"
I've just attached a screenshot of the rules I have in my LAN rule set. I have added a similar allow rule back from the IOT network. As mentioned before, once I've fixed this issue I'll lock everything down to a "T". I just find it really odd that I don't see blocked traffic or anything. I've ran more network logs tonight, and I don't see anything much of interest. When my phone is on the IOT network, I don't see SSDP or MDNS, the phone very quickly discovers the Virgin Media Chromecast. My TV (Also on the IOT network) also has a chrome cast built in, and that isn't discovered either. Is there any config within Opnsense you can think of that could block the traffic? I've also double checked the IGMP snooping is disabled on my switch.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: UDP Broadcast Relay
February 23, 2021, 02:30:50 PM
Thanks for the great suggestion, but just tried that with still no joy.
As I'm still in the process of configuring my network, I've got wildcard rules on both IOT & LAN vlans, to take them out of the equation.
I do have a ubquiti AP, so was wondering if that would cause issues with the broadcasts, so I did what you did and connected directly to the switch and tried finding devices in Chrome, with still no joy.
I'm gunna do some more packet captures tonight and see if I can work out what's going on.
As I'm still in the process of configuring my network, I've got wildcard rules on both IOT & LAN vlans, to take them out of the equation.
I do have a ubquiti AP, so was wondering if that would cause issues with the broadcasts, so I did what you did and connected directly to the switch and tried finding devices in Chrome, with still no joy.
I'm gunna do some more packet captures tonight and see if I can work out what's going on.
#3
General Discussion / Re: UDP Broadcast Relay
February 22, 2021, 11:33:23 PM
Thanks marjohn56.
I did a network capture on my phone and can see that the Youtube application is making both mdns & ssdp discovery requests. I've tested adding another relay for the ssdp protocol, however had no joy. From what I can tell, ssdp is not being relayed correctly. I get "IP TTL (65) matches ID (1) + 64. Packet Ignored." when ttl-id is enabled.
I did a network capture on my phone and can see that the Youtube application is making both mdns & ssdp discovery requests. I've tested adding another relay for the ssdp protocol, however had no joy. From what I can tell, ssdp is not being relayed correctly. I get "IP TTL (65) matches ID (1) + 64. Packet Ignored." when ttl-id is enabled.
#4
General Discussion / Re: UDP Broadcast Relay
February 22, 2021, 02:02:20 PM
Thanks for pointing this thread out marjohn56. Feel free to delete the thread I created originally.
I've had a read through this thread, however havn't had much luck in figuring out what's not allowing devices to discover my Virgin Media chromecast.
I've installed the devel version of UDP Broadcast relay (encase there are any additional features).
To allow for ease of testing, I've created allow all rules (IPv4 & IPv6) between the vlans, and as far as I can see no traffic is being blocked by rules etc... If I can at least get my phone connected, I'll then restrict the rules.
To further troubleshooting, I've ran UDP Broadcast Relay manually and can see MDNS broadcasts being relayed between the vlans. I can confirm this as I've ran Wireshark on both LAN & IOT Vlan's and can see the MDNS broadcasts. The interesting bit, is if I run Youtube app on my phone, I see the broadcast being replicated across the vlan, my Virgin media box (in IOT VLAN) answering the MDNS query, the answer then coming back to my LAN Vlan, and my phone never picks the answer backup. Its as if its ignored. If I leave wireshark running on the LAN vlan, I can intermittently see broadcasts originating from my Virgin Media box as it contains the answers for the MDNS queries.
As for settings for UDP Broadcast relay:
Interfaces: IOT & LAN Vlans
Multicast Address: 224.0.0.251
Source Address: 1.1.1.1
Port: 5353
ID: 1
Use ID as TTL: Tried both enabled & disabled.
As the broadcasts are originating from the interface IP of the vlan, this I hope removes the issue with Chromecasts not responding back to devices on different networks.
I saw you mentioned about snooping being enabled on your switch marjohn56, so i thought I'd check mine and as far as I can see such features are already disabled.
I've had a read through this thread, however havn't had much luck in figuring out what's not allowing devices to discover my Virgin Media chromecast.
I've installed the devel version of UDP Broadcast relay (encase there are any additional features).
To allow for ease of testing, I've created allow all rules (IPv4 & IPv6) between the vlans, and as far as I can see no traffic is being blocked by rules etc... If I can at least get my phone connected, I'll then restrict the rules.
