Sonos speaker on a separate network with igmpproxy

Hello,

Recently I purchased a Sonos speaker, added it to a dedicated Wi-Fi network and tried to make the official Android app work when my phone is connected to another network. This article was used as a starting point:
https://felix-kling.de/blog/2019/sonos-dedicated-vlan.html

Despite all my attempts the app couldn’t find the speaker, so I started digging around and found this bug:

It seems that there was a bug in the Linux kernel that broke igmpproxy. It was fixed in version 4.15, but Turris OS 4.0.5 uses version 4.14.162.

I would like to know if our version of the kernel is affected by this issue, because the symptoms look similar. If it’s not, I’ll post more details about my network and firewall configuration and hope someone will help me to figure this out :slight_smile: I would really like to keep all those “smart” devices isolated from my home network as much as possible.

Thanks.

Managed to make it work, although I’m not exactly sure how :slight_smile:

The kernel bug I mentioned was fixed in 4.4.114, so we should already have this fix in Turris OS.

I also found out that igmpproxy ignored SSDP discovery packets sent to 239.255.255.250, and decided to try another proxy instead. The only one I found was mcproxy, and here is the config that I used (/etc/config/mcproxy):

# Use your own MCProxy config file                                                                                                                                                                          
config mcproxy 'mcproxy_file'                                                                                                                                                                               
        option disabled '1'                                                                                                                                                                                 
        option respawn '1'                                                                                                                                                                                  
        option file '/etc/mcproxy.conf'                                                                                                                                                                     
                                                                                                                                                                                                            
# Use OpenWrt UCI config
config mcproxy 'mcproxy'
        option disabled '0'
        option respawn '1'
        option protocol 'IGMPv3'

###########################################

# Simple configuration examples

# I thought this block would be enough, but it didn't work...
config instance
        option disabled '0'
        option name 'proxy1'
        list upstream 'br-private'
        list downstream 'wlan1-1'

# ... so I added this one just in case :)
config instance
        option disabled '0'
        option name 'proxy2'
        list downstream 'br-private'
        list upstream 'wlan1-1'

br-private is my “trusted” network, which doesn’t have any restrictions for outgoing connections, and wlan1-1 is the isolated Wi-Fi network for IoT devices (including Sonos).

Then with the help of tcpdump I found out that Sonos tried to connect to ports 1400, 3500 and 59651 on my phone. After adding a couple of traffic rules the app was able to connect to the speaker.

As far as I understand Sonos remembers the IP address after successful connection, because it continued to work even after I stopped mcproxy.

I also disabled the rule for port 59651, because I’m not sure what it’s used for and everything seems to work without it.

Hope this helps someone.