Sonos speakers and applications on different subnets (VLAN's)

wanabe

I am happy to report that the new pimd pkg v0.0.2 works for me when it is configured to match the manual settings!! Here are screen shots of my settings:

🔒 Log in to view

🔒 Log in to view

🔒 Log in to view

🔒 Log in to view

Here is the config file that is produced which matches the file I obtained with the manual installation:

🔒 Log in to view

Finally here is the status output:

🔒 Log in to view

In the above status report: 192.168.6.1 is the interface that contains all of my Sonos devices, 192.168.2.8 is a computer which is wired to my LAN interface, 192.168.4.107 is my iphone wirelessly connected to my AP with the address of 192.168.4.2.

Both my wired computer on the LAN interface and my iphone on the WIFI interface can now recognize all my Sonos devices on the SONOS interface using the Sonos apps. I have not experienced the need to turn off/on the Wifi on my iphone as has been described by others. BTW, all my Sonos devices and my wired computers have statically assigned IP's. My wireless devices all receive DHCP leases.

Although this configuration finally works, I can't help but be curious about which of the above settings are really the most critical. I plan to selectively delete each setting until I can identify the one(s) that are really needed to make this work.

Thanks again to Qinn for all the time he has spent in getting this matter the attention it deserved. Also a big thank you to the developers for listening!

JeGr

@wanabe I'm happy for you that it works. Seriously. But I actually added the settings exactly like you. My only change is the "bind to none", "allow interface" approach which results in the same status (only three interfaces enabled).

Besides that I tried every setting combo like @stephenw10 or @jimp recommended but nothing so far. My Sonos speakers (4) are living in 172.27.3.30-33. That interface (VLAN 273) as well as the Guest Wifi I'm trying this on (VLAN 123) are in the status list. The only thing I have popping up in the status are

Virtual Interface Table ======================================================
Vif  Local Address    Subnet              Thresh  Flags      Neighbors
---  ---------------  ------------------  ------  ---------  -----------------
... (all disabled)
  5  172.27.3.1       172.27.3/24              1  DR NO-NBR
...
  8  10.20.30.1       10.20.30/24              1  DR NO-NBR
...
 10  172.27.3.1       register_vif0            1 

 Vif  SSM Group        Sources             

Multicast Routing Table ======================================================
----------------------------------- (S,G) ------------------------------------
Source           Group            RP Address       Flags
---------------  ---------------  ---------------  ---------------------------
10.20.30.144     239.255.255.250  172.27.3.1       SG
Joined   oifs: ...........         
Pruned   oifs: ...........         
Leaves   oifs: ...........         
Asserted oifs: ...........         
Outgoing oifs: ...........         
Incoming     : ........I..         

TIMERS:  Entry    JP    RS  Assert VIFS:  0  1  2  3  4  5  6  7  8  9  10
             0     0     0       0        0  0  0  0  0  0  0  0  0  0  0
--------------------------------- (*,*,G) ------------------------------------
Number of Groups: 1
Number of Cache MIRRORs: 0
------------------------------------------------------------------------------

That's the only thing that will pop up in "Status" when I launch the Sonos App on the smartphone connected to the WiFi. Nothing is found of course. Besides that my config looks exactly the same.

##################### DO NOT EDIT THIS FILE! ######################
###################################################################
# This file was created by an automatic configuration generator.  #
# The contents of this file will be overwritten without warning!  #
###################################################################
spt-threshold packets 0 interval 100
phyint igb2.273 enable
phyint igb2.123 enable
bsr-candidate priority 5
rp-candidate priority 20 time 30

As for the firewall rules they are in "debug" mode so access from/to media<->wifi is unrestricted ATM. I even added a pass rule for the sonos multicast address and see hits to it on the media and guest interface. But no traffic to the other network segment. Curious as to how to proceed in debugging.

wanabe

@JeGr Sorry this hasn't yet worked out for you. I'm not sure I can be of much assistance in helping you debug your setup. Until three months ago I had a consumer grade router and a layman's knowledge of networking. But, I am certainly willing to help in anyway I can .

A few details about my setup. I am using three physical interfaces and not VLANS. Don't know why this should make any difference but just letting you know. I took Qinn's advice and placed all my Sono's devices on a separate interface labeled SONOS. My wired computers are on the LAN interface and my wireless devices connect to an AP which is on the WIFI interface.

