[avahi] breaking avahi through vpn

Sebastien Estienne sebastien.estienne at gmail.com
Sun Feb 12 04:29:43 PST 2006 

On 2/12/06, Trent Lloyd <lathiat at bur.st> wrote:
> On Sunday 12 February 2006 19:27, Sebastien Estienne wrote:
> > Hello Maw
> >
> > On 2/12/06, Max Kutny <mkutny at gmail.com> wrote:
> > > Hi Lennart,
> > >
> > > I have several hosts on a public LAN tight together via a private VPN.
> > > Once I got service discovery working on public LAN I chose to switch
> > > to more secure environment and tried to setup discovery over the
> > > private network. Unfortunately it didn't work for me.
> > >
> > > Digging a bit I stumbled over a mail
> > > (http://lists.freedesktop.org/archives/avahi/2005-July/000075.html)
> > > saying that avahi treats interface with POINTOPOINT flag set as
> > > irrelevant. Although, VPN tunnels are organized exactly with this flag
> > > set:
> > > 7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
> > > 100 link/[65534]
> > >
> > > Manually crafting and sending UDP packet with destination
> > > "224.0.0.251.5353" shows that it successfully gets broadcasted via VPN
> > > tunnels.
> > >
> > > What's the rationale behind skipping POINTOPOINT interfaces? Could it
> > > be possible to make avahi more VPN friendly?
> >
> > Yes, avahi doesn't handle iface that have the PTP flag on them. As far
> > as i remember the rationale with not supporting vpn was the timing
> > issues.
> > Mdns was design to work on lan (latency below 1ms), so it expects to
> > have answers in timeframe that is not compatible with vpn (wan,
> > latencies that are often more than 50ms)
> > So mdns may not run reliably over vpn.
>
> Thats not really correct, mdns will run over larger latencies, wireless
> networks often have latencies of 3-4ms+
>
> read the spec for the exact timings.
>

yeah i knew i wasn't in the exact values i just wanted to give the big picture.

> > We see a growing need to support vpn, but the best solution may be to
> > implement realying gateway
> >
> > gateway A would answers on vpn A about services discovered by gateway B on
> > vpn B gate A and gate B would exchange their browsing list over unicast.
> >
> > I think that samba offer such a solution for Netbios browing.
> >
> > This would be the reflector for vpns.
>
> Cheers,
> Trent
>
> >
> > > Thanks.
> > >
> > > -- Max
> > > _______________________________________________
> > > avahi mailing list
> > > avahi at lists.freedesktop.org
> > > http://lists.freedesktop.org/mailman/listinfo/avahi
> >
> > --
> > Sebastien Estienne
> _______________________________________________
> avahi mailing list
> avahi at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/avahi
>


--
Sebastien Estienne

More information about the avahi mailing list