Just having the support built into guacamole-server isn't sufficient; you need to configure the machine running the VNC server to additionally accept network PulseAudio connections, and configure the Guacamole connection to use both VNC and PulseAudio.
i have made it all 0's as i want all networks to access it, otherwise how
would i go about adding two networks?
when i restart pulseaudio on the guacamole server i get this -
W: [pulseaudio] main.c: This program is not intended to be run as root
(unless --system is specified).
i have also installed pulseaudio on my vnc server that i want guacamole to
connect to and on that connection computer on the guacamole server i have
Okay, a couple of points of clarification, here. First, the changes made to the default.pa file and (re)starting the PulseAudio service only need to be done on the *VNC Server*, not on the system running guacd (unless those two happen to be the same system, which I gather is *not* the case in your setup). So, make those changes on the VNC server and restart the PulseAudio service, there. Also, as far as the 0.0.0.0/0, you don't need that to allow all Guacamole clients to have audio - you only need to allow the system that's running guacd in that ACL. Basically, PulseAudio needs to be accessible by the system running guacd, and then the Guacamole protocol (between Tomcat and guacd) takes care of encapsulating all of the audio and video for a connection - so guacd converts from PulseAudio to Guacamole and back, sending it over to the Guacamole Client, which then sends it to your browser.
On the system running guacd, you really only need to make sure that guacd is compiled with PulseAudio support - so, depending on your Linux distribution, make sure the pulseaudio development packages are installed, and then ./configure guacd and make sure it specifies that PulseAudio is enabled, compile, and (re)install.
Depending on how pulse interprets the /21, you might be opening it up to the entire 172.16.8.0/21 subnet, rather than just the guacd host. If you use the /32 it'll be limited to only the guacd host, which, with anonymous authentication, is probably what you want.
I'm not familiar enough with Pulse Audio's behavior to know if this would be completely locked down (no access if missing the auth-ip-acl) or allow everything (all access if missing auth-ip-acl). But, either way, probably not what you want.
now on the guacamole server when i click the connection it works
but when i connect via vnc client ie realvnc it doesnt work so how can i get
the vnc client to get the audio
I kind of doubt it'll work with just the straight VNC Client - the VNC client would have to support audio, itself, and I don't know that any of them do. In Guacamole, this is all handled by guacd - guacd makes the VNC connection, and then it makes a separate PulseAudio connection, and encapsulates all of it in the Guacamole protocol stream. So, as soon as the VNC + PulseAudio connection hits guacd, it's no longer VNC + PulseAudio, it's Guacamole. The VNC client would have to do exactly the same thing that guacd is doing - that is, it would need to make both the VNC connection *and* the PulseAudio connection in order to provide the audio. Perhaps one of the VNC clients does that, I'm not sure - I haven't used them in a long time - but I kind of doubt it.
The one option you do have with something like VNCViewer is to run the PulseAudio system as a client on the same system that's running the VNCViewer software, and make the network connection to the VNCServer's PulseAudio port. Guacamole abstracts these details from you, for the most part - that is, with Guacamole, you're not required to manually establish separate connections for both VNC and Pulse - guacd does it all for you. If you're using VNCViewer, though, you'll have to do it manually.
now i have pulseaudio working on a vnc users connection
how do i add audio for the other vnc connection users, so they all have
atm it just works for one vnc user and not the others
is this because pulseaudio only uses one port number?
This gets a little beyond my knowledge of PulseAudio - I think you're probably on the right track in thinking that the single port number is the issue - not necessarily the single port number, but the single instance of PulseAudio on the VNC server, and the fact that PulseAudio is not "coupled" in any way to the VNC session, means that it's hard (impossible) for PulseAudio to know which user session should be associated with which PulseAudio client.
There are two ways to work around this - one is to have a single user (VNC Session, Pulse Audio Session) per VNC server so that you just avoid the problem - you can use load balancing on the front-end to make it easy for folks to connect, and the load balancing, either through Guacamole (Connection Groups), HAProxy, or somethings like Amazon's Elastic Load Balancer (ELB) would allow you to send the VNC and Pulse connections to the same system. With 1 VNC/Pulse session per system, you don't have to worry about it.
The other option would be to run PulseAudio as a user process rather than a system process, and start it up with the VNC session. The theory would be that you could put each user on a different PulseAudio port and have PulseAudio start up as a user process when VNC launches their session. In reality, I don't know how well this would work - for one thing, you'd either have to delay the startup on the PulseAudio client on the client-side until PulseAudio were running on the server side (doable with VNCViewer + PulseAudio, but harder with Guacamole), and, for another thing, you'd have to have some way to dynamically calculate and allocate PulseAudio ports, and communicate that over to the client such that either the user knows which port to connect to or the client is able to determine it automatically. This wouldn't really work at all with Guacamole, it's really only doable in a VNCViewer + PulseAudio setup, and, even then, it would take a little doing to make it happen.