Categories
IT Sys Admin Networking Ubiquiti

TELUS Optik IPTV on Ubiquiti UniFi

Taking back the consumer LAN one step at a time…

As many have been, I’ve been tearing my hair out trying to get around using TELUS‘ blasted Actiontec router. Sure, I could have just bridged it but that’s just one more hop before it hits my network. I recently had PureFibre Gigabit installed (albeit the installer left a little too much of the fibre exposed which I’m nervous around) which runs from the pole in the back alley, over my back yard, and down into my basement. Note, this house was built in 1921 and has quite the history (being one of the first houses in my city to have have a POTS line being the fire chief at the time built the home) and I’m quite sure no one was thinking about CAT6 let alone fibre back then!

TELUS installed a Nokia branded ONT (of which I’m unsure the model as it’s screwed to the wall and I’m lazy) and left me with a Actiontec T3200M router. As soon as the installer left I threw a TP-Link PoE Gigabit switch I had laying around between the ONT and the Actiontec and ran CAT6 through the floor up into my den to my Unifi Security Gateway (USG). TELUS has no problem leasing a second IPv4 address. I could have left it this way however I prefer if I can to have things done in a centralized way (as far away from the ISP’s bloatware as possible).

Until today. After some research I’d left myself running in circles as to the right way to go about this (knowing that multicast is fidgety) and plugged the repurposed that same switch and plugged it into the WAN 2/LAN 2 port on the USG. From there I plugged both the 4K PVR receiver and 4K WiFi receiver into the switch and started cracking this nut.

Note: since writing this article, I’ve since moved the STBs to the USG port LAN 1. This is due to problems with Optik on the Go. I’ve connected the STBs to a port on one of my Unifi Switch 8 60W switches and set the port accordingly in the Unifi SDN. Please watch for more writer’s notes as we go along. There’s also two Addendums located at the bottom of the article.

Starting with IPv6

First, because I’d prefer to be future forward, configure your WAN interface for IPv6. TELUS uses DHCPv6 with a Prefix Delegation Size of 56. Configure this in Settings > Networks.

IPTV Configuration

Network

Once you’ve got that physical connection out of the way and part of the IPv6 configuration taken care of (more on that later), head on into the Unifi SDR UI into Settings > Network and create a new network. I named mine “IPTV” and configured it as below:

It’s a good idea to segregate this traffic from the rest of your network by using the WAN 2/LAN 2 port for a number of reasons, firstly it’s not your own equipment – if it were somehow compromised I’d rather it be at an arm’s length. Most importantly – the IGMP proxy we’ll be configuring has a tendency to flood your network if it’s not just right. Having it on a separate interface prevents this.

DHCPv6 & IGMP Proxy

From here, you’ll see some activity light up that port and you’ll notice your TV start playing and then freeze about 15 seconds later. This is because of the way TELUS Optik IPTV works. TELUS licenses the use of Ericsson Mediaroom (formerly Microsoft Mediaroom prior to 2013) to deliver their service. You may remember the product as WebTV or MSN TV way back in the early 2000’s. When you initially tune to a channel the provider pushes a unicast connection to your receiver while your receiver joins the multicast stream (via IGMP) and starts listening. This takes less than 15 seconds and the transition is seamless. This means your provider can stream one connection to the multicast address and from there the network takes over. It’s impressive tech really.

You’re going to want to connect to your Unifi Controller, in this case my Unifi Cloud Key G2+. If you haven’t done this before I’d suggest having a look at this article in Ubiquiti’s Knowledge Base.

Once logged into your controller, go ahead and enter the following commands:

cd /srv/unifi/data/sites/default
apt update
apt install nano -y

This will change your directory to the default site configuration override directory and install nano because I hate vi. If your site name is different you’ll get an error. Change directory to /srv/unifi/data/sites/ and ls to find out which directory is right for you.

We need to create a new file named config.gateway.json. Go ahead and run nano config.gateway.json.

There’s two things we need to accomplish here. First, finish up our IPv6 configuration.

         "interfaces": {
                 "ethernet": {
                         "eth0": {
                                 "dhcpv6-pd": {
                                         "prefix-only": "''"
                                 }
                         }
                 }
         },

TELUS provides only endpoint addresses (DHCPv6-IA) and does not delegate prefixes (DHCPv6-PD). There’s no configuration in the web GUI to indicate this so we’re needing to add this here. Without it your USG will not get an IPv6 address from TELUS and your CPU will be pinned at 40-50%.

