:

1. Configure your TV codec settings, which are currently unset.
2. Use the Watchdog tool option 1 or 2 ("report a bug...") to collect full log files for working and non-working scenarios.
3. After step 2, collect all the TV Server log files too:
   1. Open TV Server Configuration.
   2. Click "open log directory" in the top left corner.
   3. Zip all the files in that folder.
   4. Attach the zip file.
4. Provide the full version of your network setup, not the simplified version. Any detail could well be relevant.

P.S. Please always use the Watchdog tool. It makes it much easier to help you.

 

[xPETEZx]

Hi @mm1352000,

Thanks for again looking at my issues.

I have a full set of logs via Watch Dog attached now + the logs from the Server.

I am not sure what you mean about setting the TV Codec? I followed your link, but my codecs are all set to "LAV" and the Audio Render is set to Default Sound Device.

 

[mm1352000]

I am not sure what you mean about setting the TV Codec? I followed your link, but my codecs are all set to "LAV" and the Audio Render is set to Default Sound Device.

Those settings weren't saved/present until you "followed my link". Now they've been saved, and that's exactly what I was wanting you to do.

I have a full set of logs via Watch Dog attached now + the logs from the Server.

Thanks.
...and now the problem details can be seen.

On the client side, the TsReader log shows MP/TsReader is able to send RTSP commands and receive responses (port 554). However the RTP streaming data (random ephemeral ports) is not received:
[collapse]
2016-09-13 08:30:31,401] [1862d3b0] [2da0] - CRTSPClient:lay from 0.000000 / 0.000000
[2016-09-13 08:30:31,401] [1862d3b0] [2da0] - CRTSPClient::startPlayingStreams()
[2016-09-13 08:30:31,401] [1862d3b0] [2da0] - CRTSPClient::clientStartPlayingSession()
[2016-09-13 08:30:31,401] [1862d3b0] [2da0] - CRTSPClient::clientStartPlayingSession() play from 0.000 / 0.828
[2016-09-13 08:30:31,470] [1862d3b0] [2da0] - Started playing session
[2016-09-13 08:30:31,470] [1862d3b0] [2da0] - CRTSPClient:tartBufferThread
[2016-09-13 08:30:31,471] [1862d3b0] [2da0] - CRTSPClient:tartBufferThread done
[2016-09-13 08:30:31,471] [1862d3b0] [2660] - CRTSPClient:: thread started:9824
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - demuxtart() end2 BytesProcessed:0, DTS/PTS count = 0/0
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - memorybuffer: run:0 1
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - memorybuffer: Clear() 0
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - memorybuffer: Clear() done
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - memorybuffer: running:0
[2016-09-13 08:30:41,478] [1862d3b0] [2da0] - close rtsp:rtsp://192.168.5.4:554/stream14.0[/collapse]

I guess somewhere in your network configuration (which you still did not fully describe ) there are tunnels or forwarding rules for certain ports.
I guess you have configured some of the ports required for MP (31456 for .NET remoting control, 554 for RTSP, 3306 for MySQL DB etc.).
I guess you have not configured the RTP streaming data ports.

As I said above, the RTP streaming data ports are random, ephemeral ports. You probably have to create some kind of default forwarding/tunneling rule... or maybe you can just "enable" the whole ephemeral range, I don't know. I can't be more specific because you chose not to fully describe your network config.

 

[xPETEZx]

Thanks mm,


When I try to watch TV if I take a look at Untangle to monitor traffic, I can see the following sessions passing through:

Client port - 58429 ---> Server Port - 6971 - UDP - Not sure? RTP?
Client port - 58981 ---> Server Port - 31456 - TCP - .NET Remote
Client port - 58995 ---> Server Port - 31456 - TCP - .NET Remote
Client port - 58963 ---> Server Port - 31456 - TCP - .NET Remote
Client port - 58964 ---> Server Port - 3306 - TCP - MySQL DB
Client port - 57780 ---> Server Port - 445 - TCP - MS Network Share by sounds of it.

Should I be seeing another set of connections?
I do not see an RTSP on 554 which is odd?

So I may have confused things by mentioning that I had simplified my network in my description.
To clear that up, there is no rules of any kind to block or allow any specific traffic through the VPN.
The VPN tunnel has full LAN access. The only thing that happens is the traffic from VPN is NAT'ed to a LAN IP. (This NAT'ing of traffic is what I meant by simplification)
Now I did turn this off in-case the NAT'ing was creating a problem, but it make no difference. (Everything that works stayed working, and MediaPortal TV stayed broken)
I use a lot of different tools/services and have tested everything I can think of over this VPN, and nothing is being stopped.
I am sure its something UT is doing, but trying to figure out what... Esp. as its not logging anything as being dropped/blocked.

I have been googling to see if UT blocks ephemeral ports by default from passing through it, but cant find anything to suggest that. I would expect if it did a lot of things would not work either.

As always I appreciate your help on this.

 

[mm1352000]

...if I take a look at Untangle to monitor traffic...

I would suggest to monitor on the client itself first using "netstat -an", because you do not know for sure if and/or where the port/connection is being blocked.

The VPN tunnel has full LAN access. The only thing that happens is the traffic from VPN is NAT'ed to a LAN IP. (This NAT'ing of traffic is what I meant by simplification)

Well, the NAT'ing could be the problem. Normally RTSP doesn't pass through NAT without intervention.

 

[xPETEZx]

I had a look using netstat -an on the client, here is what I saw:

Connection to TV server IP on:
31456
3306

But could not see any 554

The strange thing is if I go into streaming server log while MediaPortal is locked up on the client and copy the RTSP streaming URL it has created and open this on the client with VLC, it works fine.
If I then run another netstat -an I then see the 554 stream.
Is that a useful test? Would Media Portal connect using the same URL that VLC can use?

 

[mm1352000]

But could not see any 554

Are you checking while trying to start viewing live TV/radio or a recording?
The RTSP connection will not be there except at that time.

If I then run another netstat -an I then see the 554 stream.

Of course. As above, MP will not create/use an RTSP connection except while live TV/radio or a recording is streaming.

Is that a useful test? Would Media Portal connect using the same URL that VLC can use?

Yes, MP uses the same URL.

 

[xPETEZx]

Yes so my most recent test was to try view a live channel.
Then while Media Portal is locked up on the client, check netstat -an. This is when I did not see a 554 connection.
Then I jumped on the server, could see the TV card is active, pulled the streaming URL out of the streaming log and then opened this on the client in VLC. (While Media Portal is still running / locked up)