Sonos speakers and applications on different subnets (VLAN's)
-
@JeGr Sorry this hasn't yet worked out for you. I'm not sure I can be of much assistance in helping you debug your setup. Until three months ago I had a consumer grade router and a layman's knowledge of networking. But, I am certainly willing to help in anyway I can .
A few details about my setup. I am using three physical interfaces and not VLANS. Don't know why this should make any difference but just letting you know. I took Qinn's advice and placed all my Sono's devices on a separate interface labeled SONOS. My wired computers are on the LAN interface and my wireless devices connect to an AP which is on the WIFI interface.
The only thought that comes to mind is have you enabled "Allow packets with IP options to pass" on the interface that contains your Sonos devices? I know that there has been conflicting experience with this, but I have discovered that it is necessary for my setup. The only firewall rule which I currently have is one that allows all traffic out of my SONOS interface and I have enabled the "Allow packets.." on this rule. This option does not appear to be necessary on my other two interfaces nor have have I had to create any additional rules
The only other thing I can suggest is to try the "bind to all" then selectively disable approach. I know it shouldn't make any difference but this is how pimd is configured by default on the manual installation. Worth a try if you haven't already.
-
The setup from wanabe is working fine. I have only activated 2 interfaces where I want to route the traffic and this also works in WLAN and LAN.
Be aware that you have to allow promiscous mode on a ESXI if you have a setup with VM's as far as I know.
@jimp Thank you! Very nice work.
-
I removed all of my settings and then reconfigured PIMD from scratch using the exact same settings as @wanabe. I also enabled "Allow IP options" on the firewall rules allowing access to my Sonos devices (on both my LAN and my VLAN) per a suggestion by @PacketMan in another thread - only then was I able to fully access my Sonos devices across a VLAN, i.e. configure a new Sonos controller on a machine installed behind a VLAN. With just the PIMD settings configured, I was not able to get the multicast traffic to traverse the VLAN/LAN - enabling "Allow IP options" was the key for my configuration in the end.
-
@Deviant0ne said in Sonos speakers and applications on different subnets (VLAN's):
- enabling "Allow IP options" was the key for my configuration in the end.
I would like to additionally comment on this. I have tested this extensively on my system and can confirm that enabling "Allow IP options..." on your firewall rule seems to be critical in at least some set-ups. It certainly is in mine. There was some initial discussion that this might only be critical for android devices but I found it necessary for all the clients on my network both wired and wireless. Unlike DeviantOne, I have found it necessary only on the outgoing interface containing my Sonos devices. Remember, my setup may be different as I am not using VLANS but physical interfaces and all my Sonos devices are assigned to a dedicated interface. In testing this, I also found it critical to reboot my pfSense box before deciding whether any changes I made either were or were not successful. Simply restarting the pimd service doesn't always work. I have been fooled on multiple occasions in thinking that something was or was not working only to discover that rebooting changed everything. I have even resorted to concurrently rebooting all my test clients. It is a very laborious and time-consuming process but I strongly advise it.
-
I would expect to need that to pass multicast traffic.
https://docs.netgate.com/pfsense/en/latest/book/firewall/configuring-firewall-rules.html#ip-options -
Who wants to send me a couple of these sonos speakers? I want to test them out ;) but I sure don't want to spend the crazy prices for them.
A pair of these things go for 400$ And you people have these speakers but cant buy an actual real switch for like 200? Or real AP, and complain about a 350$ 3100?? WTF????
The pro set 2 speaker set is a freaking 1k.. And people balk and buying an actual full managed switch for 200.. WTF???
-
LOL johnpoz..
With Cisco we can pass multicast
With Vyos we can pass multicast..
Id like to test TNSR eventually to see if we can pass multicast.
There are use cases that make it necessary. If we (my company) cannot use pfsense for what we do we are fine with that. But it would be nice to do now with pfsense what the Cisco routers are doing just fine.
-
That is my point your spending 1k on couple of speakers but you have some shit 40$ switch and want your free router distro you put on some china box to do multicast routing because is too much of a pain to connect to the same L2 your freaking speakers are on with your $1k phone ;)
Your dropping 1k$ on a couple of speakers, how about get a real freaking switch is all I am saying ;)
This package just dropped, and the amount of posts on users that don't get it are lots of posts.. I can see way more of these how do I get pimd to work with XYZ in our future.. Not looking forward to it to be sure - so someone send me some of these overpriced toys so I can help these people! ;) Because you know connecting to ssid X when you want to play some music is so freaking difficult ;)
-
-
Just use the multicast tool I linked to way up top of this thread.. or now on the PIMD post in packages..
-
13K each - wtf, that is a home setup?? Or your taking work? If you want to talk work budgets, lets play ;) heheheh
-
Simulcast radio stuff. Simulcast over IP. I never thought it would work. But works well.
Very much commercial.
Dispatch consoles as well.
-
Ah your the one doing radio stuff.. Yeah I can see a budget there - but most of these users are talking their sonos setups.. I understand your need and how this could be useful, etc. etc.. But we are going to get hundreds of billy bobs asking how to get their 1k speakers to work because its too much trouble to click on ssid X when they want to play some billie ilish..
What I don't get is how are these users dropping such cash on speakers.. and zero on their networks... Why don't you get your guy come over and set it up for you and show you what button to push on your remote ;) A sub 200$ switch has been able to route multicast for years and years.. So if your that guy that does this on your own, how are you not already doing it, etc.
-
I still haven’t been able to get to the bottom of the Sendto permission denied errors I’m receiving on two of my VLANs.
