Re-posting from Telegram on the recommendation from “Mike” for additional visibility.
THE ISSUE: Samsung S22 and S24 phones (with the Nextcloud app) cannot connect to existing Nextcloud user accounts via credentials (QR code) provided by Nextcloud user account UI browser session.
NETWORK AS IT WAS THEN: Formerly, Orbi router (RBR750 w/2 satellites) had flat network on subnet 192.168.1.0/24. All Start9 servers (4) and computers (3) are wired. Phone, tablet and IoT stuff on wifi.
All computers (with Firefox browser) connected to all Start9 servers via IP addresses, adj-noun.local addresses and connected to Nextcloud user accounts via UI https://***.local address.
S22 and S24 phones (with the Nextcloud app) connected to Nextcloud user accounts via credentials (QR code) provided by Nextcloud user account UI.
THE CHANGE: installed pfSense router, managed switches, created VLANs and relegated the Orbi to Access Point mode.
NETWORK AS IT IS NOW: Currently, pfSense router, Avahi service and mDNS reflection enabled (across all subnets) and managed switches with VLANs. Orbi in AP mode (without VLANs, not supported in AP mode) on untagged switch port. All servers and computers remain wired. Phone, tablet and IoT stuff still on wifi.
All computers (with Firefox browser) on VLAN10 (on pfSense port 2) can connect to all Start9 servers on VLAN 20 (on pfSense port 3) via IP addresses, adj-noun.local addresses and can connect to Nextcloud user account via UI https://***.local address.
1a) Computers connect via browser across different router ports and across different VLANs using server IP addresses and *.local addresses. DNS resolving as expected.
1 of the 3 computers (with Firefox browser) moved and connected to wifi (RJ45 removed) on non-VLAN Orbi, can connect to all Start9 servers via IP addresses, adj-noun.local addresses and Nextcloud user account via UI https://***.local address.
2a) Computer on wifi connects via browser across different router ports and non-VLAN/VLAN connection using server IP addresses and *.local addresses. DNS resolving as expected.
S22 and S24 phones (with the Nextcloud app) connected to wifi (airplane mode on, no cell tower) on non-VLAN Orbi, CANNOT connect to Nextcloud user accounts via credentials (QR code) provided by Nextcloud user account UI browser session. Receive message “Could not find host” as described in Start9 documents.
3a) Phone/Nextcloud app on wifi cannot connect across different router ports and non-VLAN/VLAN connection using Nextcloud user account credentials. DNS (or mDNS) not resolving for the phone/app?
S22 phone (with Firefox browser) connected to wifi (airplane mode on, no cell tower) on non-VLAN Orbi, CAN connect to all Start9 servers IP addresses but CANNOT connect via adj-noun.local addresses nor to Nextcloud user account via UI https://***.local address.
4a) Phone on wifi can connect via browser across different router ports and non-VLAN/VLAN connection to server IP addresses but CANNOT connect to *.local addresses. DNS (or mDNS) not resolving for the phone/browser?
Trusted CA deleted from S22 phone and re-installed has no effect.
HELP PLEASE: This about a week worth of troubleshooting and verifying results are consistent and then trying to make this a comprehensive read, and reading and learning at the same time. The following statement is unclear from the documents “…WiFi network is not properly “bridged” with the ethernet network…”. Please explain this so I can also troubleshoot this aspect. What’s it take to fix this issue?
I don’t have anything specific to add other than what’s been discussed in TG, but it is interesting that other devices connected to wifi do work, while the two phones don’t.
It would be interesting to see what happens if you bring another different Android, or even an iOS device, into the equation and test that.
1 of the 3 computers (with Firefox browser) moved and connected to ethernet connection on (rear of) non-VLAN Orbi, can connect to all Start9 servers via IP addresses, adj-noun.local addresses and Nextcloud user account via UI https://***.local address.
6a) Computer on wifi connects via browser across different router ports and non-VLAN/VLAN connection using server IP addresses and *.local addresses. DNS resolving as expected. Same test and result as listed above in 2) and 2a).
I tried the same tests for a new Pixel but phone conditions are not identical but shouldn’t matter. The wifi connection is the same but none of the CAs are trusted yet so I didn’t expect the phone to connect securely to the Start9 servers. The phone did find them at their static IP addresses and Vanadium offered to continue as http only. No joy finding the *.local addresses with Vanadium and with a fresh install of the Nextcloud app, no joy connecting there either. See 7) and 8) below. This matches the results of the S22 and S24. I’d like to try this on an iphone as well but not one under my control.
