Avahi not reflecting some broadcast

mrroyh

I try to use avahi to reflect broadcast between my server vlan and iot vlan.
my network connection is like this:

on server side i have esphome dashboard which retrive esphome devices online status from iot side via mdns.

• both esp32_device can see the broadcast message from esphome_dashboard

• my esp32_device_b status is reflected correctly and can be seen by esphome dashboard, but esp32_device_a cannot be seen by dashboard.

when i try to disable avahi in pfsense and turn on avahi reflection from openwrt_b, both esp32_device can be seen by the dashboard

here are the two response from ot esp32_device.
both captured from pfsense vlan_iot interface, esp32_device_b is reflected to vlan_server but esp32_device_a is not reflected.

dennypage

@mrroyh Avahi does not reflect broadcast. Avahi reflection re-publishes mDNS information (multicast) that arrives on one pfSense interface to other interfaces, potentially filtering the information along the way.

Interface configurations, tunnel configuration, firewall rules, and Avahi configuration all play into your situation. Complex.

A basic question: Does OpenVPN even handle Multicast? It's been quite some time since I used OpenVPN, but last I knew it did not.

mrroyh

@dennypage i have tried it with firewall allow any to any.
all the replay package from both esp32_device can be captured from pfsense vlan_iot and openwrt_b vlan_iot, i think that means it is received by pfsense and openwrt, but one is reflected/re-published and one is not by pfsense. but the openwrt_b recreate/re-publish all the package.
the only different i can see is the the packages answer field contain 1 data and 3 additional records and the other one contain 3 answer and 1 additional records. maybe the recreation of package failed because of too big answer?

dennypage

@mrroyh Again, are you are expecting OpenVPN to carry mullticast? Have you separately confirmed that OpenVPN handles multicast?

mrroyh

@dennypage multicast over openvpn tap works. thats why my openwrt_b can see and reflect / re-create the package to vlan_server

dennypage

@mrroyh said in Avahi not reflecting some broadcast:

@dennypage multicast over openvpn tap works. thats why my openwrt_b can see and reflect / re-create the package to vlan_server

Perhaps I misunderstood then. I understood you to say that the problem was that the esphome_dashboard would see advertisements from esp32_device_b, but would not see advertisements from esp32_device_a. Is this incorrect?

Given that esp32_device_a is on the other side of an OpenVPN tunnel from esphome_dashboard, this is the first thing to check. Have you separately, outside of Avahi, confirmed that multicast is flowing both ways through the tunnel?

mrroyh

@dennypage said in Avahi not reflecting some broadcast:

Perhaps I misunderstood then. I understood you to say that the problem was that the esphome_dashboard would see advertisements from esp32_device_b, but would not see advertisements from esp32_device_a. Is this incorrect?

this is correct if i enable avahi in pfsense.
if i enable avahi in openwrt_b, my esphome_dashboard can see both devices.

@dennypage said in Avahi not reflecting some broadcast:

Given that esp32_device_a is on the other side of an OpenVPN tunnel from esphome_dashboard, this is the first thing to check. Have you separately, outside of Avahi, confirmed that multicast is flowing both ways through the tunnel?

i can confirm that multicast flow through openvpn tunnel because my the package arrive at the openwrt_b vlan_iot interface and i just test it again by putting my esphome_dashboard in vlan_iot directly and it can see both device without any avahi enabed.

dennypage

@mrroyh said in Avahi not reflecting some broadcast:

i can confirm that multicast flow through openvpn tunnel because my the package arrive at the openwrt_b vlan_iot interface and i just test it again by putting my esphome_dashboard in vlan_iot directly and it can see both device without any avahi enabed.

The likelihood that you have an issue with Avahi itself is extremely low. The likelihood of multicast being inoperable across the tunnel, whether due to the tunneling technology itself or due to firewall rules, is very high.

You have a complicated network configuration. That takes effort to prove out. I am suggesting that you set Avahi aside, and directly test multicast propagation through the network in both directions with the network configuration that you are trying to deploy.

mrroyh

@dennypage i think that because of the package that can be seen by pfsense and openwrt_b and esphome_dashbord in vlan_iot and openwrt_b can reflect/re-create the package to vlan_server well, there is no problem with the openvpn or firewall rules.

for now i think i will just use avahi in my openwrt_b.