Fixed small typo
|8 months ago|
|README.md||1 year ago|
|config.gateway.json||9 months ago|
|update_iptv_route.sh||9 months ago|
At home I have KPN as provider for Internet, IPTV and Voip services. The services are provided through fiber (FTTH). I recently tossed and sold all disperse hardware and bought Ubiquiti gear to upgrade, speedup and simplify my home network. This guide provides the information and guidance needed to configure the Ubiquiti Unifi Security Gateway (https://www.ubnt.com/unifi-routing/usg/) to support both Internet and IPTV.
There are a lot of useful posts out there, this one is a composition of those articles and seems to work. See “Background reading / alternative sources”.
fiber | +----------+ | FTTH NTU | +----------+ | vlan4 - iptv vlan6 - internet vlan7 - voip (not used in this setup) | +-----+ | USG | - Ubiquity Unifi Security Gateway +-----+ | lan | +--------+ | Switch | - Ubiquity Unify Managed Switch +--------+ | | | | | +-----------------------------+ | | | | +-----------------+ | | | | +--------------+ +---------+ +-----+ | IPTV Decoder | | Wifi AP | | NAS | +--------------+ +---------+ +-----+ - KPN IPTV - Synology diskstation - Netflix - Docker - Unifi controller
VLAN, enter the value
@internet. The format should look like:
All done, you should now have Internet in your LAN.
The USG runs linux (EdgeOS version) as it's OS. The advanced settings need you to use the extension hooks Ubiquity build into the USG. See https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-with-config-gateway-json for more information.
At the time of writing the article is not 100% correct, the configuration in the custom configuration file is merged with the system configuration in the way that non-existent settings are added and existing items are overwritten by the settings in the file. Take good care not to mix and overwrite critical security settings with the config file. For this reason the config file provided in this repo is a minimum set of settings, all other settings are preserved (and hence future changes in upgrades as well).
config.gateway.jsoninto a specific folder of the Unifi Controller filesystem and then force the provisioning from the controller to the USG.
Let's get started.
config.gateway.json from the repo and change the following:
xx-xx-xx-xx-xx-xxwith the real MAC address of the USG (see Setup basic Internet, step 2).
192.168.100.1/24) but they can be any range as long as they do not overlap public IP spaces (duh) and the IPTV ranges KPN uses.
In order for the file to by applied to the USG you need to upload it to the Unifi Controller from there you can provision it to the USG.
There are several ways to publish the file to the Unifi controller.
In case the Controller has an SSH deamon running. Connect with
cd /usr/lib/unifi/data/sites/default and
In (my) case the Controller is running in a Docker container (without SSH deamon) with a volume mapping. Connect with SFTP to the docker host and
The location of the file should be
default is the name / identifier of the site in which the USG is located. For finding the correct location see: https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-with-config-gateway-json.
After completing these steps continue provision the configuration to the USG.
The USG status changes to
provisioning and after a few minutes the status should return back to
In case the USG remains in the status
provisioning please consult the section “Troubleshooting” below.
The routed IP network sometimes changes, therefore the next-hop settings for routing should periodically change
update_iptv_route.shfrom the repo
SFTPinto the USG
SSHinto the USG
mv update_iptv_route.sh /config/scripts/post-config.d/
chmod +x /config/scripts/post-config.d/update_iptv_route.sh
Wait for it.... you're done. The Internet and IPTV should be working. Test you're IPTV by rebooting the decoders and see if they come back online. If not... read below.
In case the USG or IPTV doesn't work, please consult the section “Troubleshooting” below.
This section describes some of the most commmon issues and (possible) solutions. If these tips don't help you, read the articles mentioned below. Further sources of wisdom include the UBNT, Tweakers.net and KPN fora.
In case your USG status remains
provisioning for more then ten minutes consider there is an error in the configuration file.
To troubleshoot look at these logfiles:
Log into the webinterface of the Unifi Controller and check the events and logs.
SSH to the USG directly (login using the controller admin username and password) and read the log files.
SSH to the Unifi Controller directly and read log files indicating any errors in the provisioning.
In case IPTV is not working there is a plethora of possible root causes. Below are some of the ones I ran into and the solutions I've found.
Determining cause and solutions:
Check the IPTV routing
SSH into the USG and issue the command:
show dhcp client leases
1.2 Compare the resulting router and subnet with the settings in the
1.3 Adjust the settings in the files to match these returned by the IPTV network of KPN (see the appropriate steps above).
Check the IGMP Proxy
2.1 SSH into the USG and issue the command:
show protocols igmp-proxy interface and check that the returned values match the settings expressed in the
config.gateway.json (on the Unifi Controller filesystem).
2.3 Issue the command:
show ip multicast interfaces and check the output.
2.4 Issue the command:
show ip multicast mfc and check the output.
2.5 Issue the command:
ps aux | grep igmp to see if the IGMP proxy is running. If not run:
/opt/vyatta/sbin/config-igmpproxy.pl --action=restart to start the proxy.
Reprovision the configuration
Force a reprovisioning of the configuration from the Unifi controller.
Restart the USG
Poor solution, but sometimes helps. After restart retry steps 1 to 3 otherwise, step 5.
Use your favorite search engine and the links below to read up about possible symptoms, causes and solutions.
Possible networking issues:
Determining cause and solutions:
Check utilization of the network, switch, AP's and USG in the Unifi Controller. Try to determine where issues are located (is it your uplink, is it the local network, etc.).
Check if IGMP Snooping is supported by your switch (and all other switches in between the NTU and the IPTV decoders)
Make sure you're switch is IGMP snooping compatible. I chose to use switches from Ubiquity to allow me to manage the entire network using the Unifi Controller.