[avahi] avahi-daemon reflector over VPN on tun0 picks wrong address

Matt Ginzton magi at cs.stanford.edu
Sun Jan 9 18:17:02 PST 2011 

Hi,

I'm trying to use avahi-daemon's mDNS reflector to propagate mDNS across a VPN that I run. The VPN is implemented using openvpn on two openWRT routers, openvpn in routed mode (tun, not tap).

I know mDNS isn't generally recommended for VPN or P-t-P links but I had this setup working perfectly in the past, with an older version of openwrt, and was quite happy with the results.

When I try with the current version of openWRT (using Avahi 0.6.25 or 0.6.28), it fails to reflect any mDNS traffic across the VPN link -- short story is every sendmsg() call intended for the VPN link fails with EINVAL because the source address is invalid; long story follows.

I've configured avahi with

	[server]
	allow-point-to-point=yes
	deny-interfaces=eth1

	[reflector]
	enable-reflector=yes

beyond the defaults, so that it will see the VPN interface on tun0, and will not use the WAN link to my ISP on eth1.

Thus, at startup, avahi-daemon prints

Joining mDNS multicast group on interface tun0.IPv4 with address 192.168.255.2.
New relevant interface tun0.IPv4 for mDNS.
Joining mDNS multicast group on interface br-lan.IPv4 with address 192.168.1.1.
New relevant interface br-lan.IPv4 for mDNS.

The problem: this machine's IP address on the 192.168.255.0/24 subnet is not .2 as chosen here, it's .1. As shown by ifconfig:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
         inet addr:192.168.255.1  P-t-P:192.168.255.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         ....

If I hack avahi-daemon to specify 192.168.255.1, not 192.168.255.2, as the source address in the offending sendmsg() calls from avahi_send_dns_packet_ipv4(), it works like a charm.

So that seems to be the problem -- how can I fix it?
- why is avahi choosing the remote end, not the local end, of the P-t-P link as the canonical address on that link?
- is this configurable anywhere in avahi itself? (I don't see a way but thought I'd ask)
- is there some other way the interface should be configured so that avahi will choose 192.168.255.1 as the canonical address for that link?

thanks,

Matt

P.S. I mostly tested this on the openWRT box where I actually want to run openvpn as the VPN server, but I get similar results on a more normal Debian x86 Linux box with openvpn and avahi installed:

% ifconfig tun0 | head -3
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.255.10  P-t-P:192.168.255.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
% grep avahi /var/log/syslog | grep tun0 | tail -2
Jan  9 18:12:07 skynet avahi-daemon[32072]: New relevant interface tun0.IPv4 for mDNS.
Jan  9 18:12:07 skynet avahi-daemon[32072]: Registering new address record for 192.168.255.9 on tun0.IPv4.

More information about the avahi mailing list