My Sonos app connects intermittently after toggling off wifi so it isn’t a deal breaker for me but I’m stumped as to why PIMD isn’t working. I can see IGMP traffic passing on the firewall logs. I do have a EdgeSwitch connected to my pfSense, not sure if this may be blocking IGMP traffic?
-
Sendto permission errors are usually because something is blocking traffic outbound. If it's not Snort as I suggested before do you have any outbound rules? pfBlocker maybe?
-
@edz said in Sonos speakers and applications on different subnets (VLAN's):
Sendto permission denied errors I’m receiving on two of my VLANs.
Captive Portal would be my top suspect, followed by floating rules.
-
@jimp said in Sonos speakers and applications on different subnets (VLAN's):
Captive Portal would be my top suspect, followed by floating rules.
Hmm, I don't have Captive Portal enabled on pfSense, I'll check floating rules but I am seeing IGMP traffic coming in on my Sonos VLAN. I am receiving this error on 2 VLANs, one with hard wired Sonos speakers and the other on my WLAN VLAN. I'll check if Unifi is blocking any multicast traffic on WLAN, but I'm sure I turned this off previously as it caught me out when I setup Avahi.
-
@johnpoz Let me start off by saying what I have told you before, I have nothing but tremendous respect and admiration for all the time you spend responding to the numerous posts on this forum. After reading literally hundreds of your posts, I have come to rather enjoy your rather salty nature. Some might take offense, but I find it quite witty and entertaining. In that spirit, I wish to offer a good natured rebuttal to a few of your comments.
First, I am not sure who these people are who are unwilling to spend money on their networks. I can assure you that is not the same group who is buying these Sonos systems. I would venture to guess that this demographic is made up of a group of fairly intelligent professionals who have more than enough disposable income. Many are likely in professions like myself that are completely outside the world of computers and networking. Despite this, we are "computer nerds" at heart. We end up building are own computers because we enjoy the challenge and it's fun to do. We advance from consumer grade routers to pfSense boxes because of posts on reddit's homelab or conversations with our engineering friends. I didn't build a pfSense box because I wanted to multicast my $2000 Sonos system. It started from a desire to learn more than what I knew before. If the goal is to simply achieve an end, I am sure that I (and many others) could just hire someone to configure the whole thing. Given the amount of time I have invested in this "home project", I am sure that outsourcing it would be my wife's preference. But, that would completely miss the point. The amount I have learned from studying this one problem has been immense and is worth more than the cost of some switch. No doubt, for true networking professionals, problems such as this are simply irritable annoyances that are best solved in the most efficient and practical manner. To people like me, they afford an opportunity to study the inner workings of something that we don't but would like to understand.
As to understanding why people are willing to spend so much money on Sonos speakers, I think a little historical perspective is in order. Sonos actually didn't initially become successful by selling speakers. They entered the market at a time when music streaming devices were just coming on the market. Audiophiles and music lovers were ripping their vast music CD collections to their computers or NAS. Music streaming services like Spotify and Rhapsody had not yet really matured. There was a need for devices that allowed for D/A streaming of our audio files to our existing music systems. At that time, most streaming boxes were poorly designed and frustrating to use. Even geeks like myself ending up tossing out many of these devices after being embarrassed in front of friends and family when these systems failed at the worst possible moment. Sonos earned their following by developing a streaming system that was elegant and bullet proof at a time when no one else seemed either capable or willing to do so. I have had their components for over 10 years and have never experienced a single problem or failure. They are the Apple of music streaming devices and have earned a similar loyal following. People, like myself, are willing to pay a premium to own their products. Also like Apple, they intelligently created a music ecosystem which has taken a life of it's own. I actually don't own any of their speakers but prefer their bridges and amps which connect to variety of music components in my home. I can honestly say that I have never regretted the money I have spent. I can't think of many electronic devices that I have purchased that I am still using 10 years later.
-
Dude you get it ;) Great post.. And I hear you!!
But why can you not just switch your 1k$ phone to wifi X to do whatever it is you want to do with your x$ speaker system?
Their system is meant to use their own network... Don't their systems set up their own wifi network to each other? And they are meant to be on their own L2.. Trying to bridge the L2 is not a good thing..
Having money is not a bad thing ;) And hey if you want nice things and you have the disposable income more power to you.. That is not my point.. I hope it didn't come off that way?? And I understand dabbling in area that is not your professional field (where you make your money)... But routing multicast is pretty high level networking shit, excuse my professional terms there ;) hehehe
I am just surprised to be honest the amount of interest in what I would think is a niche thing.. Most users that have the $ to get sonos normally have a guy ;) hehehe
My nephew has some sonos, and when I ask him if he wants to chat or needs any help in setting up anything.. And we have discussed stuff.. he has "a guy" that his company uses, that comes over to the house and shows him what button to press ;) hehehe
-
@johnpoz said in Sonos speakers and applications on different subnets (VLAN's):
Dude you get it ;) Great post.. And I hear you!!
But why can you not just switch your 1k$ phone to wifi X to do whatever it is you want to do with your x$ speaker system?
Sorry but I don't know what you mean by wifi X
Their system is meant to use their own network... Don't their systems set up their own wifi network to each other? And they are meant to be on their own L2.. Trying to bridge the L2 is not a good thing..
Yes, I don't know the details, but it is my understanding that Sonos uses a proprietary mesh like network that connects their devices together. That is partly the secret to their success. This network has proven to be remarkably reliable. I cannot recall ever having to "reboot" their system. But, this network is in the background and one that we don't have to directly interface with. In other respects, interfacing with the system is really quite easy.