Menu
What's new
By:
Filters Better Search

WireGuard Client & WireGuard Server/InstantGuard at the same time?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ZebMcKayhan said:
One is the Avahi deamon, the other is the grep command you just executed to get this output.
Click to expand...
I can see that, but avahi says it's running yet running with --debug flag shows an error output which means that it could not be running ... How could it be lol?

EDIT: None of the utils work because they complain about some "daemon"
 
Last edited:
privacyguy123 said:
I can see that, but avahi says it's running yet running with --debug flag shows an error output which means that it could not be running ... How could it be lol?
Click to expand...
Didnt we read somewere that Avahi required a specific user group? How the firmware got it running without this is beyond me, but it looks like its preventing you from starting the debug session.

Like usual, the more you poking around at something you just making a bigger hole.
I had hoped someone else here at snbforum with deep knowledge of mDNS/Avahi/multicast routing would hop in and just explain all this mess.

I see different announces depending on mdns browser I use, the router announcement seems to be Alexa at RT-AX86U_PRO.local at 192.168.128.2 but if I ping on the router RT-AX86U_PRO.local it resolves to 192.168.128.1... wierd...
 
ZebMcKayhan said:
Didnt we read somewere that Avahi required a specific user group? How the firmware got it running without this is beyond me, but it looks like its preventing you from starting the debug session.

Like usual, the more you poking around at something you just making a bigger hole.
I had hoped someone else here at snbforum with deep knowledge of mDNS/Avahi/multicast routing would hop in and just explain all this mess.

I see different announces depending on mdns browser I use, the router announcement seems to be Alexa at RT-AX86U_PRO.local at 192.168.128.2 but if I ping on the router RT-AX86U_PRO.local it resolves to 192.168.128.1... wierd...
Click to expand...
I can't even get it to resolve ... so your setup is one step ahead of me already ...

Incidentally, is it possible to add a script somewhere so that this applies on every reboot?
ip link set wgc1 multicast on
Click to expand...
 
ZebMcKayhan said:
But this is the only .local address I can resolve on the router. Not my NAS or my LibreELEC devices...
Click to expand...
Then we're back to where I said we were ... something deep in the firmware is set up potentially wrong. All this hacking to get avahi to work properly shouldn't be necessary ...
 
privacyguy123 said:
Then we're back to where I said we were ... something deep in the firmware is set up potentially wrong. All this hacking to get avahi to work properly shouldn't be necessary ...
Click to expand...
Im not convinced it should be able to lookup mDNS. My Android phone (Samsung S9) cant seem to do it natevely but with the right apps i can browse mDNS announcements. Avahi only handles announcements right?
 
I see postings of people who have allegedly got what I want to achieve working and when I follow their very short writeups I end up with something totally broken, it makes no sense to me.

What makes the least sense is that my Windows laptop can ping/connect to both router and Raspberry Pi .locals (I ssh to those addresses) yet the other 2 devices have never heard of eachother ... my head is pounding.
 
ColinTaylor said:
@ZebMcKayhan I think you are conflating Avahi (mDNS/DNS-SD) with multicast in general, which covers much more than mDNS and DNS-SD.
Click to expand...
You are right, as Ive said before I dont really know about this, but Im interersted in learning. Knowing how to get mDNS discovery over Wireguard would be useful even though there may be limitations on the client side.

So, tell me, what part of our router (if any) should intercept .local lookups and perform the nessisary lookup (or keep cache). Would this be dnsmasq? Or Avahi? Or something else? Or is this not a function really part of our router, as I dont really see it needed for something?
 
After digging under some ancient rocks (https://www.snbforums.com/threads/avahi-install.10218/) I can get another version (???) of avahi-daemon running on the router. Something is 100% borked under the hood here.

RT-AX58U-5468:/tmp/home/root# /opt/etc/init.d/S42avahi-daemon start
Starting avahi-daemon... done.
alex@RT-AX58U-5468:/tmp/home/root# ps | grep avahi
3697 nobody 3144 S avahi-daemon: running [RT-AX58U-5468.local]
6616 nobody 4260 S avahi-daemon: running [RT-AX58U-5468.local]
Click to expand...
 
ZebMcKayhan said:
So, tell me, what part of our router (if any) should intercept .local lookups and perform the nessisary lookup (or keep cache). Would this be dnsmasq? Or Avahi? Or something else? Or is this not a function really part of our router, as I dont really see it needed for something?
Click to expand...
You don't use a central name server (on the router or anywhere else) for mDNS, that's the whole point. The only purpose of Avahi on the router* (that I'm aware of) is to advertise its presence on the local network via mDNS. That's useful if it's running the iTunes server.

* Running stock firmware
 
Tech9 said:
RT-AX58U? I believe you have too many things under the hood of this one.
Click to expand...
No I don't - lets try and keep this chat related at least. Why can others on the internet multicast over VPN/WireGuard and I can't?

1696280360625.png
 
ColinTaylor said:
You don't use a central name server (on the router or anywhere else) for mDNS, that's the whole point. The only purpose of Avahi on the router* (that I'm aware of) is to advertise its presence on the local network via mDNS. That's useful if it's running the iTunes server.

