cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Aspiring Contributor
13,948 Views
Message 1 of 15

Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

How to configure a Ubiquiti Unifi Security Gateway with external BT Openreach ADSL modem to work with IP TV Services (BT TV / Youview)

BT TV and other IPTV services rely on a feature called “Multicast” to be able to stream live television over your broadband connection.  If you have the BT Smarthub, this is all configured out of the box to work without any configuration required.  If you have upgraded to a Unifi Security Gateway, there is about 15 minutes work necessary to configure it to correctly pass the “Multicast/IGMP” traffic from the Internet to your local network.

I spent several hours experimenting and piecing together previous articles, and I’m pleased to say I now have a foolproof setup.  Here is the step by step guide for you:

Note – this works reliably and consistently (No drop outs after a few minutes or IPC 6023 errors!)

My setup:

BT TV Youview box (manufactured by Humax) that is hard wired to my local area network

BT ADSL Infinity 2 Unlimited (I get approx. 76MB downstream speed on this)

BT Openreach ADSL Modem - ECI Telecom B Focus V-2Fub/r Rev B (Bought on eBay)

Unifi USG (3 Port Model) running firmware 4.4.12.5032482

Unifi CloudKey running firmware UCK.mtk7623.v0.8.2.c653dde.171107.2039

Unifi CloudKey Controller running firmware 5.6.22-10205

My external IP address is dynamically allocated by BT and changes

My internal LAN range is 192.168.1.0/24

My USG internal LAN IP address is 192.168.1.1

My Cloudkey Controller IP address is 192.168.1.6

I only have one “Site” in Unifi and it is the default one that is named “default”

*YOU WILL NEED TO SUBSTITUTE YOUR OWN ADDRESSES IN THE FILES AND STEPS BELOW FOR MY ONES*

Make a Note now:

My Unifi CloudKey IP address (eg 192.168.1.6/24) is:

My Unifi Security Gateway (USG) IP address  (eg 192.168.1.1/24) is:

My CIDR network address (eg 192.168.1.0/24) is:

What will you need:

To complete this you will need a PC that can connect to the Cloudkey Controller IP and the USG IP.  You will need to download and install PuTTY so you can open up a secure shell (SSH) connection (command line) to these boxes.  Putty can be downloaded for Windows PCs from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

 

Overview of process

There are three simple steps to get these services working through the USG:

  1. Create a configuration file on the Cloud Key Controller that tells the USG to run a “IGMP Proxy” service
  2. Instruct the Cloud Key Controller to “push” that configuration to the USG
  3. Create some firewall rules to allow the multicast / IGMP traffic through

 

Step One

Use notepad to create a file called config.gateway.json.  Enter the following text EXACTLY in to that file.  Take extreme care not to miss anything out or add anything:

{

"protocols": {

                "igmp-proxy": {

                        "interface": {

                                "eth0": {

                                        "alt-subnet": [

                                                "0.0.0.0/0"

                                        ],

                                        "role": "upstream",

                                        "threshold": "1"

                                },

                                "eth1": {

                                        "alt-subnet": [

                                                "192.168.1.0/25"

                                        ],

                                        "role": "downstream",

                                        "threshold": "1"

                                }

                        }

                }

 

                },

"interfaces": {

                "ethernet": {

                        "eth0": {

                                "address": [

                                        "10.255.255.255/32"

                                ],

                                "mtu": "1508",

                                "duplex": "auto",

                                "firewall": {

                                        "in": {

                                                "name": "WAN_IN"

                                        },

                                        "local": {

                                                "name": "WAN_LOCAL"

                                        }

                                },

                                "pppoe": {

                                        "0": {

                                                "default-route": "auto",

                                                "firewall": {

                                                        "in": {

                                                                "name": "WAN_IN"

                                                        },

                                                        "local": {

                                                                "name": "WAN_LOCAL"

                                                        }

                                                },

                                                "mtu": "1492",

                                                "name-server": "auto",

                                                "password": "bt",

                                                "user-id": "bthomehub@btbroadband.com"

                                        }

                                },

                                "speed": "auto"

                        },

                        "eth1": {

                                "address": [

                                        "192.168.1.1/24"

                                ],

                                "duplex": "auto",

                                "firewall": {

                                        "in": {

                                                "name": "LAN_IN"

                                        },

                                        "local": {

                                                "name": "LAN_LOCAL"

                                        },

                                        "out": {

                                                "name": "LAN_OUT"

