1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato, Avahi(entware) and openvpn tunnel

Discussion in 'Tomato Firmware' started by Moosecall, Aug 21, 2013.

  1. Moosecall

    Moosecall Reformed Router Member

    Hello all, I am trying to get avahi to work with an openvpn tunnel (tried TAP causes too many other problems) to reflect mDNS across the VPN. I think I may be running into a bug with avahi. I keep getting an internal server error when trying to access avahi.org, so I decided to try posting here since I think the problem is on the tomato side, more specifically with the version of avahi from entware.

    After a lot of digging I found this post: https://forum.openwrt.org/viewtopic.php?id=26587 which also links to http://lists.freedesktop.org/archives/avahi/2011-January/001970.html. Without access to the avahi bug tracker I can only assume that they never fixed it.

    Here are my logs that lead me to my conclusion:

    Network setup

    LAN B 192.168.3.0/24 ---> Router B --- (( internet)) --- Router A <---- LAN A 192.168.7.0/24
    ====== tunnel 10.0.8.0/24 ======

    Router B = RTN66U running Shibby 1.28.0000 MIPSR2-112 with entware, avahi 0.6.31
    Router A = pfsense 2.1RC0 built Sunday Aug 18th, avahi 0.6.29


    From router B

    Aug 21 11:53:51 snip daemon.info avahi-daemon[7037]: Joining mDNS multicast group on interface tun11.IPv4 with address 10.0.8.13.
    Aug 21 11:53:51 snip daemon.info avahi-daemon[7037]: New relevant interface tun11.IPv4 for mDNS.
    Aug 21 11:53:51 snip daemon.info avahi-daemon[7037]: Joining mDNS multicast group on interface br0.IPv4 with address 192.168.3.1.
    Aug 21 11:53:51 snip daemon.info avahi-daemon[7037]: New relevant interface br0.IPv4 for mDNS. Aug 21 11:53:51 snip daemon.info avahi-daemon[7037]: Network interface enumeration completed.


    tun11 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.0.8.14 P-t-P:10.0.8.13 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:12 errors:0 dropped:0 overruns:0 frame:0
    TX packets:207 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:1964 (1.9 KiB) TX bytes:21215 (20.7 KiB)

    root@snip:/opt/etc/dbus-1# cat /opt/etc/avahi/avahi-daemon.conf
    [server]
    #host-name=foo
    #domain-name=local
    use-ipv4=yes
    use-ipv6=no
    check-response-ttl=no
    use-iff-running=no
    allow-point-to-point=yes
    deny-interfaces=ppp0,vlan2

    [publish]
    publish-addresses=yes
    publish-hinfo=yes
    publish-workstation=no
    publish-domain=yes
    #publish-dns-servers=192.168.1.1
    #publish-resolv-conf-dns-servers=yes

    [reflector]
    enable-reflector=yes
    reflect-ipv=yes

    [rlimits]
    #rlimit-as=
    rlimit-core=0
    rlimit-data=4194304
    rlimit-fsize=0
    rlimit-nofile=30
    rlimit-stack=4194304
    rlimit-nproc=3



    From router A

    Aug 21 10:51:03avahi-daemon[8871]: Joining mDNS multicast group on interface ovpns2.IPv4 with address 10.0.8.1.
    Aug 21 10:51:03avahi-daemon[8871]: New relevant interface ovpns2.IPv4 for mDNS.
    Aug 21 10:51:03avahi-daemon[8871]: Network interface enumeration completed




    ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet6 fe80::2e0:6fff:fe12:6c0f%ovpns2 prefixlen 64 scopeid 0xd
    inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff
    nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
    Opened by PID 74325

    [2.1-RC1][admin@snip]/usr/pbi/avahi-amd64/etc/avahi(55): cat avahi-daemon.conf

    # avahi.conf - This file was automatically generated by the pfSense pacakge
    # manager. Do not edit this file, it will be overwritten automatically.
    # See /usr/local/pkg/avahi.inc to make changes to this file!

    [server]
    host-name=snip
    domain-name=snip
    browse-domains="local, 0pointer.de, zeroconf.org"
    deny-interfaces=re0_vlan3, re1_vlan5, pppoe0
    use-ipv4=yes
    use-ipv6=no
    enable-dbus=no
    #check-response-ttl=no
    #use-iff-running=no
    #disallow-other-stacks=no
    allow-point-to-point=yes

    [wide-area]
    enable-wide-area=yes

    [publish]
    #disable-publishing=no
    #disable-user-service-publishing=no
    #add-service-cookie=no
    #publish-addresses=yes
    #publish-hinfo=yes
    #publish-workstation=yes
    #publish-domain=yes
    #publish-dns-servers=192.168.50.1, 192.168.50.2
    #publish-resolv-conf-dns-servers=yes
    #publish-aaaa-on-ipv4=yes
    #publish-a-on-ipv6=no

    [reflector]
    enable-reflector=yes
    #reflect-ipv=no

    [rlimits]
    rlimit-core=0
    rlimit-data=4194304
    rlimit-fsize=0
    rlimit-nofile=300
    rlimit-stack=4194304
    rlimit-nproc=3
    #rlimit-as=

    So the A side is selecting the correct IP address but B side is choosing the PtP IP which is wrong and as such it is not reflecting across. Both firewall rulesets allow all traffic destined for 224.0.0.0/4 on the LAN and the Tunnel interfaces.

    I'm hoping some of the more gifted programmers that have access to avahi's source code can confirm/deny my analysis and perhaps get the entware version fixed.
     
  2. RDHLLC

    RDHLLC Serious Server Member

    Did you ever get this working? I would like to do the same [Pfsense] <--internet/openvpn--> [Shibby TomatoUSB] passing bonjour data.
     

Share This Page