DNLA over site-to-site VPN only half working

[wallacebmann 0]

There are so many ways for this to fail I'm surprised I got as far as I did.  I don't know if this is an emby problem, but I thought I'd start here for any pointers you might have.

See the picture for my setup.  I'm trying to serve music at one site to a WiiM Pro at another site via Firewalla site-to-site VPN.  Everything works fine at the home site.  At the remote site, I can get music from the DLNA server played by emby on the android tablet, so music over VPN is working.  Emby (and the WiiM app) can see the WiiM pro just fine.  The WiiM pro plays the test signal so I've got the output correctly set up.  At the remote site I can play music from the Android tablet through the WiiM Pro using the WiiM app as well. 

The "only" thing that doesn't work is trying to serve music from the DLNA server to the WiiM Pro.  I get silence and no errors.  I don't know much about DLNA, but there's something in how the WiiM Pro talks to the DLNA server that is failing over the site-to-site VPN.

I've looked at both Firewalla boxes and they don't report anything getting blocked.  I'm new to all of VPN, WiiM and emby, but have used single site Firewalla for years.  

Any thoughts or pointers would be welcome. 

And for what it's worth ... I think emby is awesome!  I've tried SONOS, roon, plex, kodi, amazon music.  None of them let me listen to my library of music at my phone, tablet and stereo system like emby does.  Thank you for remembering the people who do more than stream.

[Luke 37100]

Hi, what exactly do you mean by silence and no errors?

[wallacebmann 0]

I mean that no music plays and I don't see any errors reported by the emby app to explain why the music is not playing. It was a bit of a vacuous statement.  I'm not thinking of any particular error that I was expecting.

The behavior is that I can browse music on the DLNA server from the tablet running emby.  I can select an album.  I can select the remote WiiM Pro as the destination.  And when I push play, nothing happens.

[wallacebmann 0]

I did just discover the emby logs and I see a "/upnp/control/rendertransport1 timed out".  This gives me a place to start.  Maybe somewhere in my layers of networking some IP address isn't what it needs to be.

[Luke 37100]

Let us know what you find. Thanks.

[wallacebmann 0]

Still on the hunt for a fix, but I've learned some stuff. 

When I moved the WiiM from site 1 to site 2, the emby server retained the WiiM's site 1 IP address. The WiiM got a new IP address at site 2.  This explains why playing to the WiiM failed.  Emby server tried to contact the old WiiM IP address to request play and it failed.  

What's interesting is that my emby client on the android tablet was able to play locally stored music through from emby app directly to the WiiM at site 2, so the server's obsolete IP address did not interfere.  In addition, the emby app still showed the WiiM device as a destination selection even with the obsolete IP address.  This hints at the possibility of some background task to check for system consistency, but that's for another day.

When I rebooted the emby server at site 1, the WiiM device disappeared from the list of destinations on all emby apps.  So, I still can't play music through my WiiM at site 2, but at least I now have a consistent view of the world.

The problem to address now is why the emby server can't see the site 2 WiiM.  My newly installed IP scanner confirms that site 1 & site 2 devices are not showing up as if on a single network.  Something must be messed up with my site-to-site VPN, or else my understanding of how it is supposed to work is messed up.

[Luke 37100]

Thanks for the update. Please keep us posted on what else you find. Thanks.

[wallacebmann 0]

Our friends at Firewalla identified the issue:

Quote

site-to-site VPN is a layer 3 VPN. Meaning devices on both sides are on different networks and is connected. So, if your music player depends on LAN discovery protocols, it will not work; you will have to manually address the device using their name or IP address. (discovery relies on multicast and multicast traffic can't go across site to site VPN)

I could not find a way to manually tell the emby server about the name/IP of a DLNA device.  Is that possible?

If not ... I guess I will find myself in the music library mirroring business with a second server.  Or a feature request

[Luke 37100]

Hi, we currently don't have an option to do that, although it's not a bad idea.

[wallacebmann 0]

Ok.  Thank you for hanging in there with this.  It was hugely helpful to know I was not wandering alone through the forest.

TO SUMMARIZE (for anyone who comes along later):

• The WireGuard site-to-site VPN is a level 3 VPN.  It supports device-to-device connection through the tunnel assuming you know the network name or IP address.  This is called unicast communication.
• The emby server discovers DLNA devices on the network via multicast communication.  It broadcasts "Hey!  Any DLNA devices on this network?" and all the DLNA devices respond.  But this broadcast does not make it through the level 3 VPN tunnel.  This is viewed as one of the advantages of level 3 VPN when it comes to creating large networks of VPNs.  But for this reason any DLNA device in my site 2 will not show up on the emby server.
• If the emby server had the ability to manually specify a network name or IP address of the DLNA device in site 2, in theory that would work because the level 3 tunnel will allow direct communication.  Such a feature does not (yet) exist.
• There exists another (older) type of VPN called level 2 VPN which supports multicast communication.  OpenVPN has a bridge mode which supports this, but the setup is more manual than the level 3 VPN that my firewalla does for me.  I have also seen blogs where people describe setting up multicast communication through a level 2 VPN, but even the most clear example took advantage of an os daemon.  I'm using Firewalla specifically because it is easy to administer and keeps my network secure, so wasn't motivated to complicate my life by toying with the network as a rookie.
• The solution I am most likely going to use instead of this is to mirror the music library and put an emby server in both sites.  The mirroring could be done via NAS drive or file syncing. 

Edited November 14, 2023 by wallacebmann

[wallacebmann 0]

Oh ... one last solution idea feature.  It would also work if two emby servers could act as discovery services for each other.  That is, emby server at site 1 could tell emby server at site 2 the IP addresses of DLNA devices discovered at site 1, and visa versa.  Probably a little too niche.

[Luke 37100]

Thanks for following up. Please continue to keep us posted !