So this question seems to have been discussed many times over the internet but the answers are more often incomplete. ( I did read this question, but I am not satisfied by the answers)

Here's the situation that I have (and it looks like I am not alone). I have 2 wifi at home, they give access to different VLANs for security purpose.

VLAN 10 : Main VLAN. IPs : 192.168.10.x/24

VLAN 20 : Guest VLAN IPs : 192.168.20.x/24

I have a Chromecast (2nd generation) connected to VLAN 10 and I would like to make it available on VLAN 20 as well. My router is a PfSense powered Netgate SG-3100.

I found this Reddit thread suggesting to use Avahi package to forward mDNS request, which I did. For testing purpose, I also allowed all IPv4 & IPv6 traffic to cross from VLAN 20 to 10 and vice versa within my firewall.

At first, avahi didn't work at all, but I found out that the package doesn't work out of the box:

• PfSense bug #3972 (running command dbus-daemon --system fixes it)
• Avahi dameon fails to start after reboot : Manual restart works. Given forum thread suggest to add a watchdog service

Once that solved, I got a big improvement. I took a packet capture of the traffic on VLAN 20 and I could see the mDNS crossing VLAN.

Without Avahi

With Avahi

So yay! I got my router to inform VLAN 20 that there is a chromecast on VLAN 10 at IP 192.168.10.20. But that doesn't do it...

Even with that, my Android phone does not recognize the Chromecast. I tried to understand more about the chromecast protocol but my observation is that, after the mDNS publication, both chromecast and the device starts talking to Google API through encrypted communication (TLSV1.2) protocol. I observe no packet exchange between the 2 devices on a working network.

So, my phone knows that there is a chromecast available and also known it's unique identifier (published in the mDNS message). Both devices actively talks to Google VPN server. I though that would be enough but it seems that it is not.

Either I am missing something here or Google server block the communication for some reason (most likely different network detection).

Here's a packet capture of the communication when my phone is connected on the right network and that discovery works. We see my Android phone opening an encrypted channel with Google API. Not long after, the chromecast starts talking to Google API as well and they both do so alternatively.

Any idea what else I could look at?