Posted: Thu Dec 29, 2016 15:26 Post subject: Need help with Chromecast in multi-subnet wireless network
I need a bit of guidance getting a Chromecast to work properly on my home network. Setup: I'm running on an ASUS RT-N66U, build 26138M. I have two wireless APs defined - let's call them "Private" (bridged to the wired network on br0), and "TheKids" (virtual AP wl0.1). Private is 192.168.56.0/255.255.255.0, TheKids is 192.168.57.0/255.255.255.0. Although the intent is to lock down TheKids tighter (and probably add a third guest network at some point), right now it just forces use of OpenDNS on the kids to help them stay out of trouble - so while that virtual AP isn't bridged to the private network, it isn't net- or AP-isolated either. Multicast forwarding is enabled, and devices can talk freely across the two subnets.
I have two Chromecasts, which are on the "TheKids" network so they can use them (which works fine). The trouble is, the phones & computers on "Private" can't see them (we wind up having to connect as guests with the PIN). These are v2 Chromecasts which should use mDNS, so I've tried the following unsuccessfully:
2) I installed avahi-daemon (entware-ng version), and I've currently got avahi running with the reflector enabled (supposedly on all interfaces except eth0, which is the WAN port), but still can't see the Chromecasts.
With this in place, I can see the mDNS service for _GOOGLECAST on all the networks, but I'm still not able to actually cast to it. Many (but not all) apps see it, but won't connect (they just hang). Youtube still doesn't see it, but according to https://developers.google.com/cast/docs/discovery both Youtube and Netflix use a different discover mechanism (guessing they still use the DIAL protocol). There are some signs and portents at https://community.ubnt.com/t5/EdgeMAX/Chromecast-across-subnets/td-p/1160776 that may get me the rest of the way, will dig more when I have time.
Posted: Fri Dec 30, 2016 19:00 Post subject: Solved!
Solved it! Turns out in addition to the mDNS fix above, I needed to increase the TTL on SSDP packets by one so that they can be successfully sent to the second subnet. Tested with Chrome, Google Photos, Google Music, YouTube, and Netflix and they all work properly.
So, to recap in case this helps someone else, here are the steps I followed to get a Chromecast working across different subnets:
1) Installed entware-ng so that I could install a working avahi-daemon, and set avahi-daemon to start at bootup (since version/installation details may vary for your router, leaving them out, search forums & wiki as needed!)
2) Configured avahi-daemon.conf to disable dbus (which didn't seem to be working), disable use on the WLAN interface, disable wide area support (see link above for why, it's not intuitive), enable the reflector. Full config is:
Posted: Sun Jan 08, 2017 2:43 Post subject: AP+Net Isolation with Chromecast
One more update - as I mentioned in my first post, I eventually wanted to lock down the network my kids' devices are on. I've done that, which requires a little more tweaking to keep the Chromecast working.
My setup wound up with four virtual access points, each with its own subnet. I won't bore with the details (unless someone wants them of course) - basically there's "Private" (my stuff, servers, etc.) on wl0 (which is bridged with the wired network); "Kids" on wl0.1; "Media" on wl0.2 (has the Chromecasts); "Guest" on wl0.3. "Kids" and "Guest" have AP and Net Isolation on.
To allow those networks to communicate with the Chromecast, they have to be able to send MDNS queries (UDP 5353) to the router itself (since that's where the Avahi reflector lives), and they need to be able to send SSDP packets (UDP 1900) that will reach the other subnets. For "Kids" to do that, I added these to my firewall script:
Posted: Sun Jan 08, 2017 5:34 Post subject: Re: AP+Net Isolation with Chromecast
TheScotsman wrote:
One more update - as I mentioned in my first post, I eventually wanted to lock down the network my kids' devices are on. I've done that, which requires a little more tweaking to keep the Chromecast working.
My setup wound up with four virtual access points, each with its own subnet. I won't bore with the details (unless someone wants them of course) - basically there's "Private" (my stuff, servers, etc.) on wl0 (which is bridged with the wired network); "Kids" on wl0.1; "Media" on wl0.2 (has the Chromecasts); "Guest" on wl0.3. "Kids" and "Guest" have AP and Net Isolation on.
To allow those networks to communicate with the Chromecast, they have to be able to send MDNS queries (UDP 5353) to the router itself (since that's where the Avahi reflector lives), and they need to be able to send SSDP packets (UDP 1900) that will reach the other subnets. For "Kids" to do that, I added these to my firewall script:
Hi there. Thank you very much for sharing your solution. This has sparked my interest and I wonder if I can get something similar working across my configuration. Certainly something that I will experiment with. Thanks again and all the best.
Seriously - thanks for this thread. You've helped me make some real progress in this area. I really like your setup, btw, and I may evolve to that next after I repair some of the wife damage from the time I've spent trying to work this out already (mostly trial and ERROR until your thread). Anyway, I do have a question or two for you. I'm running Tomato but hopefully that doesn't matter and any info will help others here, too.
My setup is basically a AC68U primary gateway router (router b) and a AC68U (router B) in routing mode (i.e. no NAT or firewall supposedly) and they're connected via a wired LAN connection. The primary router does the DHCP and gateway stuff, and the second is just basically a range extender in this setup. I have a couple of virtual access points (iot and iot5) on 172.16.x.x VLAN3 away from my "normal" secure network on 192.168.x.x VLAN1. Both VLANs can access the internet, and 1 can access 3 but not the other way.
As my cross-subnet Chromecast discovery/casting is still pretty unstable, I'm concerned I've
I've got avahi setup per your instructions on the primary, but I didn't do it to the extender, thinking it would just forward to the primary where avahi would reflect it. Finally, my question:
Do you think I need to run this on the extender, too, even though the routing is on the primary? Maybe just add the TTL increment script to the extender, too? Both?
Awesome! So very glad I stumbled upon this thread. I've been trying to get something very similar (but with a couple of twists) set up; some discussion here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1089670
My main networks are on ath0 and ath1 (192.168.1.0/255.255.255.0) and I have two VAPs: "streaming" (ath1.1) and "guest" (ath1.2) both on their own subnets.
"guest" is a true guest network: just internet access. AP and Net isolation are enabled. Multicast forwarding is disabled. It's on 192.168.4.0/255.255.255.0.
My main networks route through a VPN using Policy Based Routing.
"streaming" (192.168.3.0/255.255.255.0) is not routed through the VPN (e.g., since Netflix blocks access from VPNs), but needed to see the Chromecasts on my main network.
The only difference between my setup and the one described by TheScotsman is that my "streaming" network needs to have Net isolation disabled. Even with the following firewall rules added, devices on "streaming" just couldn't see the Chromecasts at all. I guess this might have something to do with PBR:
Anyway, very pleased to have for this working. Kudos to TheScotsman. If anybody has any ideas how I might get this working with Net Isolation turned on for the "streaming" network, then I'd be pleased to hear your suggestions.
