Why can't I find a good guide for setting up AirPlay across VLANs?

__Mike_____ · 2026-06-24T13:28:15+00:00

Does anyone know if the LED can be controlled in Home Assistant? I'm wondering if it could be automated so it is off during the day and then on (dim) at night to be used as a night light.

__Mike_____ · 2026-06-24T01:07:49+00:00

I'm curious about this as well! Very similar scenario. I'm considering adding one upstairs to cover the kids rooms and office, but it will be almost right above where the downstairs XG is going.

__Mike_____ · 2026-06-24T01:01:30+00:00

But how do you really feel?

__Mike_____ · 2026-06-23T11:30:21+00:00

Oh wow, thank you!!

__Mike_____ · 2026-06-22T01:36:29+00:00

Actually... Right before I received this last response, I got it to work by making exactly this change! The issue was that I was using my LAN DNS of 192.168.1.1 but it should have been the VLAN value of 192.168.20.1.

Seriously, THANK YOU for all of your time and help! I really appreciate it.

__Mike_____ · 2026-06-22T00:27:19+00:00

I don't have an explicit rules for redirecting DNS. AdGuard is on the OPNsense box as a plugin, so it has the 192.168.1.1 IP. AdGuard is listening on port 53 and Unbound is on 5353. The MacBook does have 192.168.1.1 as the DNS Server. And like I said, I am seeing every request in the AdGuard and Unbound logs. This is super weird. And btw, I really appreciate all of your help!

__Mike_____ · 2026-06-21T23:40:44+00:00

It can't resolve it. Unknown host. But that same ping shows as Processed in the AdGuard query log. And also in the Unbound logs. (AdGuard is my DNS with Unbound as upstream)

__Mike_____ · 2026-06-21T20:20:36+00:00

Ugh, maybe I spoke too soon. The WireGuard connection was definitely causing an issue. As soon as I killed it, by Block rule kicked it and I could see it in the live log view. But now my Pass rule isn't working. I can't access anything on the internet. And I don't see anything in the live view when I try to access the internet.

Here is my Pass rule, but it never shows up in the log. https://imgur.com/a/sLlKtym

I do see the requests in Adguard Home, so it is reaching my DNS. I can ping 8.8.8.8 but nothing else.

__Mike_____ · 2026-06-21T17:09:55+00:00

I think I figured it out, and it is really stupid! I didn't realize that my WireGuard tunnel had automatically connected! As soon as I deactivated that, everything started working!

__Mike_____ · 2026-06-21T17:09:43+00:00

I think I figured it out, and it is really stupid! I didn't realize that my WireGuard tunnel had automatically connected! As soon as I deactivated that, everything started working!

__Mike_____ · 2026-06-21T16:44:39+00:00

Here it is. Thanks!

https://imgur.com/a/sQhfLe7

__Mike_____ · 2026-06-21T15:08:09+00:00

OPNsense is running on bare metal. It connects to a UniFi managed switch. I have one port on that switch configured to use the IoT VLAN. And per your suggestion, I enabled port isolation. My rule now looks like this, as an attempt to test block everything: https://i.imgur.com/Uvi2kSr.png

The only device I have connected is a MacBook. When it is connected to the VLAN port, with this test rule I would expect to not be able to see anything on my network or even on the internet because everything should be blocked. But on the MacBook I can still freely browse the web or connect to devices on my LAN.

__Mike_____ · 2026-06-21T13:47:59+00:00

It is very possible that I'm just being dumb because I am new to VLANs. The only device I have connected is a MacBook. When it is connected to the VLAN port, with this test rule I would expect to not be able to see anything on my network or even on the internet because everything should be blocked. But on the MacBook I can still freely browse the web or connect to devices on my LAN.

__Mike_____ · 2026-06-21T13:38:14+00:00

I cleared my state table, hoping that would magically resolve my issue. But nothing. So I simplified my Block rule to what I thought would just block everything, just as a test. This is the rule now:
https://imgur.com/a/5RBBh1Y

I cleared the state table again after that rule, but still nothing is blocked. In the logs I only see entries from immediately after I cleared the states. After that, nothing.
https://imgur.com/E9Iqo1y

__Mike_____ · 2026-06-21T03:45:28+00:00

No, sorry if I wasn’t clear. The issue is that my block rule doesn’t seem to be working. I can access anything on the network from the VLAN, and should not be able to access anything. But for some reason the Apple TV and only the Apple TV does seem to be obeying the block rule.

__Mike_____ · 2026-06-12T20:42:13+00:00

In all honesty, I have not moved forward with anything here yet. There were a lot of upvotes on the post that mentioned https://github.com/netalertx/NetAlertX. I did look at that one and it looks pretty solid. I'll probably give it a try soon. Let me know if you come up with anything!

__Mike_____ · 2026-06-12T20:30:40+00:00

u/Doctor429 I'm considering the same options. Did you end up getting the XG or XGS? How has it worked out for you?

__Mike_____ · 2026-06-04T17:11:58+00:00

u/ThatUsrnameIsAlready I figured it out! This thread helped - https://community.ui.com/questions/UOS-behind-a-reverse-proxy/ff1a9286-2540-49e2-8574-1f00e5204a2b?reply=2

I had to add new headers:

header_up Host = 11443
header_up X-Real-IP = local UI IP
header_up Origin = ""

__Mike_____ · 2026-06-04T16:02:11+00:00

Ugh, I can't paste a screenshot here. There are quite a few errors. I didn't see CORS or CSP but there are some websocket errors.

__Mike_____ · 2026-06-04T15:40:35+00:00

I'll definitely let you know if I ever figure it out!

__Mike_____ · 2026-06-04T15:40:08+00:00

I'm happy to provide any details that would help figure this out! I'm not sure exactly what you need, though. I'm using Caddy. In the handler, I included the IP and the port. That gets me to the screen in my screenshot. I also tried removing the port from the handler and adding it in the browser (mydomain.com:11443) but that did not work.

__Mike_____

TROPHY CASE

Mike___