Question

Two Sonos Systems on site-to-site VPN

  • 24 May 2020
  • 4 replies
  • 127 views

Greetings. 

I have two homes connected with a site-to-site VPN. Each home has its own Sonos System.

Ideally when at Home A, my app controller should only “see” the Sonos gear from Home A. (And same goes for home B). This is to prevent accidentally playing music in the other home.

Most of the time things work the way I want them to.

But when I travel from one home to the other, it takes a while for the controller to “see” it is at the new location.  E.G. when at Home A, the controllers “see” the Sonos devices from Home B. (and vice versa - while at Home B, the controllers see Home A’s Sonos devices)

Some additional information about the environment:

The homes are on two different subnets - Home A uses 192.168.0.XXX and Home B uses 192.168.1.XXX. 

In my firewall / vpn configuration, I have blocked each Sonos device’s site-to-site IP addresses.

Restarting the controller (phones) does not fix the issue.

The behavior occurs in both Android and iOS devices.

Is there a list of ports I should lock down site-to-site to prevent my controller from communicating with the wrong Sonos system?

Thanks for your help.

 

 

 

 

 


4 replies

Userlevel 3
Badge +4

I would imagine your running an unusual setup so finding exact answers may prove difficult. There may be some networking protocols we’re not aware of impacting the visibility of each Sonos systems.  

I’d have started by Blocking the IPs which you have done. 

I know that they are on separate subnets but can each subnet see the other (subnet mask maybe is set to 255.255.0.0?). 
 

You could dry bringing down the site to site VPN for a moment to see if that speeds up Sonos acquiring the local devices. It may be that although you’ve blocked the IPs it ‘sees’ the other network and is slow to switch. 
 
There may be some ports. I just googled it. 
 

https://support.sonos.com/s/article/688?language=en_US

 

Could try blocking some of those pertaining to the app controls? 

I’m curious if you are able to get this resolved! 

 

Thank you britishwonderings.

I disabled site-to-site and immediately my controller corrected itself.  So I’m on the right track.

I configured the VPN to block ports per your link (again; thank you - a while back I found a list of ports that I’d blocked but your link is more comprehensive.)

It will be a while before I can call this one “solved”, as Home B only gets visited once in a while and also the issue is sporadic, but I will try to update this post in 4 to 6 months with an update.

Cheers!

Another update in case someday someone else if facing the same issue.

I closed down all the ports, but a couple of iOS devices still would “see” the wrong Sonos system.

I think I solved it via a workaround by assigning the devices to static IP addresses, then blocking all site-to-site traffic for those IP’s.  Seems to be doing the trick.  Someday it’ll bite me in the ass when I can’t figure out why those devices can’t talk across the VPN for something non-Sonos.  :)

Note to anyone else going with the workaround route: be sure to assign and block IPs from both networks.

Userlevel 4
Badge +14

You should only need to block broadcast traffic, multicast traffic and port 1400 and 1433 for a generic block regardless of ip.

 

You will however block other upnp traffic if you block the multicast, so if you actually use that, restricting your sonos players to dedicated ip-range is probably easier. 

Reply