Next, we need to activate the IGMP proxy on the USG, this also is not configurable via the web GUI hence why we need to get down and dirty.

Append this to the previous chunk of JSON:

    "protocols": {
            "igmp-proxy": {
                    "disable-quicksave": "''",
                    "interface": {
                            "eth0": {
                                    "alt-subnet": "0.0.0.0/0",
                                    "role": "upstream",
                                    "threshold": "1"
                            },
                            "eth2": {
                                    "alt-subnet": "0.0.0.0/0",
                                    "role": "downstream",
                                    "threshold": "1"
                            }
                    }
            }
    }
}

We’re playing with some fire here, so it’s a good idea to run your JSON through a validator first before saving the file to your controller. What this JSON is doing is letting the USG know to start the IGMP proxy and configure eth0 (WAN) as the upstream IGMP interface and eth2 (WAN 2/LAN 2) as the downstream.

Note: if you use Optik on the Go or would otherwise prefer to have the Optik STBs on LAN 1, your downstream interface should be eth1.

From here, save your file by pressing CTRL+X, Y, and ENTER.

We need to do one more JSON configuration change and that will go into another new file, config.properties.

Run nano config.properties and put the following line into the file:

config.system_cfg.1=switch.igmp.header_checking=false

Normally if we were only making changes to these two files we would need to force provision the USG. As we’re going to continue on in the Unifi SDR UI we can skip that step. If you’re still following along, awesome work. You’re killing it. I’m proud of you. Really, I am. This, for me, is the culmination of about 7 hours of experimentation, WireShark-ing, and a bottle of Wine O’Clock Shiraz.

Static Routes

We can head back into the Unifi SDR and head to Settings > Routing & Firewall. We need to create three routes:

These routes will be consistent across the country however the “Next Hop” will be different. This is the USG’s gateway, something you can find by running a traceroute from your computer to somewhere on the internet. logging into the USG via SSH and executing: ip route show

Look for a line indicating your WAN IP address routed to a subnet such as below:

I blocked out my full IP address however you’ll see that eth0 is pointed to 209.89.184.0/22. For the purposes of creating the routes in Unifi, the address will instead be 209.89.184.1, in my example. This will ensure that the traffic to the Optik servers is routed as efficiently as possible.

Creating the routes in Unifi is pretty quick and painless, as depicted below:

These instruct the USG to route all traffic to any of the three subnets through the “Next Hop” and only the next hop. The Destination Networks we need to configure are:

  • 207.0.0.0/8
  • 209.0.0.0/8
  • 216.0.0.0/8

Firewall Configuration

Next, we’ll jump over to the “Firewall” tab and configure a couple of firewall rules. Before we do that, click the “Groups” subtab and we’ll define a couple of firewall groups. Choose “Create new group” and configure your first group as follows:

This defines the groups of machines that will be permitted through the firewall into your IPTV network over UDP that we will create next. Before we can do that we need to define one more group as follows:

This group defines the subnet of IPv4 space reserved for multicasting. Move back to the “Rules IPv4” subtab, make sure you’re looking at the “WAN IN” rules and choose “Create new rule“. Configure your rule as follows:

This will allow all UDP traffic from the IPv4 Address Group we created just a moment ago through into the IGMP proxy we set up earlier. The IGMP proxy will do exactly as it’s named: proxy the IGMP packets into your network as we defined earlier, specifically to the eth2 interface. (Note: if you have the STBs connected via the USG’s LAN 1 port, this is the eth1 interface instead.)

We need to create one more firewall rule under “WAN LOCAL”:

This rule will allow IGMP packets to flow freely from the IGMP proxy into your IPTV network – your eth2 (WAN 2/LAN 2) interface. This also allows IGMP traffic to flow between receivers (for watching PVR recorded video). (Again, note: if you have the STBs connected via the USG’s LAN 1 port, this is the eth1 interface instead.)

Wrapping it up…

And with that, you should be able to tune your Optik TV receiver to a channel and have uninterrupted TV. So what we’ve accomplished is the following:

Thanks for reading along. If you have any questions or comments please reach out in the comments below. I hope that this helps you liberate yourself of that damn Actiontec router, too!

