Hello all, I am trying to get avahi to work with an openvpn tunnel (tried TAP causes too many other problems) to reflect mDNS across the VPN. I think I may be running into a bug with avahi. I keep getting an internal server error when trying to access avahi.org, so I decided to try posting here since I think the problem is on the tomato side, more specifically with the version of avahi from entware. After a lot of digging I found this post: https://forum.openwrt.org/viewtopic.php?id=26587 which also links to http://lists.freedesktop.org/archives/avahi/2011-January/001970.html. Without access to the avahi bug tracker I can only assume that they never fixed it. Here are my logs that lead me to my conclusion: Network setup LAN B 192.168.3.0/24 ---> Router B --- (( internet)) --- Router A <---- LAN A 192.168.7.0/24 ====== tunnel 10.0.8.0/24 ====== Router B = RTN66U running Shibby 1.28.0000 MIPSR2-112 with entware, avahi 0.6.31 Router A = pfsense 2.1RC0 built Sunday Aug 18th, avahi 0.6.29 From router B Aug 21 11:53:51 snip daemon.info avahi-daemon: Joining mDNS multicast group on interface tun11.IPv4 with address 10.0.8.13. Aug 21 11:53:51 snip daemon.info avahi-daemon: New relevant interface tun11.IPv4 for mDNS. Aug 21 11:53:51 snip daemon.info avahi-daemon: Joining mDNS multicast group on interface br0.IPv4 with address 192.168.3.1. Aug 21 11:53:51 snip daemon.info avahi-daemon: New relevant interface br0.IPv4 for mDNS. Aug 21 11:53:51 snip daemon.info avahi-daemon: Network interface enumeration completed. tun11 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.0.8.14 P-t-P:10.0.8.13 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:207 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1964 (1.9 KiB) TX bytes:21215 (20.7 KiB) root@snip:/opt/etc/dbus-1# cat /opt/etc/avahi/avahi-daemon.conf [server] #host-name=foo #domain-name=local use-ipv4=yes use-ipv6=no check-response-ttl=no use-iff-running=no allow-point-to-point=yes deny-interfaces=ppp0,vlan2 [publish] publish-addresses=yes publish-hinfo=yes publish-workstation=no publish-domain=yes #publish-dns-servers=192.168.1.1 #publish-resolv-conf-dns-servers=yes [reflector] enable-reflector=yes reflect-ipv=yes [rlimits] #rlimit-as= rlimit-core=0 rlimit-data=4194304 rlimit-fsize=0 rlimit-nofile=30 rlimit-stack=4194304 rlimit-nproc=3 From router A Aug 21 10:51:03avahi-daemon: Joining mDNS multicast group on interface ovpns2.IPv4 with address 10.0.8.1. Aug 21 10:51:03avahi-daemon: New relevant interface ovpns2.IPv4 for mDNS. Aug 21 10:51:03avahi-daemon: Network interface enumeration completed ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet6 fe80::2e0:6fff:fe12:6c0f%ovpns2 prefixlen 64 scopeid 0xd inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff nd6 options=3<PERFORMNUD,ACCEPT_RTADV> Opened by PID 74325 [2.1-RC1][admin@snip]/usr/pbi/avahi-amd64/etc/avahi(55): cat avahi-daemon.conf # avahi.conf - This file was automatically generated by the pfSense pacakge # manager. Do not edit this file, it will be overwritten automatically. # See /usr/local/pkg/avahi.inc to make changes to this file! [server] host-name=snip domain-name=snip browse-domains="local, 0pointer.de, zeroconf.org" deny-interfaces=re0_vlan3, re1_vlan5, pppoe0 use-ipv4=yes use-ipv6=no enable-dbus=no #check-response-ttl=no #use-iff-running=no #disallow-other-stacks=no allow-point-to-point=yes [wide-area] enable-wide-area=yes [publish] #disable-publishing=no #disable-user-service-publishing=no #add-service-cookie=no #publish-addresses=yes #publish-hinfo=yes #publish-workstation=yes #publish-domain=yes #publish-dns-servers=192.168.50.1, 192.168.50.2 #publish-resolv-conf-dns-servers=yes #publish-aaaa-on-ipv4=yes #publish-a-on-ipv6=no [reflector] enable-reflector=yes #reflect-ipv=no [rlimits] rlimit-core=0 rlimit-data=4194304 rlimit-fsize=0 rlimit-nofile=300 rlimit-stack=4194304 rlimit-nproc=3 #rlimit-as= So the A side is selecting the correct IP address but B side is choosing the PtP IP which is wrong and as such it is not reflecting across. Both firewall rulesets allow all traffic destined for 188.8.131.52/4 on the LAN and the Tunnel interfaces. I'm hoping some of the more gifted programmers that have access to avahi's source code can confirm/deny my analysis and perhaps get the entware version fixed.