                                        }

                                },

                                "speed": "auto"

                        },

                        "eth2": {

                                "disable": "''",

                                "duplex": "auto",

                                "speed": "auto"

                        }

                },

                "loopback": {

                        "lo": "''"

                }

        }

}

 

 

NOTE: Replace the IP address and subnet mask after the Alt-Subnet line with your NETWORK address.  In my case this is 192.168.1.0/24.  This is NOT the same as your gateway or router address and will end in 0

NOTE 2: Replace the IP address and subnet mask after the “ETH1” and “Address” lines with your USG LAN IP Address (in my case 192.168.1.1/24)

NOTE 3: Leave everything else EXACTLY as it’s presented above

Next open up putty and open a connection (ssh  / port 22) to your CLOUDKEY CONTROLLER IP address (in my case this is 192.168.1.6)

Accept the warning message about the SSH Thumprint, then enter the same credentials you use to login to the web interface.  In my case this is username: UBNT and my password.

Please visit https://www.cs.colostate.edu/helpdocs/vi.html and make sure you understand how to use the Unix “vi” text editor.  Just learn the basics for navigating, inserting text and existing saving the file (esc, colon w q!)

Once logged in type the following commands exactly – They ARE case sensitive:

cd /srv/unifi/data/sites/default

vi config.gateway.json

Go to your notepad containing the contents of the config.gateway.json and select all of the text (in Windows CTRL-A, CTRL-C)

Go back to your putty Window, where you have the vi editor open and do the following

Type a single letter i on the keyboard (this puts the editor in insert text mode)

Right click in the putty window and select “Paste”.  You will now see the contents of the file appear on screen

Press the following keys in exactly this order:

ESC : w q ! Return

Type ls – you should see a file in the directory called config.gateway.json

Type cat config.gateway.json – you should see the contents of the file exactly the same as in your Windows notepad version on the PC list appear on screen

Close the putty session.  Everything else now can be done via the GUI 😊

 

Step Two

We now need to “push” the configuration we have just created on the CloudKey Controller to the USG box.  This is really simple.

Open your web browser and open the CloudKey Controller page (in my case this is http://192.168.1.6

Click on “Unifi Controller – Manage your Device by UniFI Controller

Log in if required

Click on the fourth icon down on the left (the “Devices” icon)

Click on your Unifi Security Gateway 3P device

Under the “Properties” window that opens up, Click the “Config” tab

Click “Manage Device”

Click “Provision”

 

That’s it – this forces the CloudKey Controller to “push” that new configuration that has been created to the Unifi Security Gateway

Optional Step – verify that the USG has received the new config and started the “IGMP Proxy” by doing the following:

Using the same steps as in Step 1, open a putty session – but this time open one to the USG itself (in my case 192.168.1.1

Type:  ps ax | grep igmp

You should see a line that reads “/sbin/igmpproxy /etc/igmpproxy.conf”.  This shows that the IGMP proxy process is successfully running!

 

Step Three

Now it’s time to configure some firewall rules.  This can ALL be done via the GUI 😊

Open your web browser and open the CloudKey Controller page (in my case this is http://192.168.1.6

Click on “Unifi Controller – Manage your Device by UniFI Controller

Log in if required

Click on the second  icon up from the bottom on the left (the “Settings” icon)

Click on the “Routing & Firewall” tab

Click on “Firewall” at the top of the screen

Click on “Groups” at the top of the screen

Click “+Create new Group”

In “Name” call the group “igmp group”

In address, add the following 5 addresses (use +Add to add each one separately)

234.0.0.0/8

224.0.0.0/4

109.159.247.0/24

239.0.0.0/8

233.0.0.0/8

Click Save

Now Click on “Rules (next to the Groups tab at the top of the screen)

Click on “WAN IN”

Click “Creat New Rule”.  Leave EVERYTHING as default except the following

Name: “Allow IGMP Group to LAN

Enabled: On

Rule Applied: Before predefined rules

Action: Accept

Protocol: All

Advanced VERY IMPORTANT check the boxes next to “New”, “Established”, “Invalid” and “Related”

IPsec: Don’t match on IPsec packets

Source: Leave as defaults

Destination: Check “Address/Port Group”

Address Group: Select the “igmp-group” address group

Click Save

 

Now Click on “Rules (next to the Groups tab at the top of the screen)

Click on “WAN LOCAL”

