Bonjour with OpenVPN



  • Running pfSense 2.0-Beta4
    I created an openVPN server and the tunnel is working fine. I have another firewallon the other end and and it is broadcasting the mDNS packets back. The problem is that pfSense is not routing the packets correctly. I can resolve the issue by adding the following lines to pf.conf (or /tmp/rules.debug),

    pass in quick on ovpns2 dup-to igb0 inet proto udp from any to 224.0.0.251 port = 5353
    pass in quick on igb0 dup-to ovpns2 inet proto udp from any to 224.0.0.251 port = 5353

    However, I know this is not the preferred method. Is there an edit i can make to my conf.xml file to load raw routing rules?

    Also I know dup- support was supposed to be added in 2.0. Is there a supported way to add this rule to the 'Rules' tab?

    Thanks


  • Rebel Alliance Developer Netgate

    I just run the Avahi package on either end of an OpenVPN tunnel, worked fine last time I tried it but I haven't used it in a while.



  • I AM running it on both ends. It seems that bonjour traffic enters the tunnel on both ends but is never routed out of the tunnel and through the LAN. Could just be a bad config file. I will try setting it up again.



  • So I re-setup avahi on both ends and still have an issue. It does not seem to be passing the information from one avahi instance through the tunnel to the other. Both ends are setup with pfsense 2.0-Beta4. I have avahi setup and running on both ends with "Browse domains" as "<my fqdn="">,local". Avahi works great if I just allow both LAN and WAN, (Wan zeroconf/bonjour shows up in Lan subnet), yet it does not want to work through my vpn tunnel. Tunnel is working fine with all other traffic. Is there just something that I am missing? Tunnel type is "TUN" as I don't think pfsense supports "TAP" at this juncture…</my>


  • Rebel Alliance Developer Netgate

    Assign the OpenVPN instance as an interface and then choose it and LAN on the Avahi config page.



  • I mapped them to interfaces, should I assign static ips to them as well or leave them set as none. So far, Avahi still will not route traffic.


  • Rebel Alliance Developer Netgate

    Leave them on 'none'

    And now that they're interfaces, make sure they also have firewall rules on their interface tabs under Firewall > Rules.

    That's about all there is to it.


Locked