[avahi] breaking avahi through vpn

Lennart Poettering lennart at poettering.net
Sun Feb 12 04:06:08 PST 2006

On Sun, 12.02.06 01:39, Max Kutny (mkutny at gmail.com) wrote:


> What's the rationale behind skipping POINTOPOINT interfaces? Could it
> be possible to make avahi more VPN friendly?

This is slowly becoming an FAQ.

There are actually two reasons:

Firstly, mDNS is designed for low latency links such as ethernet or
WLAN. Some timing limitations make mDNS unreliable across long latency
links, such as modem or VPN.  (latency must not exceed more than a few
10ms) For high latency links we suggest using DNS-SD over traditional
unicast DNS (aka "wide area bonjour"). Unfortunately, as of now Avahi
supports Wide-Area-DNS-SD in a read-only fashion only.

Secondly, mDNS is designed to be used in "trusted" networks
only. There is a big chance that interfaces with the POINTOPOINT bit
set are directed to the internet (PPP of some kind), hence we try to
avoid them like the devil the holy water.

If you're feeling lucky you can enable mDNS over pointopoint links by
commenting the line containing "IFF_POINTOPOINT" in
avahi-core/iface-linux.c and recompiling. YMMV! (We might even make
this a user configurable option eventually, since so many people ask
for it.)


Lennart Poettering; lennart [at] poettering [dot] net
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.net/lennart/

More information about the avahi mailing list