Hello tout le monde,
Je suis récemment passé sur une offre "Up" chez Orange (Sosh précédemment), en conservant ma LB4 et son ONT externe. J'ai reçu le décodeur TV UHD.
Aucun soucis sur la config internet, j'ai juste eu un changement d'IP et tout fonctionnait normalement.
J'ai par contre un problème avec la TV, qui me donne des erreurs G03 (Livebox incompatible).
Ma config actuelle est la suivante:
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WANv6 inbound traffic forwarded to LAN"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
}
ipv6-name WANv6_LOCAL {
default-action drop
description "WANv6 inbound traffic to the router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 30 {
action accept
description "Allow ICMPv6"
log disable
protocol icmpv6
}
rule 40 {
action accept
description "Allow DHCPv6"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-name WANv6_OUT {
default-action accept
description "WANv6 outbound traffic"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action reject
description "Reject invalid state"
state {
invalid enable
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
enable-default-log
rule 20 {
action accept
description "Allow established/related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 20 {
action accept
description Web
destination {
group {
address-group ADDRv4_eth2
}
port 80,443
}
log enable
protocol tcp
}
rule 30 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 40 {
action accept
description openvpn
destination {
port 1194
}
log enable
protocol udp
}
rule 60 {
action drop
description "Drop invalid state"
log disable
state {
invalid enable
}
}
}
name WAN_OUT {
default-action accept
description "WAN outbound traffic"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action reject
description "Reject invalid state"
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "eth0 - Livebox"
duplex auto
speed auto
vif 832 {
address 192.168.30.1/24
description "eth0.832 - Internet + VoIP"
}
}
ethernet eth1 {
description "eth1 - ONT"
duplex auto
speed auto
vif 832 {
address dhcp
description "eth1.832 - Internet + VoIP"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox4";"
client-option "send dhcp-client-identifier 01:XXXXXXXXX;"
client-option "request subnet-mask, routers, domain-name-servers, domain-name, broadcast-address, dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, rfc3118-authentication, domain-search, SIP-servers, Vendor-Specific-Information;"
client-option "send rfc3118-authentication 00:YYYYYYYYYYYYYYY"
default-route update
default-route-distance 210
global-option "option rfc3118-authentication code 90 = string;"
global-option "option SIP-servers code 120 = string;"
global-option "option Vendor-Specific-Information code 125 = string;"
name-server no-update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
ipv6-name WANv6_IN
name WAN_IN
}
local {
ipv6-name WANv6_LOCAL
name WAN_LOCAL
}
out {
ipv6-name WANv6_OUT
name WAN_OUT
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 840 {
address 192.168.40.1/24
description "eth1.840 - TV"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth2 {
address 192.168.10.1/24
description "eth2 - LAN"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
preferred-lifetime 14400
valid-lifetime 18000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
vif 840 {
address 192.168.20.1/24
description "eth2.840 - TV"
mtu 1500
}
}
ethernet eth3 {
disable
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
disable
mode server
openvpn-option "--verb 7"
server {
name-server 192.168.10.1
push-route 192.168.10.0/24
subnet 172.16.1.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/server.pem
dh-file /config/auth/dh.pem
key-file /config/auth/server.key
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth2
rule 1 {
description HTTPS
forward-to {
address 192.168.10.11
}
original-port 443
protocol tcp
}
rule 2 {
description HTTP
forward-to {
address 192.168.10.11
}
original-port 80
protocol tcp
}
rule 3 {
description SSH
forward-to {
address 192.168.10.11
}
original-port 22
protocol tcp
}
wan-interface eth1.832
}
protocols {
igmp-proxy {
interface eth1.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth2.840 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
global-parameters "option Vendor-specific code 125 = string;"
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name local
lease 86400
start 192.168.10.3 {
stop 192.168.10.254
}
}
}
shared-network-name Livebox {
authoritative enable
subnet 192.168.30.0/24 {
default-router 192.168.30.1
dns-server 80.10.246.134
dns-server 81.253.149.5
domain-name orange.fr
lease 86400
start 192.168.30.30 {
stop 192.168.30.50
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30;"
subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
subnet-parameters "option Vendor-specific 00:00:05:58:0c:01:0a:00:00:00:00:00:ff:ff:ff:ff:ff;"
}
}
shared-network-name TV {
authoritative disable
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 80.10.246.134
dns-server 81.253.149.5
lease 86400
start 192.168.20.30 {
stop 192.168.20.50
}
subnet-parameters "option Vendor-specific 00:00:0d:e9:ZZZZZZZZZZZZZZZZZZZ;"
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 200
listen-on eth2
name-server 1.1.1.1
name-server 1.0.0.1
name-server 8.8.8.8
name-server 8.8.4.4
}
}
gui {
http-port 95
https-port 96
older-ciphers enable
}
nat {
rule 5010 {
log disable
outbound-interface eth1.832
protocol all
type masquerade
}
}
ssh {
allow-root
port 97
protocol-version v2
}
unms {
disable
}
upnp2 {
listen-on eth0.832
listen-on eth2
nat-pmp enable
secure-mode enable
wan eth1.832
}
}
system {
analytics-handler {
send-analytics-report false
}
config-management {
commit-revisions 50
}
crash-handler {
send-crash-report false
}
domain-name local
host-name EdgeRouter
login {
user ubnt {
authentication {
encrypted-password XXXXXXXXX
plaintext-password ""
}
full-name ""
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
package {
repository stretch {
components "main contrib non-free"
distribution stretch
password ""
url http://http.us.debian.org/debian
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
task-scheduler {
task watchdog {
executable {
path /config/scripts/watchdog.sh
}
interval 2m
}
}
time-zone Europe/Paris
traffic-analysis {
dpi enable
export enable
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v2.0.9-hotfix.2.5402463.210511.1317 */
J'ai testé en branchant directement le décodeur UHD sur eth2, sans succès. En branchant le décodeur derrière la box (qui est elle même sur eth0), la VOD fonctionne, mais les chaînes TV retournent le code L11-06 (et j'ai pas de soucis pour accéder à internet via le wifi de la livebox quand elle est sur eth0, sur le dashboard de la box j'ai d'ailleurs tout en "Disponible" sauf la TV en "Indisponible").
Les chaînes XXXX/YYYY sont normalement ok, vu que je n'ai pas de soucis avec internet.
Pour la chaîne ZZZZZ, je l'ai reprise des différents posts du forum en adaptant le numéro de série/les 3 premiers octets du MAC de la Livebox.
J'ai à peu près tout essayé, sans succès malheureusement. Je cherche une solution "temporaire", l'idée c'est de passer sur un autre routeur en 10Gb/s par la suite via le tuto sur le Mikrotik pour espérer atteindre les 2Gb/s! Si quelqu'un a une idée, je suis preneur
Merci
Remplacer la LiveBox par un routeur