To further troubleshooting, I've ran UDP Broadcast Relay manually and can see MDNS broadcasts being relayed between the vlans. I can confirm this as I've ran Wireshark on both LAN & IOT Vlan's and can see the MDNS broadcasts. The interesting bit, is if I run Youtube app on my phone, I see the broadcast being replicated across the vlan, my Virgin media box (in IOT VLAN) answering the MDNS query, the answer then coming back to my LAN Vlan, and my phone never picks the answer backup. Its as if its ignored. If I leave wireshark running on the LAN vlan, I can intermittently see broadcasts originating from my Virgin Media box as it contains the answers for the MDNS queries.
As for settings for UDP Broadcast relay:
Interfaces: IOT & LAN Vlans
Multicast Address: 224.0.0.251
Source Address: 1.1.1.1
Port: 5353
ID: 1
Use ID as TTL: Tried both enabled & disabled.
As the broadcasts are originating from the interface IP of the vlan, this I hope removes the issue with Chromecasts not responding back to devices on different networks.
I saw you mentioned about snooping being enabled on your switch marjohn56, so i thought I'd check mine and as far as I can see such features are already disabled.
#5
General Discussion / MDNS & Broadcast Issues
February 21, 2021, 03:33:34 PM
Hi all,
I currently have an issue where by devices on my LAN vlan, can't discover my TV or Virgin Media Chromecast devices which sit on the IOT VLAN.
I've enabled & tested both MDNS Repeater, and UDP Broadcast Relay (not at the same time to avoid port confliction)
To allow for ease of testing, I've created allow all rules (IPv4 & IPv6) between the vlans, and as far as I can see no traffic is being blocked by rules etc...
To further troubleshooting, I've ran UDP Broadcast Relay manually and can see MDNS broadcasts being relayed between the vlans. I can confirm this as I've ran Wireshark on both LAN & IOT Vlan's and can see the MDNS broadcasts. The interesting bit, is if I run Youtube app on my phone, I see the broadcast being replicated across the vlan, my Virgin media box (in IOT VLAN) answering the MDNS query, the answer then coming back to my LAN Vlan, and my phone never picks the answer backup. Its as if its ignored.
As for settings for UDP Broadcast relay:
Interfaces: IOT & LAN Vlans
Multicast Address: 224.0.0.251
Source Address: 1.1.1.1
Port: 5353
ID: 1
Use ID as TTL: Tried both enabled & disabled.
I'm on OPNsense 20.7.8_4-amd64.
Does anyone have any suggestions as to why the traffic all looks good, yet the discovery is not working?
Just to confirm, if my phone is on the IOT VLAN (Same as the VM box & TV), the discovery happens instantly, so I can rule out thinking its the phone not working or something like that.
Thanks!
I currently have an issue where by devices on my LAN vlan, can't discover my TV or Virgin Media Chromecast devices which sit on the IOT VLAN.
I've enabled & tested both MDNS Repeater, and UDP Broadcast Relay (not at the same time to avoid port confliction)
To allow for ease of testing, I've created allow all rules (IPv4 & IPv6) between the vlans, and as far as I can see no traffic is being blocked by rules etc...
To further troubleshooting, I've ran UDP Broadcast Relay manually and can see MDNS broadcasts being relayed between the vlans. I can confirm this as I've ran Wireshark on both LAN & IOT Vlan's and can see the MDNS broadcasts. The interesting bit, is if I run Youtube app on my phone, I see the broadcast being replicated across the vlan, my Virgin media box (in IOT VLAN) answering the MDNS query, the answer then coming back to my LAN Vlan, and my phone never picks the answer backup. Its as if its ignored.
As for settings for UDP Broadcast relay:
Interfaces: IOT & LAN Vlans
Multicast Address: 224.0.0.251
Source Address: 1.1.1.1
Port: 5353
ID: 1
Use ID as TTL: Tried both enabled & disabled.
I'm on OPNsense 20.7.8_4-amd64.
Does anyone have any suggestions as to why the traffic all looks good, yet the discovery is not working?
Just to confirm, if my phone is on the IOT VLAN (Same as the VM box & TV), the discovery happens instantly, so I can rule out thinking its the phone not working or something like that.
Thanks!
Pages1
