[avahi] breaking avahi through vpn
Trent Lloyd
lathiat at bur.st
Sun Feb 12 03:33:05 PST 2006
On Sunday 12 February 2006 19:27, Sebastien Estienne wrote:
> Hello Maw
>
> On 2/12/06, Max Kutny <mkutny at gmail.com> wrote:
> > Hi Lennart,
> >
> > I have several hosts on a public LAN tight together via a private VPN.
> > Once I got service discovery working on public LAN I chose to switch
> > to more secure environment and tried to setup discovery over the
> > private network. Unfortunately it didn't work for me.
> >
> > Digging a bit I stumbled over a mail
> > (http://lists.freedesktop.org/archives/avahi/2005-July/000075.html)
> > saying that avahi treats interface with POINTOPOINT flag set as
> > irrelevant. Although, VPN tunnels are organized exactly with this flag
> > set:
> > 7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
> > 100 link/[65534]
> >
> > Manually crafting and sending UDP packet with destination
> > "224.0.0.251.5353" shows that it successfully gets broadcasted via VPN
> > tunnels.
> >
> > What's the rationale behind skipping POINTOPOINT interfaces? Could it
> > be possible to make avahi more VPN friendly?
>
> Yes, avahi doesn't handle iface that have the PTP flag on them. As far
> as i remember the rationale with not supporting vpn was the timing
> issues.
> Mdns was design to work on lan (latency below 1ms), so it expects to
> have answers in timeframe that is not compatible with vpn (wan,
> latencies that are often more than 50ms)
> So mdns may not run reliably over vpn.
Thats not really correct, mdns will run over larger latencies, wireless
networks often have latencies of 3-4ms+
read the spec for the exact timings.
> We see a growing need to support vpn, but the best solution may be to
> implement realying gateway
>
> gateway A would answers on vpn A about services discovered by gateway B on
> vpn B gate A and gate B would exchange their browsing list over unicast.
>
> I think that samba offer such a solution for Netbios browing.
>
> This would be the reflector for vpns.
Cheers,
Trent
>
> > Thanks.
> >
> > -- Max
> > _______________________________________________
> > avahi mailing list
> > avahi at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/avahi
>
> --
> Sebastien Estienne
More information about the avahi
mailing list