mDNS repeater (Avahi) over WireGuard

NetworkingMicrobe

Hi,
I've been enjoying WireGuard so far with the nightly builds of pfSense 2.5 and am happy to see the full release of 2.5 today with official WG support in the kernel!

I've been experimenting a bit with WG, and have decided on a setup akin to the one described here (https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html) where my pfSense box acts as a 'server' for my clients to connect to, so they may use the same network as my firewall.

I also went a bit beyond what was described in the tutorial and setup an Interface Assignment for wg0, my WG tunnel in question, with the firewall set to allow all traffic to other subnets/the web.

Now I'm looking into using the Avahi mDNS repeater which I've already setup on the firewall to repeat over the 192.168.15.1/24 subnet which I use for WG peers. Despite me selecting the wg0 Interface in the Avahi web config (in addition to other VLANs I had previously), and me adding 224.0.0.251/32 to the WG Peer "Allowed IPs" box in pfSense (my client's allowed IPs are 0.0.0.0/0), I can't seem to get it working. My clients can't pick up any mDNS devices. I've attached a photo of my pfSense WG Peer config for reference. I've also attached a snipped of my pfTop output for port 5353, looks like my WG subnet (192.168.15.1) is sending mDNS request to 224.0.0.251...

Looking forward to hearing your suggestions on this, or if perhaps this setup isn't supported (yet)!

EDIT: forgot to mention, I have the "Repeat mdns packets across subnets" option in Avahi enabled too.

Cheers.

Screen Shot 2021-02-17 at 6.58.52 PM.png

Screen Shot 2021-02-17 at 7.01.24 PM.png

viktor_g

Please create a bugreport:
https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html