Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Issues with VLANs and HomeKit
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues with VLANs and HomeKit (Read 3600 times)
BlackJoker
Newbie
Posts: 13
Karma: 0
Issues with VLANs and HomeKit
«
on:
October 12, 2023, 09:53:55 pm »
Hello everyone,
I've been encountering a couple of problematic scenarios in my setup and I'm in dire need of some assistance. My network comprises three VLANs: Guest, IoT, and Cameras. I am using OPNsense version 23.7.6 on a local Beelink Mini PC. For network management, I have a UniFi Controller running in a Docker container on my Synology NAS, which resides in the main LAN.
My first hurdle is with the camera access. I can view the cameras on HomeKit only when I'm connected to the Camera WiFi network or in the Main Wifi at Home. However, I want to be able to access them from the IoT and main LAN as well.
The second issue arises when I try to connect to the HomeKit devices remotely either via mobile data or through a WireGuard VPN on my phone; the video stream from the cameras doesn't come through.
Additionally, the security sensors on my Aqara G2 Pro are not functional in HomeKit, which is quite frustrating.
I have the mDNS Repeater activated for all interfaces except WAN, and I have attached my current firewall rules for reference. The HomeKit Ports in the floating rules are 51826 and 51827. My Bridges (ATV 4k and Homepod Mini) are both on the IoT Network.
I've been wracking my brain over these issues and am desperate for a resolution. Your expertise and suggestions on how I could resolve these problems would be immensely appreciated. Thank you in advance for your time and assistance.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Issues with VLANs and HomeKit
«
Reply #1 on:
October 12, 2023, 09:59:38 pm »
Do you have multiple interfaces on your OPN device or all VLANs have the same parent interface? Depending on this, how you have setup any managed switch and the rules for each interface, advice can be given.
A network diagram would help too.
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #2 on:
October 12, 2023, 10:10:39 pm »
Each VLAN has its own interface, and in my UniFi Switch, I have only designated the VLAN IDs as networks. The OPNsense acts as the DHCP IPv4 server. I have already posted the rules above. Only the Main LAN interface has an any-to-any rule.
Logged
dMopp
Newbie
Posts: 49
Karma: 1
Re: Issues with VLANs and HomeKit
«
Reply #3 on:
October 12, 2023, 10:19:46 pm »
The easiest way is a floating rule which allows * to HomeKit (usually a appleTV) for all VLANs where devices are using HomeKit.
Iam not using HomeKit anymore (apart from security cams). What could also help: install the mdns-repeater + a floating rule for multicast (so it can cross the vlan boundaries)
«
Last Edit: October 12, 2023, 10:26:34 pm by dMopp
»
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #4 on:
October 12, 2023, 10:23:04 pm »
I already have that floating rule with the HomeKit Ports 51826 and 51827 like described above
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Issues with VLANs and HomeKit
«
Reply #5 on:
October 12, 2023, 10:23:14 pm »
OK I think the pictures weren't showing when I wrote.
Disclaimer, I don't use homekit so no idea how it works and can't tell what your aliases are but for now:
The principle is this. To allow traffic from one interface to another, you create a firewall rule on it. That is, where the traffic is coming from. So in your case (problem 1), you do it on the LAN interface. Remember the source port is any. I suggest you get this cross-network problem solved first.
BTW, "Camera WiFi network or in the Main Wifi at Home", this Wifi is on the Camera network I assume, so is same network, right?
Logged
dMopp
Newbie
Posts: 49
Karma: 1
Re: Issues with VLANs and HomeKit
«
Reply #6 on:
October 12, 2023, 10:24:22 pm »
See my updated post, maybe it’s just multicast missing. I will add some screenshots here what i have (And Eufy + Homekit is working fine)
«
Last Edit: October 12, 2023, 10:28:43 pm by dMopp
»
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #7 on:
October 12, 2023, 10:33:42 pm »
Like described I'm alreafy using the mDNS repeater on all VLAN interfaces and the LAN interface. I'm also using a floating rule for the mDNS Port 5353.
I'm already using a any to any rule on my LAN and wireguard interface but I'm still can't see the Homekit stream outside my network even when I'm connected via wireguard from outside.
I have a camera wifi which is assigned to my camera VLAN and I have a main wifi which is assigned to my LAN interface. All cameras are in the camera subnet such as the camera wifi. And I can only see the stream when I'm in that specific wifi network.
Logged
dMopp
Newbie
Posts: 49
Karma: 1
Re: Issues with VLANs and HomeKit
«
Reply #8 on:
October 12, 2023, 10:36:51 pm »
Then you should create a dump and see how the stream is working. To check if the problem is not located somewhere else you could create a any/any rule between two networks. If it’s still not working it’s not firewall related
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #9 on:
October 12, 2023, 11:01:19 pm »
Thank you for providing the screenshots; however, they did not resolve the issue I am facing. I attempted implementing an 'any to any' floating rule, but to no avail. Currently, I can only access the HomeKit camera stream when connected to the WiFi network. Neither cellular data nor VPN connections allow for streaming. Moreover, the security system fails to function even when I am connected via WiFi.
I am at a loss regarding how to create the dump. Would anyone have insights or alternative solutions to suggest?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Issues with VLANs and HomeKit
«
Reply #10 on:
October 12, 2023, 11:42:43 pm »
mist likely meant packet capture. Interfaces > Diagnostics > Packet Capture.
You are still on Homekit diagnostic and I'm still suggesting back to basics first. Verify traffic (any, one easy to diagnose with command tools like curl, etc) between interfaces before you drill down to specifics of what homekit uses.
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #11 on:
October 12, 2023, 11:51:26 pm »
Thank you for your response. I've just tested the Aqara app and can confirm that it streams correctly both over mobile data and VPN, which narrows down the issue to HomeKit.
Your suggestion to go back to basics and verify general traffic between interfaces before diving into HomeKit-specifics is well taken. I haven't yet delved deeply into packet capturing and command-line diagnostics like curl, but I agree that understanding basic traffic flow is essential.
Thanks again for pointing me in the right direction.
Logged
BlackJoker
Newbie
Posts: 13
Karma: 0
Re: Issues with VLANs and HomeKit
«
Reply #12 on:
October 15, 2023, 09:46:24 am »
I was able to solve my problem by setting up an allow rule between the IoT and Camera VLANs. Additionally, I removed the cameras from the Unifi Controller, restarted the HomePod, and since then, I haven't encountered any issues.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Issues with VLANs and HomeKit