One minute Mac tip: Create the illusion that Bonjour works over a VPN

If you’re a Mac user who often uses VPN connections, you’ll notice one very disappointing thing about connecting to your corporate or personal network over such tunneled connections: typically, Bonjour-style addresses (such as “computer-name.local”) don’t work. This is because multicast DNS (or mDNS) doesn’t work over a tunnel. Though there are ways to get it functional, they are pretty complicated and require that you have a lot of esoteric networking knowledge.

However, if the services you typically access via Bonjour use static IP addresses, then there is one age-old networking technique you can use to simulate Bonjour-style naming conventions without actually using Bonjour. This, of course, is the /etc/hosts file.

The /etc/hosts is a simple, static, text-based mapping of computer names to IP addresses. It does exactly what Bonjour does except it doesn’t keep itself up to date when things change. Of course, if you’re using static IPs for the services you want access to, you can pretty safely assume that things aren’t going to be changing frequently anyway. Long-time sysadmins will laugh at this, but I say let them laugh. This is remarkably useful and very easy to implement.

Let’s assume I’m running a personal web server on my home network, and I can access my home network via a VPN. On my home network, my web server’s IP address is, say,, and I usually access it as http://server.local/. All I need to do is open a Terminal prompt and run the following commands as an administrative user:

sudo echo "	server.local" >> /etc/hosts

That’s it. What this does is hard-wire the name server.local so that it always resolves to the IP address Now, anytime anything on my computer tries to access server.local, it’ll always access directly instead of ever needing to make an mDNS query on the network. The net effect is that we can trick our computer into thinking that Bonjour is working, even when it’s not—such as over a VPN connection.

Note that in default cases, hard-wiring an IP address like this completely prevents your computer from ever asking other computers (such as DNS servers) what the current IP address for this name is. That means if the IP address of the remote server changes, you won’t be notified, and things will just not work. So be mindful that you’ve made this change, and revert it as a first step in troubleshooting procedures.

By the way, Windows users can do the very same thing simply by editing their etc/hosts. They can find this file at C:\WINDOWS\system32\drivers\etc\hosts and can edit it with Notepad. They will also need to install Bonjour for Windows to get Bonjour working in the first place, of course.

4 replies on “One minute Mac tip: Create the illusion that Bonjour works over a VPN”

  1. Hey there,

    Thanks for your interesting post!

    I’ve set up a VPN Server for me and my friends (all mac users) using DD-WRT, and I have a problem, maybe you can help?

    My router ( and my home computer ( wants to bonjour-talk with my connected friends Is there a way of using the hosts file for this?

    Best wishes,

  2. My router ( and my home computer ( wants to bonjour-talk with my connected friends Is there a way of using the hosts file for this?

    Well, sure. You just need to find your friend’s bonjour name and IP address, and list these two things in a new line in the /etc/hosts file. You can do that by simply repeating this tip for each pair of hostname and IP address you want to statically “hardwire.”

    Of course, if your router is giving you and your friends IP addresses dynamically, i.e. via DHCP, then you whenever your friends get a new IP address you’ll need to update the hosts file again. That’s why this tip works best for servers, since their IP addresses rarely change.

  3. Hi Meitar,

    It is a nice post.
    I tried to follow your trick, but it still not work for me.
    My first network is and the other is Route Based VPN
    I have added all the computer’s IP and name into the computer that i use over the VPN.
    But when i was open the iChat using Bonjour account, my buddy list is empty.
    Is it need to add the computer’s IP and name that i use over the VPN into all computers in network ?

Comments are closed.