Think I found the issue here guys.... I changed my IP scheme on the IOT vlan to 192.168.x.x instead of 10.x.x.x and the plugs stay online and work perfectly (so far) regardless of DHCP lease time. So issue definitely seems to be IP address related and it is triggered by the DHCP renewal taking place...

Your lease time is 10 minutes, so the plug is going to try and renew the least at the 50% time left mark - 5 minutes. Unless you have a lot of unique devices coming and going on that vlan/subnet you can dramatically increase the lease time for DHCP addresses. Perhaps there is a code issue with the ...

I just ran a sniffer trace on the plug right next to me and I don't see the same results. You will need to look at the packet details/decodes in Wireshark to see what request/response was made to help determine what the issue is. If you want to upload/post your packet capture then myself and perhap...

I would configure the packet sniffer to forward traffic to wireshark on your desktop and capture any traffic from that IOT vlan. This should give you a good idea of what the plugs are doing. The below sniff was set to only look at traffic to and from the MAC address of the one plug. IP of plug is 1...

I have a CCR1009-7G-1C-1S+ with a fairly simple setup (DHCP, NAT, Firewall, a few VLANs). One of the VLANs is an IOT VLAN and I am trying to get TP Link Smart Plug Minis to work on my network. When I first boot up the plug, everything works fine, it joins to WiFi, local control and control of the pl...

I was able to get control working again using latest sonos software controller and firmware versions by opening up UDP ports 32000-65535 from sonos players to my controller PC. A tip on the Sonos forums led me to check out the firewall logs and find out that random UDP ports are used now each time c...

Not the greatest news - my solution - put a sticky on the SONOS that says, "Use SSID XXXX from smartphone". lol, yeah well I have been using this method to control Sonos from my main PC which is on a management VLAN. Guess Sonos wants to start enforcing the app actually being on same WiFi...

Anybody have this working still? It seems Sonos controller for Mac/PC updated and broke this from working. I always had to join the controller software while connected to the same VLAN as players, however then switching WiFi networks to different VLAN, the controller still saw and controlled the pla...

Hi ilovepancakes, thank you so much for this test! I thought I was going crazy! None undestood my issues, but now, I have the certainty that only "operation-mode" will work with the FW-rules above! BTW: I also noticed, that you are not able to make Sonos Updates from a controller in a dif...

Hi, we talk at cross purposes :-) My players are all connected to the LAN by Ethernet. The players are in vlan30, the controller in vlan10 FW between vlan10 and vlan30 is setup as above! Everything works, once controller is registered. BUT: If you start a fresh installed controller software on a cl...

Hi, only one last question! If you reset the controller on your MAC (disconnect from SONOS-Net), and if you then try to register the controller again to your existing SONOS-System. Does this work with the setup above, if your MAC is in a different Subnet than the Players? If you can test this,, it ...

Hi all, thank you for your reply, but it doesn´t change anything if I remove the RP. What I noticed is, that the SONOS players use different UDP-Ports for communication if they try to connect to a controller. I saw a lot of upd -FW-drops in a range between 30000-60000. If I open this range, connect...

Hi, it´s me again. I see that two FW-rules are not working because package counter is 0. But I do not know why! add chain=forward comment="Forward Sonos multicast traffic" dst-address=239.255.255.250 place-before=$plcBefore add chain=forward comment="Forward Sonos UPnP device discove...

Hi, I have Sonos players in VLAN99, PIM is active and FW rules are also implemented. It works, but not very well. A new controller can only be added to the system, if i put it temporarily in VLN99 . Same with SW-Updates. I cannot start SW-Updates from the "Controller-VLAN10, only if the contro...

So - I needed to do this and was able to get it to work. I made a little script. You can edit the first 4 lines and copy/paste the whole thing and the rest is taken care of. First: You need to download the additional packages for your version, then install the "multicast..." package and r...

I recently implemented the same for Sonos by using igmp-proxy not PIM. Just need to add the interfaces into igmp-proxy and set which one is upstream, then apply the firewall rules for allowing UPnP traffic. That's it. According to Mikrotik Wiki igmp proxy is slightly lightweight than PIM, that's wh...

1) Fasttrack doesn't work for everything. I don't use it, so I'm not very good with it, but I read somewhere that even fasttracked connections need to let some packets take the normal path. 2) Yes. And if source address is 192.168.0.0/24, so no spoofing from LAN will be possible. There's no referen...

- fasttrack established,related - accept established,related,untracked - drop invalid - accept from LAN interface and 192.168.0.0/24 to WAN interface and not to NotPublic - jump to vlan80>LAN (where you allow what should pass) - jump to vlan70>LAN (same as previous) - accept dstnatted if not from N...

Safer (and sometimes easier) way is to construct a list of explicitly allowed connections and drop the rest at the end. Your current one is the opposite: drop watever you thought it should be dropped and (implicitly) allow the rest. Any way you do it, there's an essential rule missing in your curre...

New to RouterOS and below is my forward chain. I am wondering if there is anyway to accomplish the below but simplify the rules into a lower amount. Mostly I am referring to the drop rules in the forward chain. Kind of like how the input chain just has a drop all at the end, is there a better practi...

I'm in the same boat and get the same error, did you manage to find a fix for this?

Cheers,
Tugsynz

No, unfortunately. I still don't believe there is a way to add or customize a user agent for requests, although I have not tried to do it again on the latest versions of Router OS.

Yup, masquarade for bridge to local subnet in src-chain did the trick. Thank you all.

Do you mind sharing your final full config for NAT rules? I am trying to get this working and am having similar issues as you originally described.

Using the following code to try and update my Google DDNS record with current IP, everything seems to work correctly with communicating with Google but Google returns a "badagent" error since the request needs to send a valid user agent to be accepted by Google. How can I set and/or custom...

Would like a way to be able to send user agent header with the fetch tool. For example, Google DDNS with Google Domains and other DDNS providers can accept IP updates through HTTPS get requests, but they need a valid user agent sent with the request. Right now, a script to do this returns a "ba...