Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New Avahi package

    Scheduled Pinned Locked Moved pfSense Packages
    57 Posts 12 Posters 38.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dennypageD
      dennypage @sammybernard
      last edited by dennypage

      @sammybernard said in New Avahi package:

      Thanks. I have edited the avahi.inc file for the moment while waiting the package update. Just want to make sure if the package got updated via GUI then the avahi-deamon.conf gets updated with the point to point flag.

      Not sure if you are asking about the behavior with the current version 2.0.0_1 or the coming 2.0.0_2...

      With 2.0.0_1, any change to the configuration will cause avahi-daemon.conf to be overwritten, and the manual edit for allow-point-to-point flag will be lost.

      With 2.0.0_2 and beyond, the config file will always be written with the allow-point-to-point flag set. Given that the interface list is positive selection only, there really isn’t a reason to make the point-to-point setting configurable via the GUI.

      I expect the new version will be available shortly after folk return from holiday next week. You can follow the PR using the link above.

      S 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Same package, another question :
        In the good old days, I could see what avahi "sees" doing by running :

        avahi-browse -a -v
        

        Or, now :

        avahi-browse -a -v
        Failed to create client object: Daemon not running
        

        With the help of Google and the left mouse button, I found out that in the file
        /usr/local/etc/avahi/avahi-daemon.conf
        This line

        enable-dbus=no
        

        is hard coded to "no".
        Making it

        enable-dbus=yes
        

        rewriting the config and .....

        avahi-browse -a -v
        Server version: avahi 0.7; Host name: pfsense.local
        E Ifce Prot Name                                          Type                 Domain
        +   fxp0 IPv6 pfsense [00:12:3f:b3:58:75]                   _workstation._tcp    local
        +   fxp0 IPv4 pfsense [00:12:3f:b3:58:75]                   _workstation._tcp    local
        +   sis0 IPv6 pfsense [00:0f:b5:fe:4e:e7]                   _workstation._tcp    local
        +   sis0 IPv4 pfsense [00:0f:b5:fe:4e:e7]                   _workstation._tcp    local
        +   fxp0 IPv6 pfsense                                       _ssh._tcp            local
        +   fxp0 IPv4 pfsense                                       _ssh._tcp            local
        +   sis0 IPv6 pfsense                                       _ssh._tcp            local
        ......
        

        Thoughts ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        dennypageD 1 Reply Last reply Reply Quote 0
        • dennypageD
          dennypage @Gertjan
          last edited by

          @gertjan Yes, this is intentional. There are no local mDNS browse clients for pfSense, so there isn't much use for dbus support on the firewall itself. Further dbus was the cause of a couple of significant issues, one being the minimum 5 second startup delay, and the other being a sporadic failure of Avahi to start at boot for many users.

          If you want to see what is in the network, I would recommend doing this from a general workstation or laptop in the network. This will also give you a better view into the overall functionality of reflection. There are several tools that support this. If you are a Mac user, then there is a free application called "Discovery" that is pretty nice. For a Unix based system, you can use avahi-discover (GUI) or avahi-browse (command line). I haven't used Windows in many years, but I'm sure there are some decent tools there as well.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @dennypage
            last edited by

            @dennypage said in New Avahi package:

            @gertjan Yes, this is intentional. There are no local mDNS browse clients for pfSense, so there isn't much use for dbus support on the firewall itself. Further dbus was the cause of a couple of significant issues, one being the minimum 5 second startup delay, and the other being a sporadic failure of Avahi to start at boot for many users

            Ok, get it - the only browser that exist on the firewall was ..... avahi-browser ^^ (this one needs avahi - logic, and mbus I guess).

            I have the Discovery app my Mac (iPhone) : great tool !

            Thanks for the detailed explanation.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • S
              sammybernard @dennypage
              last edited by

              @dennypage said in New Avahi package:

              the point-to-point setting configurable via the GUI.

              I meant that while we wait for the 2.0.0_2 version, I have edited the avahi.inc file based on the GitHub changes you had submitted so avahi-deamon.conf will have the allow-point-to-point flag.

              dennypageD 1 Reply Last reply Reply Quote 1
              • dennypageD
                dennypage @sammybernard
                last edited by

                @sammybernard Sounds good.

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User
                  last edited by A Former User

                  I can confirm my OpenVPN interfaces, that wouldn't get MDNS before, get it now with v2.0.0_2
                  Thanks!
                  (I can control the Chromecast from work once again...)

                  dennypageD 1 Reply Last reply Reply Quote 0
                  • dennypageD
                    dennypage @A Former User
                    last edited by

                    @muppet You’re welcome. Glad it’s working for you.

                    1 Reply Last reply Reply Quote 0
                    • M
                      METDeath
                      last edited by

                      Would it be possible to to set a single listen network then select rebroadcast networks?

                      I have an edge case of having several VLANs, three of which have castable devices, but only one of those devices should be visible on multiple networks.

                      There is a common area Shield TV (should be visible to it's network, and three others), as well as my bedroom Chromecast (should only be visible on my network) and my roommate has a Chromecast (should only be visible on his network).

