Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Daniel L. Smith
Daniel L. Smith Author
User level: Level 1
19 points

Bonjour/zeroconf via VPN

Trying to set up the VPN server to access my home network when away. After switching it on, configuring my MacBook, and connecting from an outside network, I was surprised not to see any Bonjour services advertised (e.g., in the Finder sidebar); nor was I able to resolve "Foo.local" host names, the way I would be able to on my home network. I could still connect to things with a local IP address (10.0.21.*), so the basic connection seemed to be working.


Is this expected behavior?


IF SO, are there any settings I can use, extra utilities I can install, etc., to enable access to Bonjour services via a VPN connection? It would be a shame if it's not possible, since almost everything on my local network is accessed with Bonjour. I guess the alternative is to assign well-known IP addresses to everything and manually connect to those as needed. Yuck.


IF NOT, what are likely explanations for what's going wrong? I'm aware of the potential for conflicts between IP ranges, and confirmed that the two ranges were different (10.0.0.* at the remote site, 10.0.21.* in my home network). I tried reordering the services in my MacBook's System Preferences (under "Network") so that the VPN was first, or last, but that didn't seem to help. Maybe there's just something obvious I'm overlooking?

Mac mini, OS X Yosemite (10.10.1)

Posted on Jan 19, 2015 8:39 PM

Reply
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Posted on Jan 20, 2015 4:57 AM

Bonjour is intended to only work on the single LAN i.e. broadcast domain. It will work between an Ethernet and WiFi network if the WiFi is 'bridged' to the Ethernet network, it will not work (normally) across routers or VLANs as both of these involve different broadcast domains. Similarly it will not work via a VPN link.


The nearest solution to your requirement is 'Wide Area Bonjour' which is intended for use across routers or VLANs - which would have a router linking them. I suspect it will not be practical to get this working across a VPN connection.


If your servers have static IP addresses then you can as your are use those to access them, but you could also setup DNS records to point to them.

View in context
5 replies
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Jan 20, 2015 4:57 AM in response to Daniel L. Smith

Bonjour is intended to only work on the single LAN i.e. broadcast domain. It will work between an Ethernet and WiFi network if the WiFi is 'bridged' to the Ethernet network, it will not work (normally) across routers or VLANs as both of these involve different broadcast domains. Similarly it will not work via a VPN link.


The nearest solution to your requirement is 'Wide Area Bonjour' which is intended for use across routers or VLANs - which would have a router linking them. I suspect it will not be practical to get this working across a VPN connection.


If your servers have static IP addresses then you can as your are use those to access them, but you could also setup DNS records to point to them.

Reply
User profile for user: Daniel L. Smith
Daniel L. Smith Author
User level: Level 1
19 points

Jan 20, 2015 10:08 AM in response to John Lockwood

Okay, thanks.


What I really want is for the VPN link to be part of the same subnet, which seemed to me should just naturally be the case if it gets an IP address from the same subnet. Looks like what I'm after is the equivalent of OpenVPN's "bridge mode": https://community.openvpn.net/openvpn/wiki/OpenVPNBridging. I take it that the VPN software bundled with OS X Server is not capable of this behavior? (It would help to know what this VPN software actually is -- something proprietary developed by Apple? -- and whether it supports any configuration settings beyond what the UI presents.)

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Jan 20, 2015 11:31 AM in response to Daniel L. Smith

The VPN software built-in to OS X is mainly Racoon but heavily customised by Apple. Apple's instructions say to use a separate range of IP addresses for VPN clients.


In theory yes you could use a range of IP address in the same subnet as your LAN as long as they do not overlap your DHCP server issued range or any or in use addresses. However everyone's experience is that regardless of this Bonjour as standard does not work across the VPN link. The only option that might help is as I mentioned to look at setting up Wide Area Bonjour but this is not something I have done myself.


Not that it may suit you but for a related use of remote controlling Macs via Screen Sharing, one can use Apple Remote Desktop (the admin version) to scan an IP range and find all the available Macs. This does not rely on the Bonjour approach used by the Finder to find Macs offering Screen Sharing.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,535 points

Jan 20, 2015 1:43 PM in response to Daniel L. Smith

IF SO, are there any settings I can use, extra utilities I can install, etc., to enable access to Bonjour services via a VPN connection?

Yes. There is a third-party product called "Slink Server" that should be able to do what you want. It tunnels Bonjour traffic through SSH. The client application will have to be installed on each client.


Otherwise, you'll have to delve into wide-area Bonjour.

Reply

Bonjour/zeroconf via VPN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up