New Member
Posts: 7
Registered: ‎02-23-2015

Bonjour/mDNS over IPSEC VPN - Avahi

I'm using a couple of ERL routers for a site-to-site Ipsec VPN tunnel. I want to use bonjour/mDNS at both locations; thus making them a single network.

 

I've already installed the Avahi deamon at both locations, however with no results. How can I enable bonjour/mDNS over my existing VPN Tunnel?

 

My avahi config file:

                                                                                
[server]                                                                        
#host-name=foo                                                                  
#domain-name=local                                                              
#browse-domains=0pointer.de, zeroconf.org                                       
use-ipv4=yes                                                                    
use-ipv6=yes                                                                    
allow-interfaces=eh0, eth1                                                      
#deny-interfaces=eth0                                                           
#check-response-ttl=no                                                          
#use-iff-running=no                                                             
#enable-dbus=yes                                                                
#disallow-other-stacks=no                                                       
allow-point-to-point=yes                                                        
#cache-entries-max=0                                                            
#clients-max=4096                                                               
#objects-per-client-max=1024                                                    
#entries-per-entry-group-max=32                                                 
ratelimit-interval-usec=1000000                                                 
ratelimit-burst=1000                                                            
                                                                                
[wide-area]                                                                     
enable-wide-area=yes                                                            
                                                                                
[publish]                                                                       
#disable-publishing=no                                                          
#disable-user-service-publishing=no                                             
#add-service-cookie=no                                                          
#publish-addresses=yes                                                          
#publish-hinfo=yes                                                              
publish-workstation=yes                                                         
#publish-domain=yes                                                             
#publish-dns-servers=192.168.50.1, 192.168.50.2                                 
#publish-resolv-conf-dns-servers=yes                                            
#publish-aaaa-on-ipv4=yes                                                       
#publish-a-on-ipv6=no                                                           
                                                                                
[reflector]                                                                     
enable-reflector=yes                                                            
#reflect-ipv=no                                                                 
                                                                                
[rlimits]                                                                       
#rlimit-as=                                                                     
rlimit-core=0                                                                   
rlimit-data=4194304                                                             
rlimit-fsize=0                                                                  
rlimit-nofile=768                                                               
rlimit-stack=4194304                                                            
rlimit-nproc=3  

 

SuperUser
Posts: 20,402
Registered: ‎09-17-2013
Kudos: 5142
Solutions: 1458

Re: Bonjour/mDNS over IPSEC VPN - Avahi

You could enable the mDNS reflector on the ERs ... but the thing is, broadcasts "should" be contained to one subnet (e.g. 192.168.1.0/24), so it's kind of touchy whether or not it'll actually work.

Highlighted
New Member
Posts: 7
Registered: ‎02-23-2015

Re: Bonjour/mDNS over IPSEC VPN - Avahi

Well I have the reflector enabled, without results. I have two subnets: 192.168.1.0/24 and 192.168.0.0/24.

I thought the purpose of the reflector is to make mDNS possible over both subnets.

Member
Posts: 215
Registered: ‎11-26-2014
Kudos: 78
Solutions: 12

Re: Bonjour/mDNS over IPSEC VPN - Avahi

There is a quite similar thread here. Only solution back then seemed to be to use OpenVPN.

 

Cheers!

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Bonjour/mDNS over IPSEC VPN - Avahi

Have you tried a vti tunnel or a gre tunnel on top of the ipsec tunnel?

EdgeMAX Router Software Development
New Member
Posts: 7
Registered: ‎02-23-2015

Re: Bonjour/mDNS over IPSEC VPN - Avahi

As far as I understand, a VTI tunnel requires static ip's on both ends. Unfortunately, the IP's at both ends are assigned via DHCP and change irregularly.

 

What are the benefits/cons of upgrading to a GRE tunnel, and can I do this without adjusting the rest of the configuration?

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3141
Solutions: 945
Contributions: 16

Re: Bonjour/mDNS over IPSEC VPN - Avahi


SyS_ErroR wrote:

What are the benefits/cons of upgrading to a GRE tunnel, and can I do this without adjusting the rest of the configuration?


With regular ipsec you defined a local/remote prefix and the flow must match both local & remote in order to got through the ipsec tunnel.  Hense multicast doesn't match.  With vti or ipsec + gre you get a routable interface.   Use can also use openvpn for a routable interface, but the performance won't be as good as ipsec.

EdgeMAX Router Software Development
New Member
Posts: 7
Registered: ‎02-23-2015

Re: Bonjour/mDNS over IPSEC VPN - Avahi

I'm afraid it didn't work. I adapted my l2tp tunnel to a VTI tunnel, but still no mDNS (even with Avahi enabled). Any thoughts?

Emerging Member
Posts: 65
Registered: ‎09-21-2016
Kudos: 6
Solutions: 1

Re: Bonjour/mDNS over IPSEC VPN - Avahi

I know this is an old thread, but I'm having the same issue with l2tp, i have my main LAN network and VPN network:

 

LAN: 192.168.1.0/24

VPN: 192.168.2.0/24

 

And i want to be able to have the broadcast performed through all of these two networks.