Everything In Between

If your project so much as pretends to have a profit motive, I will tell you to go fuck yourself and your project.

One minute Mac tip: Create the illusion that Bonjour works over a VPN

4 comments

If you’re a Mac user who often uses VPN connections, you’ll notice one very disappointing thing about connecting to your corporate or personal network over such tunneled connections: typically, Bonjour-style addresses (such as “computer-name.local”) don’t work. This is because multicast DNS (or mDNS) doesn’t work over a tunnel. Though there are ways to get it functional, they are pretty complicated and require that you have a lot of esoteric networking knowledge.

However, if the services you typically access via Bonjour use static IP addresses, then there is one age-old networking technique you can use to simulate Bonjour-style naming conventions without actually using Bonjour. This, of course, is the /etc/hosts file.

The /etc/hosts is a simple, static, text-based mapping of computer names to IP addresses. It does exactly what Bonjour does except it doesn’t keep itself up to date when things change. Of course, if you’re using static IPs for the services you want access to, you can pretty safely assume that things aren’t going to be changing frequently anyway. Long-time sysadmins will laugh at this, but I say let them laugh. This is remarkably useful and very easy to implement.

Let’s assume I’m running a personal web server on my home network, and I can access my home network via a VPN. On my home network, my web server’s IP address is, say, 192.168.2.100, and I usually access it as http://server.local/. All I need to do is open a Terminal prompt and run the following commands as an administrative user:

sudo echo "192.168.2.100	server.local" >> /etc/hosts

That’s it. What this does is hard-wire the name server.local so that it always resolves to the IP address 192.168.2.100. Now, anytime anything on my computer tries to access server.local, it’ll always access 192.168.2.100 directly instead of ever needing to make an mDNS query on the network. The net effect is that we can trick our computer into thinking that Bonjour is working, even when it’s not—such as over a VPN connection.

Note that in default cases, hard-wiring an IP address like this completely prevents your computer from ever asking other computers (such as DNS servers) what the current IP address for this name is. That means if the IP address of the remote server changes, you won’t be notified, and things will just not work. So be mindful that you’ve made this change, and revert it as a first step in troubleshooting procedures.

By the way, Windows users can do the very same thing simply by editing their etc/hosts. They can find this file at C:\WINDOWS\system32\drivers\etc\hosts and can edit it with Notepad. They will also need to install Bonjour for Windows to get Bonjour working in the first place, of course.

Written by Meitar

June 26th, 2008 at 5:25 am

4 Responses to 'One minute Mac tip: Create the illusion that Bonjour works over a VPN'

Subscribe to comments with RSS or TrackBack to 'One minute Mac tip: Create the illusion that Bonjour works over a VPN'.

  1. Hey there,

    Thanks for your interesting post!

    I’ve set up a VPN Server for me and my friends (all mac users) using DD-WRT, and I have a problem, maybe you can help?

    My router (192.168.1.1) and my home computer (192.168.1.200) wants to bonjour-talk with my connected friends 192.168.1.130-140). Is there a way of using the hosts file for this?

    Best wishes,
    Abe

    Abe

    4 May 09 at 11:53 AM

  2. My router (192.168.1.1) and my home computer (192.168.1.200) wants to bonjour-talk with my connected friends 192.168.1.130-140). Is there a way of using the hosts file for this?

    Well, sure. You just need to find your friend’s bonjour name and IP address, and list these two things in a new line in the /etc/hosts file. You can do that by simply repeating this tip for each pair of hostname and IP address you want to statically “hardwire.”

    Of course, if your router is giving you and your friends IP addresses dynamically, i.e. via DHCP, then you whenever your friends get a new IP address you’ll need to update the hosts file again. That’s why this tip works best for servers, since their IP addresses rarely change.

    Meitar

    4 May 09 at 12:05 PM

  3. Hi Meitar,

    It is a nice post.
    I tried to follow your trick, but it still not work for me.
    My first network is 10.1.3.0/24 and the other is Route Based VPN
    I have added all the computer’s IP and name into the computer that i use over the VPN.
    But when i was open the iChat using Bonjour account, my buddy list is empty.
    Is it need to add the computer’s IP and name that i use over the VPN into all computers in 10.1.3.0/24 network ?

    Leonard

    20 Nov 09 at 2:12 AM

  4. Good article, but that won’t seem to make use of my router ip address, any helpful hints?

Leave a Reply

To skip the moderation queue, enter the BitCoin address from which you will send BTC