                      Or a a client exclusion by IP address or network?

                      pfSense on AMD AM1 5350 with IBM/Intel PRO/1000 Quad port Gigabit NIC

                      dennypageD 1 Reply Last reply Reply Quote 0
                      • dennypageD
                        dennypage @METDeath
                        last edited by

                        @METDeath Avahi reflection, which is what is used to proxy mDNS, applies to all allowed interfaces. There is no way to limit the advertisements. Remember however that being able to see the device doesn't mean that you can route packets to it. Standard firewall rules still apply.

                        In other words, you can't hide it but you can easily prevent people from using it.

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          METDeath @dennypage
                          last edited by

                          @dennypage Yup, just wanted to make it less of a headache, plus I had my roommate on his VLAN try casting to my Chromecast on my VLAN and it triggered some odd behavior on my phone about my Chromecast.

                          pfSense on AMD AM1 5350 with IBM/Intel PRO/1000 Quad port Gigabit NIC

                          1 Reply Last reply Reply Quote 0
                          • T
                            TomT
                            last edited by

                            Hi.
                            Sorry if this is a stupid question.

                            My setup is Lan interface on OPT1 192.168.10.x and wireless on OPT2 10.10.10.x

                            I have some rules in place to allow specific Lan devices to access the wireless network.

                            However anything using multicast, Chromecast, printer, scanner, DNLA etc fail.
                            Would this package help and how would I set it up ?

                            Thanks

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @TomT
                              last edited by

                              @TomT said in New Avahi package:

                              Would this package help and how would I set it up ?

                              Yep.
                              Install it - start it - done.
                              Default setup values do fine for me. Just select all your local LAN interfaces.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • T
                                TomT
                                last edited by

                                Thanks. I'll give it a go 😀

                                1 Reply Last reply Reply Quote 0
                                • T
                                  TomT
                                  last edited by

                                  I'm about to set this up.. but had a quick follow up thought.

                                  When this is enabled will it allow OPT -> OPT1 & OPT1 -> OPT ?

                                  Thanks

                                  dennypageD 1 Reply Last reply Reply Quote 0
                                  • dennypageD
                                    dennypage @TomT
                                    last edited by

                                    @TomT Avahi reflection allows cross network discovery for all interfaces which it is configured on. That being said, remember Avahi itself offers discovery only. In other words, Avahi will allow you to see that a service is available in another network, but it doesn't mean you will be able to access the service. Access is controlled by firewall rules.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      Bernard Senior
                                      last edited by

                                      @dennypage

                                      Hello,
                                      Sorry if I don't post in the right place.
                                      We have a site-to-site vpn tunnel (openvpn) between 2 pfSense instances. It is operational. We want to be able to use the Mac OS Messages app (formerly iChat) between our 2 LANs. We installed and configured Avahi 2.0.0_2 on each side. In the friends list, we can't see the remote stations. Likewise, Discovery app only lists local stations. The firewall is configured to allow to see (any ports) the remote stations on each side: LAN 192.168.10.0/24 and LAN 192.168.60.0/24.
                                      We don't see why it doesn't work.
                                      However, a post indicates that it is possible: https://forum.netgate.com/topic/18877/routing-apple-bonjour
                                      Thanks in advance for any help. We aren't geeks !
                                      Best regards from France.

                                      Here is the Avahi configuration used:
                                      [Server]
                                      allow-interfaces = RE0
                                      allow-Point-to-Point = yes
                                      use-ipv4 = yes
                                      use-ipv6 = no
                                      enable-dbus = no
                                      Cache-entries-max = 0

                                      [Wide-area]
                                      enable-wide-area = no

                                      [Publish]
                                      disable-publishing = yes
                                      publish-addresses = No
                                      publish-hinfo = no
                                      publish-workstation = no
                                      publish-domain = No.
                                      publish-yyyy-on-ipv4 = no
                                      publish-on-a-ipv6 = no
                                      disable-user-service-publishing = yes

                                      [Reflector]
                                      enable-reflector = yes

                                      dennypageD 1 Reply Last reply Reply Quote 0
                                      • dennypageD
                                        dennypage @Bernard Senior
                                        last edited by

                                        @Bernard-Senior said in New Avahi package:

                                        Here is the Avahi configuration used:
                                        [Server]
                                        allow-interfaces = RE0

                                        You only have a single allowed interface. Multiple interfaces are required for Avahi reflection to have anything to do. In other words, you need to have your LAN and your tunnel in the allowed list on both sides.

                                        When I have a minute, I'll add a check to the UI to prevent enabling reflection if only one allowed interface is defined.

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          Bernard Senior
                                          last edited by

                                          @dennypage

                                          Thank you very much for your answer.
                                          I added and enabled a virtual interface for the vpn tunnel : ovpnc1.
                                          The configuration is now :
                                          [server]
                                          allow-interfaces=re0,ovpnc1
                                          Is it better ? I have to enter the same config at the other end of the tunnel.

                                          I tried this configuration but when I added opvnc1 on the second pfSense, I lost the connection of the tunnel !
                                          Presently, the VPN connection go out through a WAN 4G interface to a VPN server hosted by a small VPS on the internet.
                                          I think it's safer for us to talk to the person who installed the VPN tunnel !
                                          Thank you for your help.

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            jagradang
                                            last edited by

                                            Does anyone know a good windows mDNS browser i can use, there are suggestions above for mac and linux but i can't seem to find anything for windows.

                                            I am struggling casting to my samsung smart tv and my firestick and can't print to my epson printer. Was hoping to use a discovery tool to see what is actually being found and try and work from there.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.