[SOLVED] UDP Broadcast Relay quesiton / Roon

[RamSense]

Anybody using "UDP Broadcast relay" and knows how to configure and how it works on opnsense knows if this plugin can be used like "udp-proxy-2020" ?
https://github.com/synfinatic/udp-proxy-2020

I would like to use ROON when I am away on my iPhone as endpoint using Wireguard.
By default I get Roon to work over wireguard and it sees all local endpoints, but no longer the iPhone. This is being fixed with this tool. And when UDP-Proxy-2020 works different than UDP broadcast relay, maybe udp-proxy-2020 can be used on opnsense? There is an pfsense version: FreeBSD/Intel x86_64: freebsd-amd64 (works with pfSense on x86)

This is what the author describes how it works for Roon:

What is this for?

So I'm playing with Roon and I've got this complicated home network that throws Roon for a loop. I started debugging things and it turns out Roon sends broadcast messages to UDP/9003. My firewall/router will not forward these messages of course, because that's the right thing to do.

Unfortunately, I really want these broadcast messages to be forwarded to other VLAN/subnets on my local network. I started using udp-proxy-relay-redux which worked great at first.

But I also really like these messages forwarded over my OpenVPN connections which utilize the tun driver which is a point-to-point interface and explicity does not support broadcasts. This didn't work well with udp-proxy-relay-redux because Roon is poorly behaved and still tries sending "broadcasts" to the .255 address which are then dropped on the floor because my VPN server does not have the address x.x.x.255. Basically, on a point-to-point interface, these "broadcasts" were being treated as a packet destined to another host and rightfully ignored.

So what does this do?

Instead of using a normal UDP socket to listen for broadcast messages, udp-proxy-2020 uses libpcap to "sniff" the UDP broadcast messages. This means it can be a lot more flexible about what packets it "sees" so it can then sends them via libpcap/packet injection out all the other configured interfaces. If this makes you go "ew", well, welcome to 2020.

The good news...

I'm writing this in GoLang so at least cross compiling onto your random Linux/FreeBSD router/firewall is reasonably easy. No ugly cross-compling C or trying to install Python/Ruby and a bunch of libraries.

Also: HAHAHAHAHAHAHA! None of that is true! Needing to use libpcap means I have to cross compile using CGO because gopacket/pcapgo only supports Linux for reading & writing to (ethernet?) network interfaces.

[RamSense]

I tried the plugin UDP-Broadcast Relay plugin.
I used:

Relay Port: 9003          -> Roon port found in the forums
Relay Interfaces: LAN, WG
Broadcast Address: 255.255.255.0       -> Did not know what to use, I thought of Subnet mask   255.255.255.0
Source Address: LAN-NAS-IP            -> did use the ip of my NAS running Roon. also tried 1.1.1.1 as stated in the help, but all did not work and the plugin did not start. Also when trying Broadcast Address: 192.168.1.255 that did not work also. 

when I remove broadcast address, the plugin starts, but does nothing....

What settings should be used?

[RamSense]

No Roon users with opnsense?

[mnaim]

From discussion here:
https://community.roonlabs.com/t/roon-server-on-different-vlan-subnet-why-not/138566/12

Try 239.255.255.250 port 9003

Great tool is that https://play.google.com/store/apps/details?id=com.tjjang.upnptool&hl=en&gl=US
in same network it can print upnp messages including IP and port

[RamSense]

Dear Mnaim,

Thank you for your answer and help. I tried it with your info and upnp, but Roon still does not find the iPhone over wireguard and vpn. Did you get this to work?

[mnaim]

Ah, using wireguard its more complicated.

https://an0n-r0.medium.com/making-dlna-through-site-to-site-vpn-work-f393629f4ce0
https://www.reddit.com/r/WireGuard/comments/b2x986/multicast_routing_through_wireguard/eiyg7qn/
https://redmine.pfsense.org/issues/11498

so far I did not tried that.

[RamSense]

@mnaim thank you for the links, I will read them and hope to make this work on opnsense.

addition: I followed your links and tried the udp broadcast relay 239.255.255.250 no source address and with source address, but no luck getting it to work. I'll have to wait for somebody more savvy than me and who has this working on opnsense and the steps to take.....
should be awesome. If pfsense can do it with "udp-proxy-2020" I'm convinced that opnsense should be able to do it also.

maybe @mimugmail can make a opnsense plugin for udp-proxy-2020(?)

[RamSense]

Maybe upd broadcast doest fit this job yet?
I have now tried to see if the pfsense/freebsd udp-proxy-2020 is working on opnsense, and it does!

Just Awesome! Running:
OPNsense 22.1.7_1-amd64
FreeBSD 13.0-STABLE
and over Wireguard to iPhone endpoint.

Just follow the PFsense Guide:

pfSense/BSD startup scripts

Note that these config files now support pfSense v2.5.0

Configuration

Create /usr/local/etc/udp-proxy-2020.conf on your firewall and edit as necessary for your needs.
Add the line udp_proxy_2020_enable=YES to /etc/rc.conf.local (file may need to be created)
Copy over /usr/local/etc/rc.d/udp-proxy-2020
Copy the correct udp-proxy-2020 binary for your system to /usr/local/bin/udp-proxy-2020 (yes, you have to rename the file!)
Ensure that /usr/local/bin/udp-proxy-2020 and /usr/local/etc/rc.d/udp-proxy-2020 have the correct permissions by running: chmod 755 /usr/local/etc/rc.d/udp-proxy-2020 /usr/local/bin/udp-proxy-2020
Run

Execute (as root) service udp-proxy-2020 start

Other info

Things to keep in mind:

Tested to work with both Wiregard and OpenVPN on pfSense 2.6.0
You may need to ssh into your firewall and run ifconfig to get the name of the VPN interface
Additional commands:

Stop the service: service udp-proxy-2020 stop
Check status of the service: service udp-proxy-2020 status

Maybe this udp-proxy-2020 https://github.com/synfinatic/udp-proxy-2020 can be made available? Maybe by @mimugmail ?

And/Or

Change in UDP Broadcast Relay plugin by the plugin owner with the feature within dup-proxy-2020 over wireguard would be great also!