Addendum 1: Using the USG’s LAN 1 & VLAN

As with any project I learned a good amount and after writing this article decided to open TELUS’ Optik on the Go to find that I ran into the multicast issue. I quickly realized that this was due to all multicast traffic being routed to the USG’s WAN 2/LAN 2 (eth2) interface.

I’ve made some writer’s notes to the guide above however the physical connection bears to be clarified. The STBs instead were connected to the Unifi Switch 8 60W and within the Unifi SDN I’ve manually assigned the IPTV VLAN we created to those ports.

Navigate to the Devices screen and click on the switch you wish to configure. From there, click on the Ports icon and choose the ports you wish to edit. For me, this was ports 2 and 3.

Choose your IPTV VLAN from the Switch Port Profile dropdown selector and choose Apply. If you have already connected your STBs to those ports you’ll need to reboot them for the changes to take effect.

Addendum 2: VDSL applications

A huge thanks to u/JACK_DAGNIELS on the r/telus subreddit for asking this rather important question for those that do not have the ability to remove the Actiontec router from their deployment due to it being the hardware that has the DSL modem in it.

Unfortunately in this type of installation we’ll have to consider the Actiontec router. To use the USG as your LAN’s gateway (and to prevent a painful double-NAT situation), log into the Actiontec’s configuration and enable Bridge Mode. Then connect the LAN 1 port on the Actiontec to the WAN 1 port on the USG. That’s it!

If you have any questions or comments about getting this sort of project done, please don’t hesitate to leave a comment!

Categories
IT Sys Admin Windows 10

Acer Swift 3 – Fix the Brightness Settings

If you’re like me you’ve been thrilled with how great your little 14″ Ultrabook from Acer. You’ve kept it up to date and suddenly you’ve found the F3/F4 brightness controls aren’t working. You may have also found that you can’t change the brightness from the Notification Center off to the right of your Windows 10 task bar. For me the slider or indicator changes but the display itself isn’t reflecting the new setting.

There’s a fix. Follow the steps below to get that display listening again!

Windows Updates

Head on over to your Windows Settings panel, click on Update & Security. Run a check to make sure your machine is fully up to date. Reboot after your system finishes with any updates. Even if it doesn’t prompt you to restart it’s a good idea to do a power cycle just to make sure any changes are in place.

Check your brightness buttons. If you’re still facing problems, continue on!

Update Drivers

If Windows Update didn’t solve your problem, head on over to the Device Manager by right clicking on the Start Menu and choosing “Device Manager.”

Click on the + icon beside “Display adapters” and chose “Update driver” from the context menu. From there, choose “Search automatically for updated driver software.”

Windows will advise you that “The best device drivers are already installed.” It’s lying to you. Continue on by clicking “Search for updated drivers on Windows Update.”

You’ll find that Windows will start downloading updated drivers for the display adapter. About 5-10 minutes later and a couple of flickers of the screen Windows will prompt you that you’re done with the process.

Test your brightness buttons. They work! Hurrah. Problem solved.

If this guide helped you or if you have any questions, comments, or concerns, please leave them in the comments below. Thanks for reading!

Categories
3D Printing Creality Ender-3 Pro

Setting up OctoPrint with your Ender 3 Printer

I recently got back into the 3D printing game and realized what my bottle neck was previously. Having my main machine on and not being able to reboot, etc while I was printing. Then I discovered OctoPrint.

The idea of OctoPrint is to offload the printing to a web-based interface so you can rest easy and monitor the print from any device at any time. The platform is incredibly scale-able with hundreds of plugins available from wi-fi switch control, filament inventory management, to timelapse generation. My OctoPrint configuration is a little customized and I’ll go into that later.

For this tutorial I’m using OctoPrint the most recent version at the time of writing, version 0.16.0. This also is the case with balenaEtcher, version 1.5.33. I’m doing this on Windows 10 however balenaEtcher is available on MacOS and Linux as well. If you’re missing any of the items needed to get started I’ve linked my recommendations below.

What you’ll need:

Getting started

First thing you’ll want to do is head over to the OctoPrint website and download the most recent version of the OctoPi distribution. For this tutorial I’m using 0.16.0. You’re also going to need a copy of balenaEtcher. Plug in your USB SD card reader with the micro SD card attached to your computer.

