Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
New Member
Posts: 11
Registered: ‎03-22-2019

Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Hi... Short intro to what I'm trying to set up:
Parents got an HDHomeRun TV tuner, that can stream encoded signals over TCP. I would like to use it at my place.
So bought two USG's and set them up like this:
Parents: WAN IP (static): 95.154.XXX.YYY - USG GW: 192.168.10.1 HDHomeRun: 192.168.10.10 (one more subnet for WiFi: 192.168.11.0/24)
My Home: WAN IP (static): 178.155.XXX.YYY - USG GW: 192.168.1.0 subnet 192.168.1.0/24
Controller with both sites is at my place 192.168.1.12 and working fine (used set-inform)
Created a Site-to-Site VTI VPN between the sites, working fine too.


Now I can use the HDHomeRun in VLC player using IP and port, but apps are not seeing the tuner. My guess is that broadcast/discovery are not going across the VPN.

So I thought if NAT and/or routing could be set up to connect it to my local network. Found some threads here and tried this

{
        "service": {
                "nat": {
                        "rule": {
                                "1": {
                                        "description": "EXT-HDHomeRun",
                                        "destination": {
                                                "address": "192.168.10.10"
                                        },
                                        "inbound-interface": "eth0",
                                        "inside-address": {
                                                "address": "192.168.0.200"
                                        },
                                        "log": "disable",
                                        "protocol": "all",
                                        "type": "destination"
                                },
                                "5000": {
                                        "description": "LAN-HDHomeRun",
                                        "log": "disable",
                                        "outbound-interface": "eth0",
                                        "outside-address": {
                                                "address": "192.168.10.10"
                                        },
                                        "protocol": "all",
                                        "source": {
                                                "address": "192.168.0.200"
                                        },
                                        "type": "source"
                                }
                        }
                }
        }	
}

 

But no luck, so I chatted with support, that said I should use GRE bridge VPN as descriped here
https://help.ubnt.com/hc/en-us/articles/204961754-EdgeRouter-EoGRE-Layer-2-Tunnel
They said to disable the VTI and follow the instructions, but here I get into more trouble. Trying this in one side:

 

configure
set interfaces bridge br0

set interfaces bridge br0 address 192.168.20.1/24

set interfaces loopback lo address 10.255.12.1/32

set interfaces tunnel tun0 local-ip 10.255.12.1
set interfaces tunnel tun0 remote-ip 10.255.12.2

set interfaces tunnel tun0 encapsulation gre-bridge

set interfaces tunnel tun0 bridge-group bridge br0
set interfaces ethernet eth1 bridge-group bridge br0

set vpn ipsec auto-firewall-nat-exclude enable

set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 pfs enable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1

set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 14
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1

set vpn ipsec site-to-site peer 95.154.XXX.YYY authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 95.154.XXX.YYY authentication pre-shared-secret mykeytoreplace

set vpn ipsec site-to-site peer 95.154.XXX.YYY description ipsec
set vpn ipsec site-to-site peer 95.154.XXX.YYY ike-group FOO0
set vpn ipsec site-to-site peer 95.154.XXX.YYY local-address 192.168.0.200
set vpn ipsec site-to-site peer 95.154.XXX.YYY tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer 95.154.XXX.YYY tunnel 1 local prefix 10.255.12.1/32
set vpn ipsec site-to-site peer 95.154.XXX.YYY tunnel 1 remote prefix 10.255.12.2/32

commit ; save

But get "Error: Can not add interface eth1 with addresses to bridge" after "set interfaces ethernet eth1 bridge-group bridge br0"
So if I remove the already set ip on eth1 (to replace with tunnel) I loose the connection I belive - so didn't dare...

 

admin@ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description
---------    ----------                        ---  -----------
eth0         178.155.140.18/22                 u/u  WAN
eth1         192.168.0.1/24                    u/u  LAN
eth2         -                                 A/D
lo           127.0.0.1/8                       u/u
             ::1/128
admin@ubnt:~$

Can some of you guide me? I believe this is getting too complex and risky. Especially as the first parts went so smooth.

Can I get discovery working without the GRE Bridge (UDP port 65001)?

 

If I need the GRE Bridge, can't I use the VTI VPN, and how do I map the ip to my subnet?

 

Thanks in advance!
/Kim

Member
Posts: 172
Registered: ‎05-23-2016
Kudos: 39
Solutions: 1

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

This is not a unifi issue, it is an hdhomerun issue. Lots of google results of people trying this on a huge number of platforms. Maybe the easiest answer is to set up a Plex server at your location, point it to the hdhomerun as a DVR and use the live mode with clients for web, Android and iOS. Seems like it could also be possible to write a small program to act as a proxy for the hdhomerun, forwarding things back and forth to make it appear as though it were on your network, but you would have to know for sure all the pieces of how they communicate.

