What site-to-site solution supports Avahi reflection?
-
Adding a second site with pfSense Plus.
We have an ever-increasing amount of gear that requires multicast to administer and only comes with closed-source phone applications. mDNS is traditionally used by Apple software and HomeKit devices, but is now also used for Matter devices, Elgato lights, etc. This isn't a choice — this is a requirement now.
I get that the site-to-site solution will need to support L2 and there seem to be a few choices (IPSec/L2TP, OpenVPN, VXLANs) but it's not clear which if any will work for Avahi reflection, which requires interfaces.
-
@ohmantics said in What site-to-site solution supports Avahi reflection?:
mDNS is traditionally used by Apple software and HomeKit devices, but is now also used for Matter devices, Elgato lights, etc.
To answer your specific question, both Avahi and mDNS-Bridge require multicast enabled interfaces. In theory, VXLAN could work, but I believe this was withdrawn from pfSense due to stability issues in the upstream implementation.
FWIW, HomeKit/Matter devices are designed around the concept of having a controller in the local network. They are not designed with a remote controller in mind -- remote operations are expected to be performed through the network local controller.
Instead of trying to flood multicast DNS across sites, consider placing a controller in each network. You can run this as multi-site HomeKit, or if a unified single site view is important you can build this with something like Home Assistant.
YMMV
-
@dennypage I'm not asking for different solutions or to be told that I'm wrong for wanting this.
I'm asking for a site-to-site solution that supports multicast using pfSense.
Unifi and OPNsense both have this working and I'd rather not be forced to switch after all these years as I'm quite happy with pfSense otherwise.
Have the upstream issues with VXLAN been addressed?
Can OpenVPN be configured for L2 and does that work with Avahi reflection?
Does IPSec/L2TP work with Avahi reflection? -
@ohmantics said in What site-to-site solution supports Avahi reflection?:
Can OpenVPN be configured for L2 and does that work with Avahi reflection? Does IPSec/L2TP work with Avahi reflection?
Not that I am aware of.
-
@ohmantics said in What site-to-site solution supports Avahi reflection?:
@dennypage I'm not asking for different solutions or to be told that I'm wrong for wanting this.
I'm asking for a site-to-site solution that supports multicast using pfSense.
There’s a good reason you can’t find one.
-
You can configure OpenVPN in TAP mode and bridge it to the local interfaces to carry L2 traffic. That can work OK as long as latency isn't too high. But, I agree, it's usually the wrong solution.
-
@stephenw10 I’ll give that a shot.
I notice that TNSR still has VXLAN support. Will that be coming back to pfSense soon? If so, is that a better choice?
-
The main reason we removed VXLANs last time was that bridging to them was broken at the time and that is/was required to use them is most common scenrios. Which a switch that supports them for example.
You would still need to encryption too.
There are no immediate plans to add VXLANs back but I believe the bridging issue is now resolved.
OpenVPN TAP mode works now and is encrypted by default.
