I cannot get Sonobus (a collaborative music / virtual studio) working with OPNsense. It worked prior with my old-style TP-Link router.
My new configuration is as follows:
The computer using Sonobus is now on a VLAN (let's call it "studio"). This computer can access the internet fine as I have the necessary pass rules in place.
My ISP is FIOS, which according to DH2I, reports as a "permissive nat".
I've followed many guides and AI suggestions concerning setting up NAT and other port-forwarding configurations, but none of them seem to work. It looks like the outbound traffic is leaving just fine, but inbound is getting blocked or misrouted somewhere.
The computer on the "studio" vlan has a static IP. SonoBus uses UDP ports from 12000 through about 45000 and I have tried hard-coding them, and using the defaults with updated NAT rules.
I've also tried moving the Sonobus computer to the primary lan (thus eliminating vlan issues). No change.
Other UDP-based virtual audio applications (like Jamulus) work without issue.
I'm very afraid that all of the things I've tried. As of now, the only thing I have in place is one in-bound port forwarding rule for UDP/12000 to the studio computer (12000 is the udp port set in sonobus).
I suspect that the Sonobus forums may be a better place to ask this, but on the outside chance someone can help it would be much appreciated.
I may have fixed this, but I have no idea why. After undoing all the "ai" and other suggestions, I simply added one Firewall->NAT->Outbound rule:
interface:WAN
Source:sonobusComputer_IP/32
Source Port:udp/ 12000
Destination:*
Destination Port:udp/ *
NAT Address:Interface address
NAT Port:12000
Static Port:NO
Description:SONOBUS
[source: sonobus github discussions]
Further, I cleared the state/active table as that seems to have been mucked up a bit as I was trying different configurations.
Any insight into why this would be required since the traffic should follow the "established/stateful" condition?
The device seems to need static ports - some VOIP gateways need that, as well.
Even if you specify "Static Port: NO", you effectively get that when only one port is specified in the rule.
I guess use use "hybrid rules" where this single rule for that client is applied before the default automatic rules. You should probably change the rule such that both source and target ports are set to "any", but Statiic Port is set to YES.
Thank you... I reconfigured as you suggested and it also works without needing to set a custom port in the application itself.
I'm still trying to understand why this is necessary if the application establishes the initial outbound connection. Is it because UDP is not stateful the same way TCP is with OPNsense (as it must have been with my old tp-link router)?
Yes. Some protocols need a predictable port. UDP is connectionless, so probably whatever this device uses needs an open port that is not translated, but known to the application.