I have an IoT network (for devices) running on a dedicated VLAN (with a hardened firewall of course! ;-)) and a Homebridge instance, that exposes some of those devices in an Apple Home (since they do not support iOS HomeKit API by default).
Now the problem is that for Apple Home to work:
- Homebridge needs to have access to both local network and IoT VLAN.
- There needs to be a solid mDNS Advertiser that also runs on both networks.
After researching various advisors, I found that having a local Avahi daemon (on the same server that the Homebridge is running) is the best solution, since it's easy to limit and configure which networks it should listen on (allow-interfaces - and choose only VLAN and local network), but I've spend hours debugging why this setup isn't working! Avahi and Homebridge 'saw' the devices, but I couldn't control them from my iPhone, thinking that my firewall and setup were too restrictive.
The solution to this problem was this configuration line in /etc/avahi/avahi-daemon.conf:
[reflector]
enable-reflector=yes
This enables Avahi to propagate mDNS records for devices on the VLAN network to the local network, making them visible to Apple Home (or generally available to be discovered in the ZeroConf network).