How can Bonjour be setup to function over a VPN connection using Mac OS X — Mountain Lion Server?

I purchased Mountain Lion Server for our office thinking that Bonjour would automatically enable any computers connected via VPN to see all computers and applications (such as Bento) running on the office network. The hope was that those of us working at home would feel just like we were in the office, with all network services working transparently over the VPN connection. However, I see that Bonjour (aka mDNS) is not enabled to work over the VPN by default.

Can I configure Mountain Lion Server to automatically pass Bonjour traffic over the VPN? Is there any reason not to do this?


Solution 1:

It's true that a pure layer 2 vpn setup would instantly enables the bonjour service without any other configurations. The difficulty is to find a layer 2 vpn, to install it and configure it. There are probably some proprietary solutions that enable this feature. To my knowledge there is only 1 good layer 2 vpn. It's open source and it's call openvpn. It does layer 3 vpn via the tun adapter and also layer 2 via the tap adapter.

To give more details on the installation of a layer 2 vpn, one need to understand some fundamentals basic of linux and networking. The vpn client will need to be in the same subnet or also know as vlan or even broadcast domain as the other bonjour devices like printer, mac osx server, etc. In order to do so, a linux/unix server serving as the vpn will bridge one of it's network card which is in the same vlan/subnet.

For the more experimented here is a very useful document on the setup.

https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html

If it's too technical, this article seems to also be helpful for a more straightforward way of deploying a layer 2 vpn for bonjour.

http://www.wedebugyou.com/2013/01/how-to-use-bonjour-over-vpn/

Solution 2:

If you use a L2 VPN setup, then broadcasts like mDNS should work just fine as long as VPN clients are on the same subnet as everything else.

If you use a L3 VPN solution, then you'll have to use a technology that can handle mDNS across broadcast domains. Allowing the 224.0.0.251 multicast group across routes should do this usually.