Bonjour over VPN?

Hey, I know this isn't the focus here, but I can't imagine anywhere that has a greater concentration of people who would want to do this with Unifi equipment.

I've upgraded from my crapstastic CenturyLink modem/router combo to transparently bridging it and using a USG. It's working great, and so many super powers!

I've even successfully set up the USG as a VPN server, and have that working fine, except for one thing: Bonjour/Zeroconf is not making it from my "corporate" LAN to my VPN. When I'm remote and connected to the VPN, I can access anything I want that's on my LAN by IP address, but nothing appears, for example, in the Finder sidebar for Devices, and I can't surf to .local web addresses.

I've turned on mDNS, and I've scoured the Unifi boards, and I can't find instructions on how to fix this. Has anyone here gotten this working with a similar configuration?

My setup is

DSL Modem > USG > Dumb Switch > Unifi Wifi AP

And Karl, just saying again: I wouldn't own a single piece of Ubiquiti equipment if it wasn't for your Indigo plugin! Now I'm going to roll it out for our remote work site too.

I'm led to believe that it's possible to configure Bonjour to work over VPN, but I've not had a need so I never looked into it. For the things that I do which would normally rely on Bonjour, I just access the protocol directly [EDIT: when on VPN]. This may not work for everything that you're looking to do.

From within Finder, select 'Go' and then 'Connect to Server'.
smb://192.168.1.1
afp://192.168.1.1
vnc://192.168.1.1

You can save these links in that dialog to make life a little bit easier.

As a side note, in later versions of OS X, I've found SMB to be more stable than AFP (even when home). For example, to run iTunes off a NAS-based iTunes library, I map to the NAS using SMB and it works every time. Using AFP, it might work 10 percent of the time--if that.

So, not a direct answer to your question, but perhaps a reasonable workaround.

found this: "If you use a L2 VPN setup, then broadcasts like mDNS should work just fine as long as VPN clients are on the >>>>same subnet <<<<< as everything else."

and in USG vpn needs to run on a different subnet... I have internal 192.168.1.x and vpn is 192.168.2.x...

and UniFis vpn is not layer 2

when I was using the OSX vpn solution (which apple turned off in in upgrade ) it was working, the MAC used 192.168.1.250..255 for VPN which was also part of the internal network

Karl

(and my att router is 192.168.0.x, need to do double netting )

If you are using L2TP, I think you should add "l2tp0" as an interface on the mDNS repeater. That will do it even if subnets are different.

But this assumes that you have only 1 class of remote user, and they should see everything. Also, if you have multiple simultaneous connections, you will have interfaces l2tp0, l2tp1, etc. created when a new vpn session is established.

I read on the ubnt boards that you can use "l2tp+" as a wildcard for any l2tp interface. You'll need to do this from the command line because it will be rejected as invalid from the EdgeRouter gui (and I don't believe you can even get to this from UniFi gui).

set service mdns repeater interface l2tp+

You might need to use vtun0, tun0, etc. depending on how your network is set up. Basically, get the dynamically-created interface into the mDNS repeater config.

Disclaimer: I am not a network guy, and am only repeating what I've read elsewhere. So, in other words, perfectly dangerous! But I find my ubnt gear to be awesome.

This must be where the edge of my knowledge is a cliff I fall off.

Trying that lt2p+ command in the USG results in an error.