Pixel8 phone (with Vanadium browser) connected to wifi (no SIM card, no cell tower) on non-VLAN Orbi, CAN connect to all Start9 servers IP addresses but CANNOT connect via adj-noun.local addresses nor to Nextcloud user account via UI https://***.local address.
7a) Phone on wifi can connect via browser across different router ports and non-VLAN/VLAN connection to server IP addresses but CANNOT connect to *.local addresses (not found).
Pixel8 phone (with the Nextcloud app) connected to wifi (no SIM card, no cell tower) on non-VLAN Orbi, CANNOT connect to Nextcloud user account via credentials (QR code) provided by Nextcloud user account UI browser session. Receive message “Could not find host” as described in Start9 documents.
8a) Phone/Nextcloud app on wifi cannot connect across different router ports and non-VLAN/VLAN connection using Nextcloud user account credentials.
The mDNS has something to do with it. Does Avahi mDNS bring the computers and *.local address for the servers together , or is that the router DNS service? I’d like to be able to credit success or failure to one or the other. Maybe the Nextcloud app isn’t listening correctly to the mDNS information as it is broadcast. Maybe the broadcast isn’t the way Nextcloud is expecting to hear it. I have explicit rules written to allow mDNS across all interfaces in pfSense. Is there a possible conflict between Bonjour and Avahi co-existing on the network, at least as far as the Nextcloud app is concerned?
Avahi is an open source implementation of IETF Zeroconf. Apple and Microsoft have their proprietary implementations. Microsoft’s implementation is lacking most notably, .local aliasing, which is why Windows users need to install Apple’s Bonjour to connect to the services on StartOS. In short, there is no conflict between Bonjour and Avahi. They’re just OS specific implementation of the protocol. In the “coming soon” StartOS 0.3.6, services will be exposed via port. So Avahi, Bonjour, ect will no longer be necessary.
You can rule out it being an issue with the phone(s) by temporarily building a separate simple flat network. All devices on a single sub-net. A single router, with wifi. With a StartOS server connected directly to the router via Ethernet, and the phone or phones connected to the wifi provided by it. If you are able to connect to the server’s .local address from the phone(s) then you’ll know it’s not an mDNS issue with the phone(s).
Re-created 192.168.1.0/24 flat network, no VLANs; spare Linksys router with wifi, laptop, Start9 server hosting Nextcloud and S22 and S24 phones.
9a) Able to setup and reestablish full user access via phones to existing Nextcloud user accounts hosted on Start9 server. All good hardware and apps.
Moved Start9 server hosting the Nextcloud service to ethernet port on Orbi router (AP mode).
10a) Full user access via phones to existing Nextcloud user accounts.
Moved Start9 server hosting the Nextcloud service to managed switch, port 5. Configured port 5 with the same network traffic (untagged) as port 6 for the Orbi router (in AP mode).
11a) Full user access via phones to existing Nextcloud user accounts.
Moved Start9 server hosting the Nextcloud service back to the original desired managed switch location on VLAN 20.
12a1) Computer results same as 1a). Computers connect via browser across different router ports and across different VLANs using server IP addresses and *.local addresses.
12a2) Phone results same as 3a) and 4a). Phone/Nextcloud app on wifi cannot connect across different router ports and non-VLAN/VLAN connection using Nextcloud user account credentials. Phone on wifi can connect via browser across different router ports and non-VLAN/VLAN connection to server IP addresses but CANNOT connect to *.local addresses.
Just as a reminder, in this desired configuration, all Start9 server (VLAN20) traffic is on port 3 of the pfSense router. All other network traffic (non-VLAN and VLAN, wifi and wired) is on pfSense port 2.
Okay, great! So we’ve ruled out an mDNS resolution issue with the phones. The problem seems to be multicast resolution moving across VLAN boundaries, or through the firewall. Keep in mind, the multicast broadcast address is 224.0.0.251, and all .local services run on 224.0.0.0/24. So maybe in your current configuration, 192.168.0.0 is allowed to cross boundaries, but the 224 is not. Hopefully this is a clue.