Avahi with Google Chromecast on Pfsense

Hi Guys,
I’ve got a pfsense firewall at my house as well as a ubiquiti switch and access point. I’ve got 4 VLANS set up. I have an IoT VLAN and that is what my google chromecast is on. I am trying to stream to the chromecast from my phone, which is on my LAN. I thought that Avahi would allow for this to happen. My buddy has the same setup and we were able to get the same exact chromecast up and running across VLANs at his house, but no luck at mine. I’m attaching a screenshot of my LAN firewall rules, but as a new user can only post one image. My avahi settings have my LAN and IOT network selected and repeat mdns packets across subnets is selected. Disable IPv6 is also selected.

I am running version 2.0.0_2 of Avahi and 2.4.4-RELEASE-p3 of pfsense.

Anybody have any suggestions?

image1400×652 58.4 KB

Unless you have a solid reason, your WAN_DCHP Gateway should be * instead. It’s probably a routing issue that’s being forced to the WAN instead of where it should go.

You could also combine your three vLan rules into the one Regular rule, but, it’s your boat, float it however.

Also remember, with those rules, you Disallowing the LAN to talk to Guests & Maca.

Turn on IGMP Snooping in the UniFi controller, but I will admit the mDNS & avahi area a bit buggy with the Chromecast. I just keep them on the same network as the devices that I cast to them to save the hassle.

Old topic, but I’m in the same boat. I have pretty much the same setup as the OP, a pfSense router with Frontier ONT plugged directly into it obtaining an IP, a Ubiquity 24 port POE switch with all ports configured with VLANs: LAN/Default-10, Cameras-20, IoTDevices-30, Filtered-40 (kids, DNS filtering and other future blocking plans), Unfiltered-50 (Adults, friends, etc.), and OpenVPN-60. I’m factory resetting all my devices to put them on the IoTDevices SSID, or plugged into ports on switch with VLAN 30 (just a amazon Firestick and Chromecast on my living room TV with ethernet adapters).

I’ve read the ENTIRE internet (feels like it) and can’t get this thing working reliably. I followed your videos setting it up Tom (Thanks by the way) but it’s still acting flaky. Sometimes when responding to a query I initially get “there was a glitch”, or I’ll look at a Hub Max, and it’ll say disconnected from internet, then it’ll connect up quickly. Sometimes I can see all my casting devices no matter what subnet I’m on from Google Chrome window choosing the “Cast” setting under the three dots, sometimes I can’t. I can never see, cast, or select settings with them in the Google Home app unless I’m on the same SSID they are on. Seeing how some of my house will be on Filtered, and some on Unfiltered, I really would like to get this to work. I’ve tried just a allow all rule on all networks, but even that doesn’t seem to work reliably.

All the posts I’ve read are at least a year old, even more, so it looks like it works reliably for most, but I just can’t get it. I must be missing something. I’ve had several friends VPN in to try to tweak things, but no go so far. I know some posts I’ve read state you need to open some UDP ports and such with Avahi, I’ve tried those, but the wide open rule with Avahi disabled should work I would think.

Any help or ideas would be very helpful. I’ll post screenshots or logs of whatever you need. TIA for any help

I had the same problem with Avahi when I tried to have it repeat the mDNS from one VLAN to another VLAN. It would worked without issues from VLAN to untagged, but that is it. According to Tom above the Avahi is still a bit buggy. My work around was to use my switch to do the mDNS repeating, but I don’t have an Ubiquiti switch so I don’t know if that option is available for you. You could set up a VM that runs avahi with both networks attached to do the mDNS repeating.

I’m stuck with my new pfsense getting casting to work across vlans. I’ve got all my IOT stuff on VLAN 21 (10.1.21.0/24) and phones and PCs on VLAN 1 (10.1.1.0/24). Avahi is installed and running. Mdns reflection is enabled and running on all LAN interfaces. If I put my phone in the IOT VLAN, everything works. I can discover and stream to smart TVs, chromecast, rokus, firestick. If I discover while on IOT VLAN, do not connect to anything, switch phone to trusted LAN, I can still see, connect, and stream to same IOT devices. After a while, I can’t see anything (cache is flushed, I guess). So I think discovery is broken.

Router is named pfsense.local. I’ve tried completely opening the firewall rules between the LANs. No help.

What else can I check?

I forgot to mention that the LAN consists of Ubiquiti unifi switches and APs. IGMP snooping is enabled.