* Running stock firmware
Click to expand...
Thanks, but this part I have already figured out.
My question was more related to why I (we) cannot seem to ping any .local address announced by other on our network on the router itself.
As you said, .local is handled very differently so some sw needs to realize this and not send the query to dns server but instead keep track of other advertized mDNS hosts (or send out the question).

@privacyguy123 seems to question wheither or not Avahi-deamon could function as a reflector properly as the router can't seem to handle its own .local lookup (or whatever its counterpart for mDNS is called) which seems like a valid question.
 
Forgive me if this turns into some sort of a journal, I'm just going to report all my findings.

I remember that my Android is rooted and therefore has access to a terminal and ping. It can ping both router and Pi .local addresses also - I think this functionality should be present within the router with avahi of it was set up correctly, I believe more and more that it isn't.
 
Hallelujah ... avahi now doesn't complain there is no daemon running when I edit the dbus file to be ran as my username and not "root" (which seems incompatible on ASUS routers as they specifically block you from changing your username to that???) and manually restart the avahi-daemon/dbus service.

RT-AX58U-5468:/tmp/home/root# avahi-browse --all
+ br0 IPv4 Sky Q 2TB Box1582 _http._tcp local
+ br0 IPv4 Sky Q Mini9832 _http._tcp local
+ br0 IPv4 2047EDD40D8A@Sky Q 2TB Box1582 _raop._tcp local
+ br0 IPv4 783E53B1FEFA@Sky Q Mini9832 _raop._tcp local
+ br0 IPv4 Sky Q 2TB Box1582 _airplay._tcp local
+ br0 IPv4 Sky Q Mini9832 _airplay._tcp local
Click to expand...

Does this fix everything you ask? NO and I'm just about tired trying to understand the implementation of avahi-daemon in this firmware, perhaps it's time to ping the developers. Pinging between Pi and router .local addresses still broken. Confusing as Windows and Android work :S

This setup ends in 2 avahi-daemons running for some reason. One thats launched at startup and this "new" fresh one that works with avahi-utils. Perhaps someone more in the know can chime in...
 
Probably relevant but can't understand any of the Google results

sendmsg() to 224.0.0.251 failed: Required key not available
sendmsg() to 224.0.0.251 failed: Required key not available
sendmsg() to 224.0.0.251 failed: Required key not available
Click to expand...
 
ZebMcKayhan said:
My question was more related to why I (we) cannot seem to ping any .local address announced by other on our network on the router itself.
As you said, .local is handled very differently so some sw needs to realize this and not send the query to dns server but instead keep track of other advertized mDNS hosts (or send out the question).
Click to expand...
If you're using the ping command then you are using Name Service Switch to resolve the name. The router's NSS doesn't support mDNS because there's normally nothing on the router that would need it to. So like a lot of unnecessary modules it's excluded to save space. RMerlin said in this post that he might consider including it in the future.
 
Last edited:
ColinTaylor said:
If you're using the ping command then you are using the Name Service Switch to resolve the name. The router's NSS doesn't support mDNS because there's normally nothing on the router that would need to. So like a lot of unnecessary modules it's excluded to save space. RMerlin said in this post that he might consider including it in the future.
Click to expand...
Are you saying "run opkg install libnss-mdns" then?

Do you have any insight into why devices tunneled in to router through WG Server can't see multicast devices such as airplay/tidal connect receiver? Despite wg multicast on, despite avahi reflector and point to point on, despite avahi-utils now working.

I think these are 2 separate issues as I have avahi in some sort of working state (although doesn't currently persist reboot) and I cant see any of these devices when tunneled in from outside the network yet I can access the router and AG Home admin panel.
 
You must log in or register to reply here.

Similar threads

T
WireGuard and Traditional QOS
2
Replies
24
Views
1K
Tomo123
T
D
Solved Samba, LACP & WireGuard. Question.
Replies
5
Views
334
DJones
D
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
632
Drihha
D
johndoe85
VPN site to site with additional VPN client to hide IP
Replies
14
Views
740
johndoe85
johndoe85
G
[Help] Routing VPN server through VPN client (external VPN Provider)
Replies
14
Views
1K
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
A Restart WireGuard client when fails Asuswrt-Merlin 5
D GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN Asuswrt-Merlin 5
Quan Wireguard performance on ASUS XT8 running VPN client Asuswrt-Merlin 1
H Multiple DNS Servers for WireGuard Client? Asuswrt-Merlin 0
S How to start Wireguard client via SSH? Asuswrt-Merlin 3
H WireGuard DNS Traffic From All Clients Sent Over First WireGuard Client Connection Asuswrt-Merlin 7
H Does wgclient-start Script Run Before Or After WireGuard Client Is Started? Asuswrt-Merlin 6
H WireGuard VPN PreUp Option to Run Command Before Client Connects? Asuswrt-Merlin 3
S Strange issues with WireGuard client Asuswrt-Merlin 2
dacid44 Routing packets through a wireguard client Asuswrt-Merlin 15

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 625 (members: 20, guests: 605)
Top