OctoPrint is the software that runs on the Raspberry Pi however the operating system distribution is called OctoPi. Extract the OctoPi image from the zip file you downloaded and open balenaEtcher. Select the img file you extracted and ensure that the software has your micro SD card selected. Then press “Flash!”

balenaEtcher with the OctoPi image and microSD card selected, ready to flash.

This will take a few minutes. When it’s done flashing it will attempt to verify that the operation was successful. In my experience I’ve never had this verification process end successfully and does not impact the rest of the guide.

When balenaEtcher confirms that it’s done go ahead and unplug your SD card reader and plug it back in. Open up “This PC” and you’ll find a new drive called “boot.” In my case it’s been assigned drive letter F:. Go ahead and open that drive.

If you plan on connecting your Raspberry Pi via WiFi, follow this. If you plan on connecting it via Ethernet, skip this entirely, Find the text file called “octopi-wpa-supplicant.txt”. I recommend using Notepad++ for this however Windows Notepad will work just fine. Scroll down to line 26 and remove the # beside lines 27, 28, 29, and 30 as I’ve done below. Fill in your WiFi SSID and password here. You’ll also want to ensure that the correct country is selected farther down in the file starting at Line 49. For me, that was adding a # beside "country=GB" and removing the # beside "country=CA". Lastly, save and close the file.

octopi-wpa-supplicant.txt with the WPA/WPA2 (most common) settings uncommented.

Safely eject and remove the SD card reader from your PC. Slide the SD card into your Raspberry Pi and plug it into power with the kit’s supplied mains power adapter. You should see a red LED indicator light on steady indicating the Raspberry Pi has power and a green LED indicator light flashing from time to time indicating it is accessing the micro SD card. Give it about 45-60 seconds to boot up.

Generally you should be able to point your web browser to octopi.local. It will bring you to the OctoPrint setup wizard. If not, log into your router and find the IP address for your OctoPrint instance. Every router/modem is different so if you’re not familiar on how to do this I would recommend doing a quick Google search.

OctoPrint’s Setup Wizard Welcome screen

When you’re successful in connecting to OctoPrint you’ll be greeted by this Setup Wizard screen. It’s pretty straight forward and each screen explains what’s recommended.

It’s really required that you set up a username and password for OctoPrint. Even if you don’t plan on having the interface accessible outside your network it’s a good idea to have some sort of access control to a device that heats up and potentially could set fire to your home, right? Set up your username and password on the Access Control screen and choose “Keep Access Control Enabled” to continue.

OctoPrint’s developers ask that you enable Anonymous Usage Tracking – you have the option to disable it but for me it’s not really a big deal that OctoPrint phones home about bugs and such. There’s also more granular controls later on in the settings related to this.

The connectivity check helps to confirm your Raspberry Pi has internet connectivity. Turning this off will only slow down your Pi if you don’t have an internet connection. The default check interval is 15 minutes but I bumped it up to 60. They also use Google’s DNS servers – which do track all requests – so I went ahead and changed to OpenDNS’ first DNS server, 208.67.222.222.

Next up is the plugin blacklist. Go ahead and enable it for safety’s sake. It’ll ask you to set up a slicing profile – I don’t recommend slicing directly on a Raspberry Pi and even still you’d need an older version of Cura to actually export a profile that this would support.

Finally, finish up by giving your printer a name, ensure the print bed and all other settings are correct.

That’s it! You’re done. Congratulations. Start by uploading your GCode and start printing. You can either click the upload button or drag the file over to the left hand side of the screen. The right hand “Upload to SD” is not active and not needed. It’s that easy!

Next I’d take a look through the OctoPrint Plugin Repository and see if you find anything that would make printing easier for you. For me, I use the following plugins:

There’s a lot there and not all of them are going to be applicable for your own particular use cases. It’s worth having a look through the Repository and seeing the possibilities OctoPrint can bring to your 3D printing experience.

I hope that this guide helped and if you have any questions, comments, or concerns don’t hesitate to leave a comment below. If this guide helped you please give it a share on your favourite social media platform. Good luck!

Categories
Musings

Hello!

Hi there!

Welcome to my new blog. I’m a student of IT System Administration, Web Development, and have a great interest in Amateur Radio.

I plan on sharing my experiences on this blog and share tips, tricks, and musings. Stay tuned!

~Chad