New Member
Posts: 11
Registered: ‎03-22-2019

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Thank you @n9yty for replying.

 

I get your point, but not really interested in complicating the setup with Plex or homemade apps.

I'm not saying it is a Unifi problem, just looking for help to solve the issues of having multiple subnets. If it can be done, the better value I get from the USG's.

The one actual issue is the TV Tuner, but in the same way, I would like to access Windows Shares and other devices on the remote subnets, so I'm looking for a general solution,

 

Hope to get some insights from others, as it seems many posts are around multiple LAN's or VLAN's and problems with connectivity.

 

Thanks again!

Member
Posts: 172
Registered: ‎05-23-2016
Kudos: 39
Solutions: 1

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Member
Posts: 172
Registered: ‎05-23-2016
Kudos: 39
Solutions: 1

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

[ Edited ]

Also look on Github...   nadoo / glider.  That looks like a very powerful tool that could come in handy as well.  Once you start looking at UDP proxies and the like there are many options. But it seems like bandwidth could also be an issue, do you have the hdhomerun that transcodes to lower quality for you?

New Member
Posts: 11
Registered: ‎03-22-2019

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Could be if the approach will work on a USG. Will ask over there...

 

Thanks!

New Member
Posts: 11
Registered: ‎03-22-2019

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Mine is the Silicon Dust HDHomeRun EXPAND - which encodes the stream on-the-fly. Bandwidth should not be an issue and I have tested 4 streams using VLC player - no problem.

 

/Kim

Highlighted
New Member
Posts: 11
Registered: ‎03-22-2019

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Update: I have been around a few other threads to accomplish this - not there yet.

 

First I was by https://community.ubnt.com/t5/EdgeRouter/Howto-HDHomerun-discovery-on-different-LAN-segment/m-p/2755... and this actually gave hope for the original problem - thanks @meckhert! socat is actually working for the HDHomeRun apps. but I'm still not sure if it can be installed on the USG's.

 

But that lead to the next problem, My LG TV cannot use the device as DLNA is not getting across. Went by https://community.ubnt.com/t5/UniFi-Routing-Switching/Deutsch-German-DLNA-zwischen-VLANs/m-p/2760680... where @AF360 has been super helpful with igmp-proxy input, but I haven't been successful with that yet, as I need to experiment with the setup in both ends of the tunnel. And as @AF360 then suggest a GRE tunnel, the loop is closing back to here where it started.

 

If any of you bright minds has more input on the GRE-tunnel (I have looked for hours on a detailed explanation/howto) I would appreciate your ideas. Maybe something for Willie Howe to show and tell about https://www.youtube.com/watch?v=cFcsOqCdfg0

 

If not, maybe the Plex solution suggested by @n9yty is my only option left, although not the optimal outcome. And then it really bothers me, that I can't get this working - network newbie or not.

 

/Kim

 

New Member
Posts: 2
Registered: ‎05-27-2016

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

I have solved this problem using an OpenVPN layer 2 bridge using an ER-Lite. Not sure how this is done using a USG thou'.

I created a dedicated VLAN (without a DHCP server), configured to a port on a switch, but I guess you could configure the third port on the USG. The HDHomeRun is then plugged into that port. I then created the OpenVPN interface, in server mode. I then created a bridge with its own DHCP server, and bridged the VLAN and OpenVPN interfaces. The HDHomerun now has an IP address from the bridge DHCP.

For me, the client PC is a Mac, running Tunnelblick in 'tap' mode. The Mac keeps it's original IP address, but gets an extra one from the bridge DHCP server. EyeTV sees the HDHomerun. It can tune to it etc.

Performance may be an issue. The latest firmware on the ER-Lite (v2) doubled the performance of OpenVPN to about 25Mbps. That is good enough for me to use both tuners on the old HDHomerun Dual that we have.

New Member
Posts: 11
Registered: ‎03-22-2019

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

Thank you for sharing @sbrabyn !

 

I think I will try to avoid the OpenVPN complexity, but your setup has given me some ideas.

I believe the ER-Lite and the USG are similar inside, meaning it should work. However I have many potential clients, not just one Mac/PC, meaning I would like all of them to have only one IP. Which type of Bridge did you create?

I don't need any clients to access the HDHomeRun on the "far" network, so if I somehow could just connect that port to the VPN tunnel and have the tuner get an IP from the local LAN?

 

Thank again!

/Kim

New Member
Posts: 2
Registered: ‎05-27-2016

Re: Creating GRE Bridge on USG's to use HDHomeRun TV tuner

I just created a default bridge. There are two problems with the HDHomerun units, first they rely a lot on using broadcast packets, which level 3 VPN's filter out, and secondly, they use a ttl=3 header in their packets, so that the packets can not be easily routed.