The only thought that comes to mind is have you enabled "Allow packets with IP options to pass" on the interface that contains your Sonos devices? I know that there has been conflicting experience with this, but I have discovered that it is necessary for my setup. The only firewall rule which I currently have is one that allows all traffic out of my SONOS interface and I have enabled the "Allow packets.." on this rule. This option does not appear to be necessary on my other two interfaces nor have have I had to create any additional rules

The only other thing I can suggest is to try the "bind to all" then selectively disable approach. I know it shouldn't make any difference but this is how pimd is configured by default on the manual installation. Worth a try if you haven't already.

hispeed

The setup from wanabe is working fine. I have only activated 2 interfaces where I want to route the traffic and this also works in WLAN and LAN.

Be aware that you have to allow promiscous mode on a ESXI if you have a setup with VM's as far as I know.

@jimp Thank you! Very nice work.

Deviant0ne

@JeGr

I removed all of my settings and then reconfigured PIMD from scratch using the exact same settings as @wanabe. I also enabled "Allow IP options" on the firewall rules allowing access to my Sonos devices (on both my LAN and my VLAN) per a suggestion by @PacketMan in another thread - only then was I able to fully access my Sonos devices across a VLAN, i.e. configure a new Sonos controller on a machine installed behind a VLAN. With just the PIMD settings configured, I was not able to get the multicast traffic to traverse the VLAN/LAN - enabling "Allow IP options" was the key for my configuration in the end.

wanabe

@Deviant0ne said in Sonos speakers and applications on different subnets (VLAN's):

@JeGr

• enabling "Allow IP options" was the key for my configuration in the end.

I would like to additionally comment on this. I have tested this extensively on my system and can confirm that enabling "Allow IP options..." on your firewall rule seems to be critical in at least some set-ups. It certainly is in mine. There was some initial discussion that this might only be critical for android devices but I found it necessary for all the clients on my network both wired and wireless. Unlike DeviantOne, I have found it necessary only on the outgoing interface containing my Sonos devices. Remember, my setup may be different as I am not using VLANS but physical interfaces and all my Sonos devices are assigned to a dedicated interface. In testing this, I also found it critical to reboot my pfSense box before deciding whether any changes I made either were or were not successful. Simply restarting the pimd service doesn't always work. I have been fooled on multiple occasions in thinking that something was or was not working only to discover that rebooting changed everything. I have even resorted to concurrently rebooting all my test clients. It is a very laborious and time-consuming process but I strongly advise it.

stephenw10

I would expect to need that to pass multicast traffic.
https://docs.netgate.com/pfsense/en/latest/book/firewall/configuring-firewall-rules.html#ip-options

johnpoz

Who wants to send me a couple of these sonos speakers? I want to test them out ;) but I sure don't want to spend the crazy prices for them.

A pair of these things go for 400$ And you people have these speakers but cant buy an actual real switch for like 200? Or real AP, and complain about a 350$ 3100?? WTF????

The pro set 2 speaker set is a freaking 1k.. And people balk and buying an actual full managed switch for 200.. WTF???

chpalmer

LOL johnpoz..

With Cisco we can pass multicast

With Vyos we can pass multicast..

Id like to test TNSR eventually to see if we can pass multicast.

There are use cases that make it necessary. If we (my company) cannot use pfsense for what we do we are fine with that. But it would be nice to do now with pfsense what the Cisco routers are doing just fine.

johnpoz

That is my point your spending 1k on couple of speakers but you have some shit 40$ switch and want your free router distro you put on some china box to do multicast routing because is too much of a pain to connect to the same L2 your freaking speakers are on with your $1k phone ;)

Your dropping 1k$ on a couple of speakers, how about get a real freaking switch is all I am saying ;)

This package just dropped, and the amount of posts on users that don't get it are lots of posts.. I can see way more of these how do I get pimd to work with XYZ in our future.. Not looking forward to it to be sure - so someone send me some of these overpriced toys so I can help these people! ;) Because you know connecting to ssid X when you want to play some music is so freaking difficult ;)

chpalmer

@johnpoz

Well.. my boxes are $13k a piece.. but I get your point.

:)

chpalmer

Just use the multicast tool I linked to way up top of this thread.. or now on the PIMD post in packages..

johnpoz

13K each - wtf, that is a home setup?? Or your taking work? If you want to talk work budgets, lets play ;) heheheh

chpalmer

Simulcast radio stuff. Simulcast over IP. I never thought it would work. But works well.

Very much commercial.

