Hey there,
I'm using OpenWRT for quite a while now. It's an awesome OS with lots of features.
The following network setup is present:
OpenWrt 21.02.0-rc2 r16122-c2139eef27 / LuCI openwrt-21.02 branch git-21.151.34805-8e14a08
- VLAN 1 : LAN (Only Wired Devices, Including Several Sonos speakers)
- VLAN 2 : WAN
- VLAN 10: WIFI (All Wifi Clients, including phones)
- VLAN 20: IOT (All Wireless IOT devices)
Sonos Configuration according to this post: Accessing Sonos from another LAN/VLAN and Sonos fully operational across VLANs (Updated Solution) - #2 by Blowfly
/etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fdab:bb1b:df74::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.10.0.1'
option device 'br-lan'
config interface 'wan'
option proto 'dhcp'
option device 'eth0.2'
option peerdns '0'
list dns '1.1.1.1'
list dns '8.8.8.8'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
option vid '1'
option description 'LAN'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6t 1'
option vid '2'
option description 'WAN'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t'
option vid '10'
option description 'WIFI'
config interface 'wifi'
option proto 'static'
option netmask '255.255.255.0'
option delegate '0'
option ipaddr '10.10.10.1'
option device 'br-wifi'
config interface 'iot'
option delegate '0'
option proto 'static'
option netmask '255.255.255.0'
option device 'br-iot'
option ipaddr '10.10.20.1'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t'
option vid '20'
option description 'IOT'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config device
option name 'br-wifi'
option type 'bridge'
list ports 'eth1.10'
config device
option name 'br-iot'
option type 'bridge'
list ports 'eth1.20'
To be able to use SONOS from a different VLAN (Phones in VLAN 10, Sonos in VLAN 1) i had to create several firewall rules, and installed mcproxy for MDNS.
/etc/config/mcproxy
config mcproxy 'mcproxy_file'
option disabled '1'
option respawn '1'
option file '/etc/mcproxy.conf'
config mcproxy 'mcproxy'
option disabled '0'
option respawn '1'
option protocol 'IGMPv3'
config instance
option disabled '0'
option name 'Sonos to Wifi'
list upstream 'br-lan'
list downstream 'br-wifi'
config instance
option disabled '0'
option name 'Wifi to Sonos'
list upstream 'br-wifi'
list downstream 'br-lan'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option network 'wifi'
option input 'ACCEPT'
option name 'wifi'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan'
config zone
option network 'iot'
option name 'iot'
option output 'ACCEPT'
option input 'REJECT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config forwarding
option dest 'wan'
option src 'wifi'
config forwarding
option dest 'iot'
option src 'lan'
config rule
option src 'iot'
option target 'ACCEPT'
option family 'ipv4'
option dest_port '53 67 68'
list proto 'tcp'
list proto 'udp'
option name 'IoT DHCP, DNS'
config forwarding
option dest 'lan'
option src 'wifi'
config forwarding
option dest 'iot'
option src 'wifi'
config rule
option name 'Forward Sonos Traffic from wifi'
option family 'ipv4'
option src 'wifi'
option dest 'lan'
list dest_ip '10.10.0.4'
list dest_ip '10.10.0.150'
list dest_ip '10.10.0.151'
list dest_ip '10.10.0.152'
list dest_ip '10.10.0.153'
list dest_ip '10.10.0.154'
option target 'ACCEPT'
config rule
option name 'Sonos reply to wifi TCP'
option family 'ipv4'
list proto 'tcp'
option src 'lan'
list src_ip '10.10.0.4'
list src_ip '10.10.0.150'
list src_ip '10.10.0.151'
list src_ip '10.10.0.152'
list src_ip '10.10.0.153'
list src_ip '10.10.0.154'
option dest 'wifi'
option target 'ACCEPT'
option dest_port '445 554 1400 1443 3400 3401 3405 3445 3500 3501 3689 4070 4444 5297 5298'
config rule
option name 'Sonos reply to wifi UDP'
option family 'ipv4'
list proto 'udp'
option src 'lan'
list src_ip '10.10.0.4'
list src_ip '10.10.0.150'
list src_ip '10.10.0.151'
list src_ip '10.10.0.152'
list src_ip '10.10.0.153'
list src_ip '10.10.0.154'
option dest 'wifi'
option dest_port '136-139 554 1900-1905 5353 6969 30000-65535'
option target 'ACCEPT'
config rule
option name 'allow mDNS in LAN'
option family 'ipv4'
list proto 'udp'
option src 'lan'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'allow mDNS in wifi'
option family 'ipv4'
list proto 'udp'
option src 'wifi'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
config forwarding
option src 'iot'
option dest 'wan'
config rule
option name 'allow mDNS in IoT'
option src 'iot'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
option family 'ipv4'
list proto 'udp'
config rule
list proto 'tcp'
option src 'iot'
option dest 'lan'
option target 'ACCEPT'
option family 'ipv4'
option name 'MQTT IoT to HomeAssistant'
list dest_ip '10.10.0.2'
option dest_port '1883 1884 8883 8884'
config rule
list proto 'tcp'
option src 'lan'
option dest 'iot'
option target 'ACCEPT'
option name 'HomeAssistant MQTT to IoT'
list src_ip '10.10.0.2'
option src_port '1883 1884 8883 8884'
option dest_port '1883 1884 8883 8884'
I still expierience a lot of dropouts from Sonos speakers, delays in finding them with spotify and the app. After checking the logs, i can see this:
[5142958.641272] net_ratelimit: 18 callbacks suppressed
[5142958.641283] br-lan: received packet on eth1.1 with own address as source address (addr:18:d6:c7:53:b3:0f, vlan:0)
[5142958.657225] br-lan: received packet on eth1.1 with own address as source address (addr:18:d6:c7:53:b3:0f, vlan:0)
[5142958.695496] br-lan: received packet on eth1.1 with own address as source address (addr:18:d6:c7:53:b3:0f, vlan:0)
Based on the Forum search, this can be related to the MDNS/Multicast from the Sonos speakers?
--> Kernel Warning - Received packet with own address as source address
--> Received packet on lan1 with own address as source address
--> Igmpproxy creates many "own address as source address" entries in kernel log
The Boost (10.10.0.4) is Wired, assigned a static ip (as all of my network devices), creating a sonosNet Mesh network.