[avahi] Fun with OpenVPN

Kyle Rose krose at krose.org
Tue Sep 28 15:53:30 PDT 2010 

So, I have an OpenVPN TUN VPN set up between two machines. I have
avahi running on one of these machines, and want mDNS to work over the
VPN. Avahi is listening on 0.0.0.0:5353/udp according to netstat
-lnpu. When I run mdns-scan on the other machine I do get multicast
packets over the tunnel, as the following tcpdump on the server
indicates:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tunhw, link-type RAW (Raw IP), capture size 65535 bytes
15:04:16.780726 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_services._dns-sd._udp.local. (46)
15:04:16.781627 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_ssh._tcp.local. (33)
15:04:16.781809 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_sftp-ssh._tcp.local. (38)
15:04:16.781860 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_rfb._tcp.local. (33)
15:04:16.781907 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_workstation._tcp.local. (41)
15:04:16.781954 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_net-assistant._udp.local. (43)
15:04:16.782063 IP 192.168.35.130.5353 > 224.0.0.251.5353: 0 PTR (QM)?
_ssh._tcp.local. (33)

etc.

However, avahi seems not to get the packets (at least, strace shows
zero activity within avahi-daemon while the scanner is running), and I
have no idea where they are getting dropped. I have confirmed that
they are *not* being dropped by iptables, but something else is
failing to deliver them to avahi. rp_filter is OFF on the tunnel
interface, so it's not source address verification. Avahi *is*
configured to allow point-to-point interfaces. Any ideas?

I've heard that switching the tunnel to a TAP-style VPN has resolved
the issue for some people, but I want to understand the root cause
because packets are *clearly* getting through the tunnel, but are
being dropped on the floor somewhere after they arrive at the server's
VPN interface. I get the feeling that this is going to be something
very simple, but I'm not sure how to debug how Linux decides to drop
packets vs. deliver them to sockets.

Both machines are running various forms of linux-2.6.32 (client Ubuntu
Lucid, server Debian Squeeze).

More information about the avahi mailing list