Community discussions

MikroTik App
 
Chouby
newbie
Topic Author
Posts: 29
Joined: Fri Apr 07, 2017 3:49 am

VPN special usage

Thu May 06, 2021 4:08 am

Hi!
I already have a device who download and upload through the l2tp vpn I set between two routerOS..

My needs is download through native connection and upload through VPN only. Can I do that? How?

My vpn is already up and running.

Thanks!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN special usage

Sun May 09, 2021 10:14 am

You'll have to elaborate on what you mean by download and upload, as it can be understood in multiple ways:
  • from the perspective of a single packet, where "download" means that a packet goes from router A to router B and "upload" means a packet goes from router B to router A
  • from the perspective of session establishment, where "download" means sessions where a device connected to router A acts as a client and initiates the session towards a device connected to router B acting as a server, and "upload" is where the roles of these devices are swapped
  • from the perspective of the actual payload, where "download" means that the payload is sent from a device connected to router B to a device connected to router A and "upload" means the opposite direction, no matter which device has initiated the session
For case 1., it is a matter of bare routing; for case 2., you need to engage connection tracking, and case 3. cannot be reliably implemented because you don't know in advance what the payload direction will be in a session.
 
Chouby
newbie
Topic Author
Posts: 29
Joined: Fri Apr 07, 2017 3:49 am

Re: VPN special usage

Sun Jun 13, 2021 6:29 pm

Ok.. I'll try to do my best to explain.

I have a iptv terminal who just work on subscriber (me on other street address) public IP.

When I go to my secondary house, I don't have possibilities to subscribe to the same ISP so the public IP is bot the one who work with my tv terminal so I did a VPN between my house and my chalet and it work like a charm but the stream is always in vpn. I realized one day that the vpn was down but tv still go on without vpn but as soon I press guide or something else, the terminal should verify the public ip and block the service as long as the vpn is down.. As soon the vpn come back, the guide work, all work.. I choose a channel, let it go for 20-25 secs then I unplug the vpn and the streaming keep going on with the "bad" IP..

I have some difficulty to explain.. english is not my primary language sorry

Thanks!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN special usage

Sun Jun 13, 2021 7:12 pm

The way you describe it, it seems as if the IPTV provider doesn't care from which IP address the client establishes the session for streaming the content and only checks the IP address for the control session used to display the guide, switch channels etc.

What is the motivation to let the content stream bypass the VPN? Save the bandwidth on your home connection?

And second, in the current state, either the session for content streaming must get re-established silently once you switch off the VPN, or it must be establishing from the actual IP address of the chalet from the very beginning.

The solution is to use a dedicated routing table, or maybe a dedicated route in the main routing table is enough, for the control session. What exactly needs to be done depends on how easily the control session can be distinguished from the content streaming session. If each of the two connects to a different remote IP (which is not unlikely), it is enough to set routes to the IP addresses of the control servers via the VPN tunnel in the main routing table. But if the IP addresses of the control servers are changing and/or the same server IP addresses may be used for both sessions, you need firewall mangle rules matching on protocol and port to force a dedicated routing table for the control session.

And if you don't mind that the content streaming goes via the VPN and only want the TV to use the VPN whereas other devices in the challet LAN should go directly to internet, you can use just routing rules to choose the proper routing table.

To find out exactly, you'll need to sniff the traffic of the TV and use Wireshark to analyse it.

What's your native language if you can reveal that?
 
Chouby
newbie
Topic Author
Posts: 29
Joined: Fri Apr 07, 2017 3:49 am

Re: VPN special usage

Thu Jun 17, 2021 6:23 am

My native language is french. I'm french Canadian 😉

Yes, the main reason why I want to.do.this way is to save some bandwidth of home connection.
I already do some routing to only let the iptv go through the vpn. But what I suspect is the control packet (auth packets) use the same IP as the streaming 😔 I'll try to do my best to snif it with wireshark. I'll try to isolate some packet. How can I do that on my laptop? I need to enable packet sniffer on router or something?

Thanks for your time! Appreciate!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: VPN special usage

Thu Jun 17, 2021 3:15 pm

The traffic of the TV doesn't pass through the laptop, so set the /tool sniffer on the router in such a way that it streams the traffic matching the capture filter to the IP address of the laptop (which should be connected using an Ethernet cable, not wirelessly): /tool sniffer set streaming-enabled=yes streaming-server=ip.of.the.laptop. On the laptop, start sniffing in Wireshark with the capture filter set to udp port 37008; then, run (/tool sniffer quick ip-address=ip.of.the.tv interface=where-the-tv-is-connected), and ideally boot the TV from poweroff to see the whole process right from the start.

Who is online

Users browsing this forum: Bing [Bot], nickvacula, sergejs and 94 guests