pfSense - OpenVPN + Avahi = Not Working


  • Hello Everyone,

    Even during these COVID times, my work has me traveling, a lot. I have a security camera pointing at my Den TV that I want to control while I'm gone so I can put on nature videos for my cats. It's an AppleTV. I cannot get Airplay or the "Remote" iOS app to find the device while connected over OpenVPN. Can someone please review my setup and provide suggestions? My furry friends would definitely appreciate it.

    OpenVPN:
    Tunnel network - 192.168.2.0/24
    Device mode: Layer 3 Tunnel mode
    Protocol: IPv4 UDP only
    Custom Options: push "route 192.168.1.0 255.255.255.0"

    Main LAN - 192.168.1.0/24

    Interfaces:
    WAN1 - ISP1
    WAN2 - ISP2
    LAN - 192.168.1.0/24
    OPT2 - ovpns1

    Avahi:
    Enabled
    Interface Action: Allow Interfaces
    Interfaces: LAN and OPT2 selected
    Disable support for IPv6 - Ticked (I deny all IPv6 traffic)
    Repeat mdns packets across subnets - ticked (but obviously not working)
    Advanced -> Domain override: set to match the local Domain name I setup "houselocal" in System -> General Setup -> Domain

    I use to have this working when PFSense was inside a VMware host, but since I converted to a physical box and set everything up again, I can't get this working for the life of me.

    Any pointers? It would really be nice to control my AppleTV over OpenVPN so I can play videos for the cats while I'm gone.

    Thanks in advance


  • Here are the avahi logs when I enable it:

    Aug 14 13:51:31 avahi-daemon 27365 Failed to add service 'pfSense' of type '_sftp-ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/sftp-ssh.service): Not permitted
    Aug 14 13:51:31 avahi-daemon 27365 Failed to add service 'pfSense' of type '_ssh._tcp', ignoring service group (/usr/local/etc/avahi/services/ssh.service): Not permitted
    Aug 14 13:51:31 avahi-daemon 27365 Server startup complete. Host name is pfSense.houselocal. Local service cookie is 3136548416.
    Aug 14 13:51:31 avahi-daemon 27365 Network interface enumeration completed.
    Aug 14 13:51:31 avahi-daemon 27365 New relevant interface em1.IPv4 for mDNS.
    Aug 14 13:51:31 avahi-daemon 27365 Joining mDNS multicast group on interface em1.IPv4 with address 192.168.1.1.
    Aug 14 13:51:31 avahi-daemon 27365 New relevant interface ovpns1.IPv4 for mDNS.
    Aug 14 13:51:31 avahi-daemon 27365 Joining mDNS multicast group on interface ovpns1.IPv4 with address 192.168.2.1.
    Aug 14 13:51:31 avahi-daemon 27365 Loading service file /usr/local/etc/avahi/services/ssh.service.
    Aug 14 13:51:31 avahi-daemon 27365 Loading service file /usr/local/etc/avahi/services/sftp-ssh.service.
    Aug 14 13:51:31 avahi-daemon 27365 WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
    Aug 14 13:51:31 avahi-daemon 27365 avahi-daemon 0.7 starting up.
    Aug 14 13:51:31 avahi-daemon 27365 Successfully dropped root privileges.
    Aug 14 13:51:31 avahi-daemon 27365 Found user 'avahi' (UID 558) and group 'avahi' (GID 558).


  • Hello, I read somewhere, that avahi will run only if you use TAP tunnel. On Vmhost it was exactly same setup?


  • @GeorgeCZ58 said in pfSense - OpenVPN + Avahi = Not Working:

    Hello, I read somewhere, that avahi will run only if you use TAP tunnel. On Vmhost it was exactly same setup?

    If I was using a TAP tunnel, then I wouldn't need Avahi, since I would be on the same subnet, lol.

    Unfortunately, OpenVPN on iOS devices do not work with tap tunnels, so I can't go with that route.


  • Let me sweeten the pot.

    $100 paypal/cash app/venmo whatever to the person who can get me solution.


  • @CCNewb
    Hi, do you have the same setting enable like I have?

    e0c23355-9390-4b7e-acc5-6ad46338bc00-image.png


  • @CiscoX Yup setting look the same, I've tried with publishing enabled and disabled, although nothing mdns gets discovered while connected to OpenVPN


  • @CCNewb said in pfSense - OpenVPN + Avahi = Not Working:

    @CiscoX Yup setting look the same, I've tried with publishing enabled and disabled, although nothing mdns gets discovered while connected to OpenVPN

    hmm, what about your OpenVPN settings.?
    I haven't test this before over OpenVPN, but i did try now with my samsung phone, and I use the SmartView(included on the phone)
    I can see my TV's and i can connect but i loose connection after a few seconds. On the TV, i just see some dark picture, then it disappear.
    I have to figure out why this is happening. Maybe some settings in OpenVPN.


  • @CiscoX here's my Open VPN settings, https://i.imgur.com/aKMBvVm.png nothing sticks out that I think would cause mdns to be blocked


  • @CCNewb
    And here is mine.

    https://imgur.com/bw3DCKF

    I just enable "NetBIOS enable" test that and see if it helps. I don't have time to test right now.
    Most of the settings are the same i see :)

    And maybe you need to select your OpenVPN interface under Avahi also. And restart the service and see if you still get som error in the log.


  • @CiscoX Turned on Netbois then tried all the options, no luck yet :/


  • @CCNewb
    I'm so sorry Sir that i couldn't help you. But some apps are working from my phone. The Smart View doesn't not work at all. Complain about i'm using VPN and have to disconnect. Installed another "cast" app and that one works. Can connect to my TV over OpenVPN.
    Maybe you have the same problem. Have you tried other apps? :)

    Another thing you can try is to make a new OpenVPN server and use "tap - Layer 2 Tap Mode" under Device mode.
    Not sure if this is support by your phone or other devices.


  • I'm using a mdns discovery app, nothing is found when connected over openvpn, but tons of crap is found when I'm on the local lan network. Thanks for trying!


  • And did you try PIMD instead of Avahi? I dont have AppleTv, so cant test Airplay or mirroring.


  • @GeorgeCZ58 just spent an hour with pimd, and no luck :/


  • This post is deleted!
  • Netgate Administrator

    So post your solution. Or is this just spam? 😉


  • @ccnewb
    I've spent days to figure out a solution to this problem with no luck. I think that iOS do no browse point to point interfaces as the VPNS (OpenVPN or also L2PT over IPSEC which I set up succesfully) but only the wi-fi interface.

    Regards
    Fabio


  • @fog said in pfSense - OpenVPN + Avahi = Not Working:

    @ccnewb
    I've spent days to figure out a solution to this problem with no luck. I think that iOS do no browse point to point interfaces as the VPNS (OpenVPN or also L2PT over IPSEC which I set up succesfully) but only the wi-fi interface.

    Regards
    Fabio

    "browse mdns packets" I should have written


  • Also DNS-SD (see http://dns-sd.org) doesn't work when connecting with OpenVPN and forwarding to the client correct DNS suffix name. I've setup my internal DNS server to publish many of my service on my LAN ... but them not get discovered on iOS.