Dispatch consoles as well.

johnpoz

Ah your the one doing radio stuff.. Yeah I can see a budget there - but most of these users are talking their sonos setups.. I understand your need and how this could be useful, etc. etc.. But we are going to get hundreds of billy bobs asking how to get their 1k speakers to work because its too much trouble to click on ssid X when they want to play some billie ilish..

What I don't get is how are these users dropping such cash on speakers.. and zero on their networks... Why don't you get your guy come over and set it up for you and show you what button to push on your remote ;) A sub 200$ switch has been able to route multicast for years and years.. So if your that guy that does this on your own, how are you not already doing it, etc.

edz

I still haven’t been able to get to the bottom of the Sendto permission denied errors I’m receiving on two of my VLANs.

My Sonos app connects intermittently after toggling off wifi so it isn’t a deal breaker for me but I’m stumped as to why PIMD isn’t working. I can see IGMP traffic passing on the firewall logs. I do have a EdgeSwitch connected to my pfSense, not sure if this may be blocking IGMP traffic?

stephenw10

Sendto permission errors are usually because something is blocking traffic outbound. If it's not Snort as I suggested before do you have any outbound rules? pfBlocker maybe?

jimp

@edz said in Sonos speakers and applications on different subnets (VLAN's):

Sendto permission denied errors I’m receiving on two of my VLANs.

Captive Portal would be my top suspect, followed by floating rules.

edz

@jimp said in Sonos speakers and applications on different subnets (VLAN's):

Captive Portal would be my top suspect, followed by floating rules.

Hmm, I don't have Captive Portal enabled on pfSense, I'll check floating rules but I am seeing IGMP traffic coming in on my Sonos VLAN. I am receiving this error on 2 VLANs, one with hard wired Sonos speakers and the other on my WLAN VLAN. I'll check if Unifi is blocking any multicast traffic on WLAN, but I'm sure I turned this off previously as it caught me out when I setup Avahi.

wanabe

@johnpoz Let me start off by saying what I have told you before, I have nothing but tremendous respect and admiration for all the time you spend responding to the numerous posts on this forum. After reading literally hundreds of your posts, I have come to rather enjoy your rather salty nature. Some might take offense, but I find it quite witty and entertaining. In that spirit, I wish to offer a good natured rebuttal to a few of your comments.

First, I am not sure who these people are who are unwilling to spend money on their networks. I can assure you that is not the same group who is buying these Sonos systems. I would venture to guess that this demographic is made up of a group of fairly intelligent professionals who have more than enough disposable income. Many are likely in professions like myself that are completely outside the world of computers and networking. Despite this, we are "computer nerds" at heart. We end up building are own computers because we enjoy the challenge and it's fun to do. We advance from consumer grade routers to pfSense boxes because of posts on reddit's homelab or conversations with our engineering friends. I didn't build a pfSense box because I wanted to multicast my $2000 Sonos system. It started from a desire to learn more than what I knew before. If the goal is to simply achieve an end, I am sure that I (and many others) could just hire someone to configure the whole thing. Given the amount of time I have invested in this "home project", I am sure that outsourcing it would be my wife's preference. But, that would completely miss the point. The amount I have learned from studying this one problem has been immense and is worth more than the cost of some switch. No doubt, for true networking professionals, problems such as this are simply irritable annoyances that are best solved in the most efficient and practical manner. To people like me, they afford an opportunity to study the inner workings of something that we don't but would like to understand.

As to understanding why people are willing to spend so much money on Sonos speakers, I think a little historical perspective is in order. Sonos actually didn't initially become successful by selling speakers. They entered the market at a time when music streaming devices were just coming on the market. Audiophiles and music lovers were ripping their vast music CD collections to their computers or NAS. Music streaming services like Spotify and Rhapsody had not yet really matured. There was a need for devices that allowed for D/A streaming of our audio files to our existing music systems. At that time, most streaming boxes were poorly designed and frustrating to use. Even geeks like myself ending up tossing out many of these devices after being embarrassed in front of friends and family when these systems failed at the worst possible moment. Sonos earned their following by developing a streaming system that was elegant and bullet proof at a time when no one else seemed either capable or willing to do so. I have had their components for over 10 years and have never experienced a single problem or failure. They are the Apple of music streaming devices and have earned a similar loyal following. People, like myself, are willing to pay a premium to own their products. Also like Apple, they intelligently created a music ecosystem which has taken a life of it's own. I actually don't own any of their speakers but prefer their bridges and amps which connect to variety of music components in my home. I can honestly say that I have never regretted the money I have spent. I can't think of many electronic devices that I have purchased that I am still using 10 years later.