Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Avahi mDNS repeating, IPSEC VTI, and Easy Rule — what did I just do?

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 328 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sleepyells
      last edited by

      I recently changed a site-to-site VPN from OpenVPN to IPSEC (VTI), using pfSense 2.4.5-RELEASE-p1 at both sites. Avahi is configured to repeat mDNS packets between my LAN and specific VPN interfaces.

      Although that configuration worked for OpenVPN, the mDNS packets weren't being passed using the IPSEC VTI-based VPN configuration. The firewall logs showed mDNS packets being blocked by the rule

      @45(1000004720) block drop in log on ! ipsec1000 inet from 10.MMM.NNN.0/30 to any

      where 10.MMM.NNN.0/30 is my VTI tunnel network.

      I didn't see any way to add a rule to pass that traffic on the Firewall / Rules screens. However, clicking the (+) button to add an Easy Rule did work. The Avahi mDNS repeater now seems to work.

      But where is the Easy Rule created, if I want to delete it at some point? I don't see the rule added on any of the Firewall / Rules screens.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.