toxuin / mdns-tunneller

Tunnels two (or more) mDNS domains together
Other
118 stars 8 forks source link

Not sure how to get this to work #12

Open Keagel opened 2 years ago

Keagel commented 2 years ago

Hello!

Thank you for your work. I'm trying to use your project to connect a new accessory (generated by my HomeBridge) to HomeKit from outside my network. This will be a one time thing. I have mdns-tunneller installed and running as a server on a Raspberry Pi on my home network (where the accessories are and where the HomeBridge is installed). Since I only need to connect one accessory I'm not looking into anything permanent so I figured I'd just run mdns-tunneller as a client on my MacBook just until the setup is complete. I can see the client and server connecting:

$ docker run -v ~/docker/appdata/mdns-tunneler/config.yml:/app/config/local.yml -p 42069:42069 toxuin/mdns-tunneller

> mdns-tunneller@1.0.0 start:prod
> node .build/index.js

Connecting to http://x.x.x.x:42069...
Connected to the remote: http://x.x.x.x:42069
pi@raspberrypi:~ $ docker run -v ~/docker/appdata/mdns-tunneler/config.yml:/app/config/local.yml -p 42069:42069 toxuin/mdns-tunneller

> mdns-tunneller@1.0.0 start:prod
> node .build/index.js

Started server on 0.0.0.0:42069
Client connected: ::ffff:x.x.x.x:30800

I'm not sure where to go from here though. I'm trying to add an accessory from my iPhone as the Mac Home app can't add them but it doesn't seem to work as is. Both devices (iPhone and Mac) are on the same network. Is there anything else I'm supposed to do? The configuration I'm using is the default one (https://raw.githubusercontent.com/toxuin/mdns-tunneller/master/config/default.yml).

Thanks!

toxuin commented 1 year ago

Well, I am afraid to say this, but it won't work.

Apple made the protocol in such way that it checks for values from mDNS every time before connecting to accessory. If it won't see an mDNS reply to it's queries (and seems like it won't, with tunneller being there just temporarily) it will mark accessory as "Not responding". That's their crappy way of checking for device availability.

But to make homekit work even to some degree, you'd need to add it's service descriptors to serviceWhitelist on both client and server configs:

serviceWhitelist:
  - '_homekit._tcp.local'
  - '_hap._tcp.local'
  - '_appletv-v2._tcp.local'
  - '_touch-able._tcp.local'
  - '_mediaremotetv._tcp.local'
  - '_airplay._tcp.local'

Please let me know how it works (or doesn't)!

Keagel commented 1 year ago

Back then I only needed to be able to add my Homebridge camera to HomeKit (while I was away from home/said camera) hence the temporary need for the tunneller. I don't think it'd have been an issue if the tunneller was down after I was able to add the accessory as it'd still be connected to my home network?

I can't really try it out right now as I'm back home and added the accessory from my home network when I got back, but if I ever need to do that again I'll let you know if it works.

Thanks for the reply!

lanave commented 1 year ago

Back then I only needed to be able to add my Homebridge camera to HomeKit (while I was away from home/said camera) hence the temporary need for the tunneller. I don't think it'd have been an issue if the tunneller was down after I was able to add the accessory as it'd still be connected to my home network?

I can't really try it out right now as I'm back home and added the accessory from my home network when I got back, but if I ever need to do that again I'll let you know if it works.

Thanks for the reply!

Were you able to make this work? I'm trying to do basically the same thing, but through a wireguard tunnel (without success for now)

mpe81 commented 1 year ago

I am currently trying to implement this across a VPN to be able to access my home network (running the server side of mDNS-tunneler) from my second network (running the client side). Both networks are connected by VPN 24/7 and I got the client server connection running without issues. On the server network it runs inside Docker on a macOS, on the client network it runs inside docker on a Synology NAS. I am running Discovery app on macOS on both ends, but for all currently configured protocols nothing shows up on the other end.

Did someone get this to run using Docker? I am currently running both ends in Docker on 'bridge' networks and connection according to log is fine, so client can connect to server IP and via bridge in to docker - which is shown in the log on both ends. What I do not know, but I guess it should work the same is that the server can reach the client component to send in the mDNS data for broadcast and if the client can broadcast that data afterwards.

Does anyone have this running directly on a linux host? Are there log entries that should show up on traffic pickup and broadcast? I am working in IT and I got a ton of knowledge in infrastructure, but I can't get any further here.

toxuin commented 1 year ago

I am running this in Docker, the only trick that you need to do is make the mdns-tunneller have network_mode: "host". You can maybe do it with a bridge, but then you'll most likely need something that would forward the broadcasts from your network to docker subnet - like avahi in reflector mode.

mpe81 commented 1 year ago

Damn, already tried to switch network to 'host' on both as I suspected something like this because of the NAT done there, but I cannot reassign from bridge to host for some reason on both installations - removing bridge works, adding host doesn't. At least I know what to fix next now. Thank you.

mpe81 commented 1 year ago

Got it running with the host network adapter on the Synology NAS. Trick was to recreate the container with network=host instead of trying to stop container, remove bridge and add host. Maybe I should mention that I am using Portainer to manage my docker installations and it was a most likely a Portainer issue. On the macOS - as stated in the docker documentation - the host network is not supported on anything else except Linux. Not supported did not sound like it does not work at all, so I gave it a try. Recreated the container just like I did for the Synology NAS and recreating and starting the container with host network went without any error. Looking at the 'inspect' section all things network look the same like on the working container on the NAS, but the client cannot connect anymore as the connection is refused on server side running the container with network=host on macOS - so, host network is not only not supported, it does not even work on macOS (which is shown as Linux btw), expect the same results if running on Windows.

Luckily, I got a third device which I just set up as Portainer edge agent this week - a Raspi4 running 64bit RaspiOS - which is a real Linux again. Will give that a try during the next weeks (distance between locations is 753km...) instead of using the container on macOS. Will report back in afterwards with hopefully good news.

toxuin commented 1 year ago

Glad to know you got it working! Yes, MacOS Docker runs in a VM with Linux in it, and the VM engine itself does not support host networking, as far as I know. There's basically no way around that, unless Docker folks fix their issue.

mpe81 commented 1 year ago

Yes, MacOS Docker runs in a VM with Linux in it, and the VM engine itself does not support host networking, as far as I know. There's basically no way around that, unless Docker folks fix their issue.

Would not call that an issue, but you are correct, macOS Docker Desktop is a Linux VM which by itself uses the host network adapter already - guess that's the problem on that kind of nested virtualization which can probably not be fixed at all. Never tried to run docker ce natively on macOS; might be an option, too as I am using Portainer anyway to manage all containers. As said, will report back in a few weeks with final result - but looks promising so far. thanks for your support

mpe81 commented 1 year ago

had the time today to bring the Raspberry online and put the mDNS Tunneller Server server side in network mode=host on it - seems to be working. Using the Discovery app on my mac here I can now see the devices on the other end of the site to site VPN. Looks good, access tests to follow, but expecting this to work now due to name resolution working. Thanks a lot.