@Jc95 i have exactly the same setup like you. ubiquiti switches and AP’s + Virtualized Pfsense with avahi listening on all local vlans and exactly the same result BUT i can only discover my chromecast on same VLAN with my pixel phone, windows notebook via same AP show nothing and no chance to see the chromecast from a different vlan. i tried all unifi options and i am currently on the latest beta firmware on the SW+AP’s. What i noticed is that on the pfsense the mdns cast is only replied when i search for the chromecast from the non chromecast ssid/vlan with my phone. i dont see any other packages logged in the firewall to port 5353. But the strange is that in this case my phone still does not find anything. When i search for the chromecast in the same vlan i dont see anything logged on the firewall. This is really strange and i guess there is something in the ubiquiti firmware that just blocks the mdns packages in most constellations. They added a ton of multicast and unicast options and optimizations but somehow with all disabled it still blocks the packages. I will have to analyse some dumps on the ap+switch+pfsense but i dont think i will get anywhere as it looks to me like a firmware issue. I have a similar setup with cambium AP’s and Procurve SW with routing enabled and it works flawless there.

I realized that I have many more connection possibilities than I had appreciated, so I itemized the various targets and sources. I have a total of 10 targets (Chromecast, Rokus, Smart TVs, Amazon Fire Stick) and 6 sources (Samsung SmartView/Miracast, YouTube, Netflix, Amazon Prime, Audio/Video apps (HBOMax, Showtime, CNN, Peacock, Podcast Addict), Roku Control, and casting from PC Chrome).

With my phone on the trusted VLAN (5GHz wireless) and the IoT targets on the IOT VLAN (some wired, some wireless on 2.4GHz):

Chromecast is accessible from all apps.
SmartView sees some targets from some locations, but not everywhere.
Youtube sees Chromecast and some Rokus.
Netflix sees CCast and one TV and one Roku.
Amazon Prime sees CCast & Fire stick.
Audio & Video apps see CCast only.
Roku Control sees Rokus, but only if I manually connect to their IPs.

So Chromecast appears to be a success, but everything else is pretty inconsistent.

If I move my phones to the IOT VLAN (2.4GHz) (where everything should be discoverable with mDNS), the results are much more consistent.

Chromecast is visible with every casting client.
Youtube see every target (CCast, Rokus, smartTVs, fire stick)
Netflix sees every target (CCast, Rokus, smartTVs, fire stick)
Amazon Prime sees only CCast & Firestick
Other casting apps (HBO, Showtime, Peacock, Podcast) see only CCast
CNN sees CCast , Rokus, Firestick
Roku Control sees all Rokus.

For all of these tests, I tested from each room and the location doesn’t matter. There are 4 Unifi APs serving the area with single SSID for the IOT VLAN and another for trusted VLAN.

I have IGMP v3 enabled on the APs and “Block LAN to WLAN multicast & broadcast” disabled.

My Chromecasts (gen 1s and Ultras) had been rock solid with Avahi (pfsense, unifi controller in VM, unifi AP wifi6 Lite).

Just recently, actually about mid-day Sunday, my OP6 couldn’t see the Chromecast. I had been youtube casting that morning, went out on some errands, came back, nada.

Reboot the pfsense and things got sorted. While in there I followed @LTS_Tom 's method of using a local networks alias to save me multiple lies of firewall rules, upgraded pfblockerng devel etc.

Just today another cell phone in the house couldn’t see the casts. Moved that phone to the IoT wifi and its fine. Just weird Avahi was fine with my setup, but now seems buggy…

This is an older thread but still an issue if you ask me. I do high end AV work for residential and small businesses. I myself have a Netgate 6100 feeding a USW-PRO-24-POE via a sfp+ dac. I have multiple vlans also with TVs , Roku’s, Dish Hopper Joey’s, Apple TVs, Denon HEOS, Sonos, NUVO Wireless, various lighting controllers and control systems.

So far I have been able to get Avahi and Pimd working on pfsense across multiple vlans for the most part. The issue I am having related to this is casting to the TVs Roku’s. Airplay works without a problem. From researching this problem and doing packet analysis the problem is with the DIAL (Discovery and Launch) protocol. I have read documents about this and the best understanding i have is as follows.
Servers are TVs… clients are computers or phones controlling or sending video
Clients discover the servers with a packet broadcast to 239.255.255.250 port 1900 from a app port
Servers respond to the string ST dial multiscreen via tcp and http to client ip address and port from broadcast packet to establish connection.
Once connection is established between client and server you can have the vlan changed and connection maintained.
The problem I am trying to resolve is the broadcast packet has a TTL of 1 and is not being reflected or rebroadcast by Avahi. I’m not seeing any multicast groups being setup like sonos unless I haven’t captured the packets. Lots of packets to dig through.
Any thoughts on the UDPrelay packege or a way to fix this? Ive seen it commented about, but its not a package from pfsense

My answer is to put all these devices on the same VLAN. Phone are IOT devices.