This is a continuation of the previous post where we tackled using the Kasa app with the controller (app) and devices in different VLANs. Here, we tackle Sonos, specifically Sonos S1 where the controller (app) and speakers are on different VLANs and the default firewall rule prevents communication from untrusted VLAN (where the Sonos speakers are) to the trusted VLAN (where the controller normally lives).
- You need a UDP broadcast relay to handle SSDP discovery. Here’s the systemd unit that sets this up:
[Unit]
Description=Sonos UDP Relay Port 1900
Wants=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/lib/systemd/systemd-networkd-wait-online --interface=eth0 --interface=mgmt --operational-state=routable
ExecStart=/usr/local/sbin/udpbroadcastrelay --id 3 --port 1900 --dev mgmt --dev eth0 --multicast 239.255.255.250
Restart=always
RestartSec=5s
User=root
[Install]
WantedBy=multi-user.target- You need the following firewall rules (assuming you have configured the Sonos speakers with static IP and these static addresses are represented by the group Sonos):
- TCP Allow traffic from Sonos IPs, Any Port to Trusted VLAN, Any destination, Ports 3400, 3401, 3500
- UDP Allow traffic from Sonos IPs, Any Port to Trusted VLAN, Any destination, Ports 1900, 1901, 32768-65535
After setting those up and getting the UDP broadcast service running, my sonos app on phone or tablet is able to access and control my Sonos devices again.