Feb 022015

BonjourOverWan2For me and many of my customers it would be a great feature to have Bonjour working over VPN connections. Apple’s Bonjour (also called mDNS or multicast DNS) is the service responsible for discovering other machines and the services provided by these machines in your network. The most important feature for me is the fileserver integration in Finder as shown on the right. Thereby all detected fileservers are integrated into the left Finder sidebar and you can simply connect by clicking them. Unfortunately this does not work over VPN connections as multicast traffic is generally not routed.

To simulate this fileserver discovery over a VPN connection I wrote a small wrapper script for dns-sd. It checks if a given server is available by pinging it’s IP and if so it adds it to the sidebar by using dns-sd’s proxy feature. You can check out the script at my Google Code snippet repository. The following diagram shows the inner workings.


To install it just download serverProxy.sh, rename it to myServerProxy.sh to allow multiple proxies, make it executable, adapt the settings at the top and create a launchd configuration. I recommend to use Lingon to create a “My Agent” launchd job that gets loaded at startup and that keeps the script alive. In theory it should not crash but who knows. You can use as many proxies as you like. Finally reboot and check if the configured server is now shown after you connected to your VPN.

  9 Responses to “Poor Man’s Bonjour VPN Server Proxy”

  1. I’m not sure if this is the answer for what we are trying to accomplish… Maybe you can point me in the right direction:
    What we are trying to accomplish is to have our guys in the field to mirror their screen to the apple TV we have hooked up to our projector. So they can share what they are viewing or so we can see if they are properly following along…a lot of them are new technology. Is this even possible?

    • Hi’ I think this should be possible. I would use Bonjour Browser it identify all advertised Bonjour services and then use dns-sd – as shown above – to advertise them while off-road. (Disclaimer: I didn’t test it 😉

  2. Hi florian,

    This is a great post; exactly what I was looking for.

    I’ve tried to tweak (rewrite) your script to put all my mDNS advertisements in one file and allow for text entries containing multiple key-value pairs, with spaces in the value’s, such as the advertisement of my printer. However I’m getting incredibly baffling results and as the original published author of this type of script, I wonder if you might be able to shed some light on the issue I’m having.

    I’ve posted details on stack overflow here: http://stackoverflow.com/questions/32922370/running-program-from-within-bash-cant-get-space-escaping-right

    And full source can be found here: http://pastebin.com/bKFSB2sJ

    I feel like I’ve tried everything, and it just won’t work. I’ve even emailed an old uni lecturer for advice. It seems both bash and dns-sd are doing some “helpful” escaping and nothing is working 🙁

    Once again, your solution to this problem is great! Thanks for sharing and any advice you might be able to provide for my problem.

    • Hi Tim,

      First of all:
      This is one of the best ways to ask a question I have seen. You did your homework and you documented what you did! Well done.

      So now let’s move to you issue:
      In the end it turned out the the used quoting was not completely correct. To nail the issue down I changed the way the final command is built to use a temporary variable. Thereby I could see the exact command that was executed. Then it was relatively easy to fix all the small encoding problems.

      Here’s the code that is working for me: http://pastebin.com/P0Gh6UBB

      Anyway, keep going – You are doing a fantastic job!

      • Thanks Florian, it works perfectly on my end too!

        I knew it would be straight forward but that just made it all the more frustrating haha.

        I get no duplicate mDNS entries now that it’s based on whether ppp0 is up (assuming I don’t connect to the VPN while I’m at home, which I won’t be doing…)

        The way you used a temporary variable to see the exact command that will be executed is something I’ll remember. That’s so helpful.

        Thanks again!

  3. I always used Sharetool to use my Bonjour services outside of my local network, but the app doesn’t exist anymore. Your script works flawlessly, thanks!

    Is this only filesharing? My home sharing iTunes library doesn’t seem to appear.

    • Hi Jesse,

      Good to know that the script helped you! And yes, it can be easily updated to also work with iTunes libraries.
      To do so open the serverProxy.sh file and change the configuration variables – at the top of the file – to the following values:
      – set SERVICE_TYPE to “_daap._tcp”
      – and set SERVICE_PORT to 3690

      • Thanks! Library doesn’t seem to appear, but I’ll post the answer here if I find what is causing the problem.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>