Click “Creat New Rule”.  Leave EVERYTHING as default except the following

Name: “Allow IGMP Group to LAN

Enabled: On

Rule Applied: Before predefined rules

Action: Accept

Protocol: All

Advanced VERY IMPORTANT check the boxes next to “New”, “Established”, “Invalid” and “Related”

IPsec: Don’t match on IPsec packets

Source: Leave as defaults

Destination: Check “Address/Port Group”

Address Group: Select the “igmp-group” address group

Click Save

 

Wait for your firewall rules to update – and test your BT TV.  It should be working fine 😊

 

 

 

 

 

 

 

14 REPLIES 14
Highlighted
Aspiring Contributor
13,881 Views
Message 2 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

UPDATE

 

In Step 3 above, there are only actually 2 firewall rules needed:

 

In address, add the following 2 addresses (use +Add to add each one separately)

224.0.0.0/4

109.159.247.0/24

 

0 Ratings
Reply
Highlighted
Newbie
13,793 Views
Message 3 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

Hi kleen

 

I've been using Unifi USG, Controller, unifi Toughswitch and a couple of APs for a while. I've now switched to BT Inifinity and where I previously just had an ethernet cable from the previous ISPs router/modem into the USG now this set-up doesn't work with the BT smart hub. 

 

So by completing all of the items you have listed, I'm assuming my network should work OK without having to change anything with the APs / controller etc?

 

I've read some reviews which suggest getting rid of the smart hub for a different router/modem as well?

 

thanks

0 Ratings
Reply
Highlighted
Aspiring Contributor
13,788 Views
Message 4 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

I dumped the "smart" hub and bought myself a Huawei Openreach modem.  Readily available on ebay for anywhere between £10-£40.  This then acts as a pppoe modem / bridge to your actual router (the USG)

 

 

0 Ratings
Reply
Highlighted
Newbie
13,772 Views
Message 5 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

thanks for that. I think that will be the best option to be honest. Just followed the actions from your post and I've done something wrong so I cant get out via the USG now on my old internet connection (I've still got this service for another 2 months so I've got time to play with them to get a working solution)

 

Cheers

0 Ratings
Reply
Highlighted
Aspiring Contributor
13,729 Views
Message 6 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

Take a look at the article over at; https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-w...

 

Shows you how to extract your entire config to a file.  Then you can compare and contrast with mine and adjust the bits you put in your json file as appropriate.  You dont need to put everything from your config in here - just the changes we are making that aren't available via a gui option currently..

 

Good luck

 

Kind regards

 

Nick

0 Ratings
Reply
Highlighted
Newbie
13,524 Views
Message 7 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

Just to say thank you for this great solution - I had looked at lots and lots of threads on this and none quite worked.

 

FYI - I am a Plusnet user and this worked for me just by changing the PPPoE login credentials to my Plusnet one, but everything else left the same..

Highlighted
Aspiring Contributor
13,463 Views
Message 8 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution
Glad it helped ajsadeh 😊
0 Ratings
Reply
Highlighted
13,029 Views
Message 9 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

 Hi Chaps,

I've already posted this in the unifi forum and not had a reply... 

Well.. I'm a combination of stumped and confused. I've had fully working PlusNet (BT) TV for around 18 months now until the last week. I can't for the life of me find why I can't get the TV back on. I've checked everything using the plusnet supplied router and the TV works fine. 

I was using a very simplified version of the config detailed here : https://community.bt.com/t5/Home-setup-Wi-Fi-network/Step-by-Step-guide-to-configuring-Unifi-Securit... and I've tried the exact config as detailed in that guide.

From what I can see when you change to an IPTV change (comedy central etc) the bandwidth utilisation jumps to about 15mpbs (about correct) and you can the USG WAN IN port light blinking rapidly. The packets don;t seem to be passing the firewall even with my original rules and the rules defined in the guide.

any suggestions?

 My setup is:

PlusNet 80MBs Fibre

Vigor 130 -> USG3 -> USW-8

I've tried various firmware and controller firmware versions and the problem persists..

 

Thanks in advanced.

0 Ratings
Reply
Highlighted
Distinguished Sage
Distinguished Sage
13,020 Views
Message 10 of 15

Re: Step by Step guide to configuring Unifi Security Gateway (USG) to work with BT YouView IPTV

Go to solution

Welcome to this user forum.

You need to post on the Plusnet forum. This is the BT Retail forum.

Plusnet forum - Index | Community Site

Thanks

 

0 Ratings
Reply