Chromecast

polarizeme

Hi everyone.

I know there are a ton of posts around here about Chromecast, but I promise I've read as many as I could; nothing seemed to help/apply.

I've got an Aerohive setup that's using pfSense as a firewall and I absolutely cannot get Chromecasts to work on the network. AppleTVs work fine. Client/AP Isolation is not on, I see the Chromecast receive an address through DHCP (checking firewall logs), but according to the Chromecast it doesn't connect to the WiFi network. Our wireless is segmented for 2.4GHz and 5GHz so it's not a matter of broadcasting the same SSID on both frequencies. I can't find anything in the firewall logs that show the Chromecast being blocked for any reason. It's gotten to the point of utter frustration, which is why I have turned to you fine folks.

Any ideas?

I'm happy to provide config info (within reason) for the firewall; obviously easier to ask/answer questions that way.

Cheers in advance,
    - Tristan -

stephenw10

Do you see the Chromecast IP address in the DHCP leases table? In otherwords although you see it in the firewall logs (a logged allow rule I assume) is it actually receiving the lease?
How are you checking the Chromecast status, on the attached TV? The Chromecast app?
Is your wifi all one subnet?

I have a Chromecast here and it just works, I did nothing special. The only thing that I find odd about it is just how much data it consumes even when I'm not using it, like hundreds of MB a day.

Steve

jimp

IIRC if it's connected but claims no Internet access, ensure it can access its hardcoded DNS servers (8.8.8.8 and 8.8.4.4) if Chromecast cannot reach those, it will claim it does not have access.

If you cannot reach those, you might be able to redirect the traffic with NAT rules to fake the Chromecast device into believing it is talking to those IP addresses when it's really getting DNS from somewhere else, like your firewall.

polarizeme

@stephenw10:

Do you see the Chromecast IP address in the DHCP leases table? In otherwords although you see it in the firewall logs (a logged allow rule I assume) is it actually receiving the lease?
How are you checking the Chromecast status, on the attached TV? The Chromecast app?
Is your wifi all one subnet?

I have a Chromecast here and it just works, I did nothing special. The only thing that I find odd about it is just how much data it consumes even when I'm not using it, like hundreds of MB a day.

Steve

Appreciate the reply.

To answer your first question, and apologies for the potential misdirection/confusion, I see the Chromecast obtain a DCHP lease via the DHCP system logs, not allowed/denied traffic system logs.

As for question 2, the status is being monitored via the Chromecast Android app and the Chromecast output to a monitor. After a couple minutes of the Chromecast saying that it's connecting to the network, the Android app will pop up an error message saying the Chromecast isn't on the wireless network; the Chromecast will keep saying it's connecting for a couple more minutes before just returning to the "awaiting instructions" screen.

Cheers,
  - Tristan -

polarizeme

@jimp:

IIRC if it's connected but claims no Internet access, ensure it can access its hardcoded DNS servers (8.8.8.8 and 8.8.4.4) if Chromecast cannot reach those, it will claim it does not have access.

If you cannot reach those, you might be able to redirect the traffic with NAT rules to fake the Chromecast device into believing it is talking to those IP addresses when it's really getting DNS from somewhere else, like your firewall.

Hiya. Cheers for the reply.

We're actually using both of those Google Public DNS addresses here anyway, so I'd be a bit bemused if it was having issues accessing those servers.

I'm not actually able to locate any denied access for the Chromecast in the logs, which is the oddest bit to me. Logs show it obtaining DHCP, but according to the Chromecast (and all other firewall logs I've dug through) the thing never actually seems to connect to the network.

Thanks!
    - Tristan -

polarizeme

@stephenw10:

Is your wifi all one subnet?

Forgot to answer this portion.

Yeah, our WiFi is all one subnet.

stephenw10

Put in a static DHCP lease for the Chromecast. Put in an allow rule for the Chromecast IP with logging enabled. See if it's actually getting traffic as far as the pfSense LAN. Or just run a packet capture on LAN and filter it afterwards if you're happy doing that.
I've never used Aerohive but in the absence of any other data I'd have to suggest it's getting in the way somehow.

Steve

johnpoz

Do you have something that blocks multicast?  that needs to be allowed.  I run a chromecast here as well.  If your on the same segment with your wireless, you might have problems if on 5 on app, and chromecast is 2.4

But muticast has to be allowed on the wifi

You can check out the cisco guide for info for example
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/chromecastDG76/ChromecastDG76.html

I run chromecast without any issues - to be honest pfsense is not going to have anything to do with it really other than allowing internet access.

polarizeme

DHCP logs before the static assignment:
Nov 25 16:58:34 dhcpd: DHCPACK on 172.20.1.184 to d0:e7:82:7c:8c:9f (Chromecast) via em2
Nov 25 16:58:34 dhcpd: DHCPREQUEST for 172.20.1.184 from d0:e7:82:7c:8c:9f (Chromecast) via em2

After adding static assignment:
Nov 25 16:34:58 dhcpd: DHCPACK on 172.20.1.222 to d0:e7:82:7c:8c:9f via em2
Nov 25 16:34:58 dhcpd: DHCPREQUEST for 172.20.1.222 (172.20.1.3) from d0:e7:82:7c:8c:9f via em2
Nov 25 16:34:58 dhcpd: DHCPOFFER on 172.20.1.222 to d0:e7:82:7c:8c:9f via em2
Nov 25 16:34:58 dhcpd: DHCPDISCOVER from d0:e7:82:7c:8c:9f via em2

So DHCP claims all is gravy regardless.

Adding a specific allow rule for Google DNS servers, which we use anyway, gives me:
Nov 25 17:22:08 WIFI 172.20.1.222:58954 8.8.8.8:53 UDP pass
Nov 25 17:22:07 WIFI 172.20.1.222:59875 8.8.8.8:53 UDP pass

It seems hit or miss, but I can at least now occasionally get the error message about it being connected to the network but having no internet connection, which is only marginally better than it saying it can't connect. Other than that, still nothing.

As for multicast, it's enabled on the wireless network. The only thing I'm seeing relating to multicast is when the Chromecast is trying to connect, I'm seeing lots of IPV6 requests being blocked for [ff02::fb]:5353, which I believe is multicast. Any reason why the Chromecast would be trying to make all IPV6 requests for multicast?

Cheers,
    - Tristan -

polarizeme

Hahaha.

Uhhh… so I posted that from work last night and went home to think on it for a while. Came back in today and... it's just working. I'm the only one that's been in our HMOL or firewall this week, so I know no one else made changes. I'm going to do some traffic sniffing now that it's up and running and see if I can make some rules based on my findings so that this doesn't end up being a fluke.

Thanks for the thoughts and input, all.

Have a great holiday!
    - Tristan -

johnpoz

5353 is mdns..  You sure that is chromecast??  I would think that is most likely some other apple type device on your wifi network.