UDP Broadcast Relay

[marjohn56]

I'll go and plug my chromecast in and have a play. Usually only use it when I'm on holiday, fat chance of going anywhere at the moment! I'll get back to you. I know others have got Chromecast working so its a bit odd.

[marjohn56]

To further troubleshooting, I've ran UDP Broadcast Relay manually and can see MDNS broadcasts being relayed between the vlans. I can confirm this as I've ran Wireshark on both LAN & IOT Vlan's and can see the MDNS broadcasts. The interesting bit, is if I run Youtube app on my phone, I see the broadcast being replicated across the vlan, my Virgin media box (in IOT VLAN) answering the MDNS query, the answer then coming back to my LAN Vlan, and my phone never picks the answer backup. Its as if its ignored. If I leave wireshark running on the LAN vlan, I can intermittently see broadcasts originating from my Virgin Media box as it contains the answers for the MDNS queries.

What's even more interesting is that it works from my Chrome browser on the desktop... still investigating!

[Zavation]

Thanks marjohn56.

I did a network capture on my phone and can see that the Youtube application is making both mdns & ssdp discovery requests. I've tested adding another relay for the ssdp protocol, however had no joy. From what I can tell, ssdp is not being relayed correctly. I get "IP TTL (65) matches ID (1) + 64. Packet Ignored." when ttl-id is enabled.

[marjohn56]

Sooo....


After much playing about I have made it work. Try this, use two multicast addresses, 224.0.0.251 and 224.0.0.51, source address I have set at 1.1.1.1

The 224.0.0.51 is what mdns repeater uses and it appears that's what it needs...





Don't forget the fixed IP and firewall rule for the chromecast itself on the IOT VLAN!

[Zavation]

Thanks for the great suggestion, but just tried that with still no joy.

As I'm still in the process of configuring my network, I've got wildcard rules on both IOT & LAN vlans, to take them out of the equation.

I do have a ubquiti AP, so was wondering if that would cause issues with the broadcasts, so I did what you did and connected directly to the switch and tried finding devices in Chrome, with still no joy.

I'm gunna do some more packet captures tonight and see if I can work out what's going on.

[marjohn56]

Are you allowing your primary vlan to access anything on the IoT vlan? It's a one way street. Nothing on my IOT can access the primary lan but from the primary I can ping and access anything on the IoT.

[Zavation]

I've just attached a screenshot of the rules I have in my LAN rule set. I have added a similar allow rule back from the IOT network. As mentioned before, once I've fixed this issue I'll lock everything down to a "T". I just find it really odd that I don't see blocked traffic or anything. I've ran more network logs tonight, and I don't see anything much of interest. When my phone is on the IOT network, I don't see SSDP or MDNS, the phone very quickly discovers the Virgin Media Chromecast. My TV (Also on the IOT network) also has a chrome cast built in, and that isn't discovered either. Is there any config within Opnsense you can think of that could block the traffic? I've also double checked the IGMP snooping is disabled on my switch.

[marjohn56]

What rules do you have on your IOT VLAN?


I am talking of the Chromecast dongle, which as I say works fine. I'll check and see if any of my TVs have Chromecast, as I said, I usually only ever use it on holiday to connect to the hotel TV's!

[marjohn56]

I've just found another document, a Cisco one... not sure it's totally correct.


https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.pdf. Interesting in they say you can cast to the chromecast, but not manage it.


Have you tried MDNS repeater? You can use it alongside UDPBR providing you don't use the same ports, mdns repeater uses port 5353 and 224.0.0.251

[miraculix]

Are there any plans to make this plugin ready for IPv6?

[marjohn56]

no.

[Patrick M. Hausen]

Have you tried MDNS repeater? You can use it alongside UDPBR providing you don't use the same ports, mdns repeater uses port 5353 and 224.0.0.251

Works great here in my home network with a lot of Apple devices and a lot of Bonjour/mDNS going on. IPv4 and IPv6. Single exception is a Brother printer/scanner that announces its scanning service with the link local address instead of the global unicast one. Which of course does not work across a router. Apart from that single buggy device everything "just works", activate and forget.

[marjohn56]

Same here. I use both of them.

[stich86]

hello guys,

i cannot make it works with Sky Go App and Sky Q boxes.
I've setup the entry with multicast address 239.255.255.250 and port 1900, doing a TCPDUMP i can see traffic forwaded from my IoT VLAN to main LAN, but the app doesn't find the Sky Q Platinum

Any hints?

Before OPNSense I was using UniFi and i should force TTL to 4 when using IGMP Proxy

Thanks in advance!

[marjohn56]

Have you set up the firewall rule needed?