[avahi] breaking avahi through vpn

Sebastien Estienne sebastien.estienne at gmail.com
Sun Feb 12 03:27:34 PST 2006

Hello Maw

On 2/12/06, Max Kutny <mkutny at gmail.com> wrote:
> Hi Lennart,
> I have several hosts on a public LAN tight together via a private VPN.
> Once I got service discovery working on public LAN I chose to switch
> to more secure environment and tried to setup discovery over the
> private network. Unfortunately it didn't work for me.
> Digging a bit I stumbled over a mail
> (http://lists.freedesktop.org/archives/avahi/2005-July/000075.html)
> saying that avahi treats interface with POINTOPOINT flag set as
> irrelevant. Although, VPN tunnels are organized exactly with this flag
> set:
> 7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/[65534]
> Manually crafting and sending UDP packet with destination
> "" shows that it successfully gets broadcasted via VPN
> tunnels.
> What's the rationale behind skipping POINTOPOINT interfaces? Could it
> be possible to make avahi more VPN friendly?

Yes, avahi doesn't handle iface that have the PTP flag on them. As far
as i remember the rationale with not supporting vpn was the timing
Mdns was design to work on lan (latency below 1ms), so it expects to
have answers in timeframe that is not compatible with vpn (wan,
latencies that are often more than 50ms)
So mdns may not run reliably over vpn.

We see a growing need to support vpn, but the best solution may be to
implement realying gateway

gateway A would answers on vpn A about services discovered by gateway B on vpn B
gate A and gate B would exchange their browsing list over unicast.

I think that samba offer such a solution for Netbios browing.

This would be the reflector for vpns.

> Thanks.
> -- Max
> _______________________________________________
> avahi mailing list
> avahi at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/avahi

Sebastien Estienne

More information about the avahi mailing list