Airplay 2 - Accessible from outside WIFI network?

[ianfieldhouse]

I recently bought a Denon AVR-X1600H receiver for my son as I wanted him to be able to use Airplay 2 to stream music from his phone. This all works perfectly and is also great for when he has friends round with iPhones they too can stream music. A strange thing has happened however in that one of his friends can connect to and stream music to the receiver when he is no longer in our property and on our WIFI network. He lives a couple of miles away and can do this from his house. I'm stumped as to how this is possible. Anyone got any explanation and a solution for how I can prevent this?

 

[jafd]

I'd like to know how he did it, too, but for exactly the opposite reason.

 

[waw74]

if it was the first of April, I'd have an explanation for you, It might still be the same reason.

look at your router, on the connected device list. See if he shows up there,
Maybe reboot your router and the Denon

it might be possible with a VPN, but only one of the types allows broadcast traffic, I don't recall which type,

does your tuner says airplay?
There are other ways to control it, Is it possible your son's friend added it to his Alexa account or something similar?

 

[satcomer]

He made a VPN sever inside his network so he connected using a VPN client! Synology has apps that will set that up!

 

[ianfieldhouse]

He made a VPN sever inside his network so he connected using a VPN client! Synology has apps that will set that up!

Nah, he’s a 16 year old boy who isn’t technical.
[automerge]1595690049[/automerge]

if it was the first of April, I'd have an explanation for you, It might still be the same reason.

look at your router, on the connected device list. See if he shows up there,
Maybe reboot your router and the Denon

it might be possible with a VPN, but only one of the types allows broadcast traffic, I don't recall which type,

does your tuner says airplay?
There are other ways to control it, Is it possible your son's friend added it to his Alexa account or something similar?

I need to check the router. The only thing I can think of is that the iPad of the receiver is set to the routers DMZ but I’m still unsure that airplay would pick that up. The receiver is definitely displaying Airplay when he did this.
It’s very strange as I can’t do it on my phone. Yeah wonder if it’s a bug in an earlier version of iOS?

 

[waw74]

Airplay uses something called mDNS (apple calls it bonjour) to advertise itself.
Every so often your airplay target devices will send a packet to everything on the network saying "hey I'm at xx.xx.xx.xx, and I can do airplay." Your aTVs broadcast multiple things using this (remote app, airplay, airplay video, homekit, among others). This is also used by your Mac to advertise file sharing.

Internet routers (like what your ISP uses, not something that would be in a home) will not forward these packets. They only work on local networks. and most likely your modem should stop them before they ever leave your house.
So even if somehow your device was directly on the internet, the advertisement won't go far, and without being told who can receive airplay, your phone can't send audio.

These packets are what I referred to in the post above, some VPNs will pass them, but it's not something that's usually enabled.

I'd be more willing to accept your son's friend is playing some sort of prank, and not telling you the full way he's doing it.
If he had a device in your house he could control remotely it wouldn't be a problem to airplay from that. It's pretty easy to setup Remote Desktop on a computer. I'd check your sons computer if it happens again, see if anything looks off, and make sure there's not a second account active, but logged off. Especially if his friend has used the computer.

if your router or modem is still using the default passwords, change that immediately.
if they were using default passwords, go into the port forwarding section on your router, and see if you see anything out of the ordinary. My guess is you shouldn't have any entries.
Another router setting to look at is UPnP, which allows devices on your network to request the router to open ports. With this enabled anything on your network can request to allow traffic back into your network. There should be a page with a list of anything that's been requested. It's best practice to leave this disabled, to keep random devices from opening holes in your protection.

another option is to factory reset your router, immediately change the password, and re-set up what you need. (probably just wi-fi name and password).
It's probably best that only you have access to router settings, so don't share that password. Obviously sharing the wi-fi password is OK.

I'm not saying go and accuse your son and his friend of anything tricky like that, but it's the most logical explanation.
There's no way that it should "just work" with default settings, something more than likely had to be changed.