Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Create the illusion that Bonjour works over a VPN Network
If you're a Mac user who often uses VPN connections, you'll notice one very disappointing thing about connecting to your corporate or personal network over such tunneled connections: typically, Bonjour-style addresses (such as computer-name.local) don't work. This is because multicast DNS (or mDNS) doesn't work over a tunnel. Though there are ways to get it functional, they are pretty complicated and require that you have a lot of esoteric networking knowledge.

However, if the services you typically access via Bonjour use static IP addresses, then there is one age-old networking technique you can use to simulate Bonjour-style naming conventions without actually using Bonjour. This, of course, is the /etc/hosts file.

The /etc/hosts file is a simple, static, text-based mapping of computer names to IP addresses. It does exactly what Bonjour does, except it doesn't keep itself up to date when things change. Of course, if you're using static IPs for the services you want access to, you can pretty safely assume that things aren't going to be changing frequently anyway. Long-time sysadmins will laugh at this, but I say let them laugh. This is remarkably useful and very easy to implement.

Let's assume I'm running a personal web server on my home network, and I can access my home network via a VPN. On my home network, my web server's IP address is, say, 192.168.0.100, and I usually access it as http://server.local/. All I need to do is open a Terminal prompt and run the following commands as an administrative user:
sudo echo "192.168.2.100 server.local" >> /etc/hosts
That's it. What this does is hard-wire the name server.local so that it always resolves to the IP address 192.168.2.100. Now, any time anything on my computer tries to access server.local, it'll always access 192.168.2.100 directly, instead of ever needing to make an mDNS query on the network. The net effect is that we can trick our computer into thinking that Bonjour is working, even when it's not -- such as over a VPN connection.

Note that in default cases, hard-wiring an IP address like this completely prevents your computer from ever asking other computers (such as DNS servers) what the current IP address for a particular defined name is. That means if the IP address of the remote server changes, you won't be notified, and things will just not work. So be mindful that you've made this change, and revert it as a first step in troubleshooting procedures.

By the way, Windows users can do the very same thing simply by editing their etc/hosts file. They can find this file at C:WINDOWSsystem32driversetchosts, and can edit it with Notepad. They will also need to install Bonjour for Windows to get Bonjour working in the first place, of course.

I originally posted this to my blog as One minute Mac tip: Create the illusion that Bonjour works over a VPN.
    •    
  • Currently 2.25 / 5
  You rated: 4 / 5 (8 votes cast)
 
[40,361 views]  

Create the illusion that Bonjour works over a VPN | 10 comments | Create New Account
Click here to return to the 'Create the illusion that Bonjour works over a VPN' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create the illusion that Bonjour works over a VPN
Authored by: Alrescha on Jun 27, '08 08:14:38AM
I don't get it. What's the point of forcing a non-local machine into a namespace which specifically exists to designate local machines?

Why don't you just use 'server' and talk to http://server instead?

A.
(whose intuition says that mucking with Bonjour's namespace is a questionable practice)

[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: meitar on Jun 30, '08 09:44:36PM

I've been in more than a few design agencies that use Mac OS X machines as their server computers for this, that, or the other thing. As a result, most of these services are accessible via Bonjour (since few of these companies set up proper DNS…). So the point is not to force a remote machine into a local namespace, but rather to accommodate remote machines with Bonjour-style names, which are a) not always remote and b) typically use '.local' as their TLD anyway.

---
-Meitar Moscovitz
Professional: http://MeitarMoscovitz.com/
Personal: http://maymay.net/



[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: vansie on Jun 27, '08 08:37:10AM
I'd probably try my luck with something like mbridge, which sets up a proxy between your local network interface's mDNS services and other (external) interfaces like your VPN's ppp0.

Or, from the README:
  'mbridge' queries for and listens to announcements for instances of the
  desired service using the multicast DNS (mDNS) service discovery protocol.

  Upon discovery of a new instance, 'mbridge' announces itself as the
  provider for that service on all the other LANs. It then acts as a proxy
  between the clients and the real server.
http://strange.nsk.no-ip.org/projects/mbridge/

P.

[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: deleted_user14 on Jun 27, '08 08:52:41AM

I am using OpenVPN running in bridged mode, and connecting using Tunnelblick. Bonjour-style names work fine. The remote computers all show up in Bonjour Browser right when the VPN connects, and you can ssh some-computer.local without a hitch.



[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: meitar on Jun 30, '08 09:48:16PM

Yeah, OpenVPN is by far my favorite VPN solution. However, most people who use Macs and a VPN are using the Apple-provided VPN server which only does PPTP or L2TP/IPSec tunneling. OpenVPN uses SSL to create the secure tunnel and is generally a more configurable product…. The point still stands, though, that without "esoteric networking knowledge" you'll probably find mDNS queries blocked by a VPN.

---
-Meitar Moscovitz
Professional: http://MeitarMoscovitz.com/
Personal: http://maymay.net/



[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: Anonymous on Jul 01, '08 12:29:54PM
See, the problem I have with this is that you're providing a solution to use mDNS hostnames in another domain; thereby creating a kind of bridge. Now, it's hardly "esoteric" to distil that down to "Oh, I need an mDNS bridge", is it?

However, going digging in to the static files in /etc (many of which are ignored or deprecated in OS X) is seen as somehow (for want of a better word) unesoteric? Yeah sure, it'll work ... until it doesn't.

I'm not laughing, I'm just puzzled why you'd go to all this effort to avoid learning something useful?

[ Reply to This | # ]

Create the illusion that Bonjour works over a VPN
Authored by: meitar on Sep 23, '08 07:56:32PM

You make a good point. I'm not trying to avoid learning something useful, I just haven't learned it yet and this was a solution that works for my admittedly simple situation. Also, I suppose it depends on what "estoric" means to you. Messing with /etc/hosts is far less esoteric to my mind than mDNS if only because it is more primitive.

---
-Meitar Moscovitz
Professional: http://MeitarMoscovitz.com/
Personal: http://maymay.net/

[ Reply to This | # ]

Create the illusion that Bonjour works over a VPN
Authored by: kioarthurdane on Jun 30, '08 07:30:52AM
I've found that Hamachi + Bonjour (for Mac or Windows) generally lets me do anything I need with little to no configuration. The only trick is getting Hamachi running, which I have set up a Terminal script to run at login so I don't have to worry later if it's running.

Hamachi is not open source and is found at www.logmein.com . The Mac version is still 0.9.x, requires a separate tunneling driver (linked from the download section), and has no native GUI.

[ Reply to This | # ]
Create the illusion that Bonjour works over a VPN
Authored by: meitar on Jun 30, '08 10:23:10PM

This is probably obvious to most people, but I just wanted to mention that it seems as though Geeklog has eaten the backslashes in parts of this post. Specifically, the line that reads

C:WINDOWSsystem32driversetchosts

should read: C:\WINDOWS\system32\drivers\etc\hosts

Also there is a minor typo in the original post. Instead of 192.168.0.100, the IP address should have read 192.168.2.100. :)

---
-Meitar Moscovitz
Professional: http://MeitarMoscovitz.com/
Personal: http://maymay.net/

[ Reply to This | # ]

Create the illusion that Bonjour works over a VPN
Authored by: audiophil on Jul 02, '08 12:24:56AM

This is nice and all but it's probably better to encourage folks to use internal DNS instead. From a best practices perspective. . . .this might be fine for joe schmoe's home network but for buisness use. . NO. Suck it up and use dns.



[ Reply to This | # ]