mDNS on different subnets via VPN

[Igor]

Two local networks on two routers are connected via OpenVPN.

The routers have files "/jffs/configs/avahi-daemon.conf.add" with the following settings:

[publish]
publish-addresses=yes
publish-hinfo=yes
publish-workstation=yes
publish-domain=yes

[reflector]
enable-reflector=yes

After rebooting (service restart_mdns) I see new parameters in "/tmp/avahi/avahi-daemon.conf"
Then I add network permissions on the routers:

iptables -I FORWARD -i br0 -o tun+ -j ACCEPT
iptables -I INPUT -i tun+ -p udp --dport 5353 -j ACCEPT

But this didn't help me with mDNS forwarding to another local network.
What needs to be done to make mDNS used in different subnets connected via OpenVPN?

 

[ColinTaylor]

This is just a guess but,

1) I don't think you need any additional iptables rules as there should already be rules that do the same thing. I'm assuming you have a working bidirectional OpenVPN LAN to LAN setup.

2) I think you also need to add the following line to the [Server] section of avahi-daemon.conf :

allow-point-to-point=yes

That way, when either avahi-daemon or openvpn starts up you should see messages similar to the following in the syslog.

Mar 21 16:28:48 avahi-daemon[6624]: Joining mDNS multicast group on interface tun21.IPv4 with address 10.8.100.1.
Mar 21 16:28:48 avahi-daemon[6624]: New relevant interface tun21.IPv4 for mDNS.
Mar 21 16:28:48 avahi-daemon[6624]: Registering new address record for 10.8.100.1 on tun21.IPv4.

and

Mar 21 16:29:11 avahi-daemon[6624]: Joining mDNS multicast group on interface tun11.IPv4 with address 10.100.0.2.
Mar 21 16:29:11 avahi-daemon[6624]: New relevant interface tun11.IPv4 for mDNS.
Mar 21 16:29:11 avahi-daemon[6624]: Registering new address record for 10.100.0.2 on tun11.IPv4.

This could be a security issue though if you have other point to point network interfaces to untrusted networks, e.g. a commercial VPN service. In that case you'd probably have to add either allow-interfaces= or deny-interfaces=.