Bonjour and VPN or How I Learned To Stop Googling And Love Simplicity

January 6th, 2012
by Mike Szumlinski

Recently I have been using Quickbooks 2012 to manage my business, and while I can’t say I’m in love with the software by any means, it is what I would consider “good enough” for what I’m doing currently. I have the multi-user edition and run the database using the Quickbooks Server application. I frequently travel or work off site, so having access to this offsite was something that I wanted to do. Since I use the standard OS X Server LT2P VPN server, bonjour services don’t “just work”. This is because L2TP (among others) doesn’t support multicasting, which is what bonjour uses in a local subnet to broadcast. After doing some research, I learned that WAB (Wide-Area-Bonjour) does not support private namespaces, so that was out. The other option was to use a VPN server that supports multicast, like OpenVPN. I liked using the built in Apple VPN client and I didn’t want to go through the hassle of compiling and configuring OpenVPN when my current VPN was working just fine for this.

You might ask, “why are you writing about Quickbooks on a video and storage blog?”. Simple: the tools in use very well may be useful for other Bonjour enabled applications that don’t give you way to connect via direct IP address.

What this will work well with:

  • Any bonjour only server application (ex. MYOB, Quickbooks, Apache, etc)
  • Any client application that is on a fixed host (iTunes on a desktop with a static IP, etc)

What this won’t work well with:

  • Dynamic applications with high likelihood of IP change (Bonjour iChat on a laptop)
  • High bandwidth applications (Compressor Cluster Node, Qmaster, etc)

First, you are going to want to download a few tools:

  • Bonjour Browser – Used to discover services on the network
  • Network Beacon – Used to build a remote proxy for bonjour
  • A working IPSEC/L2TP VPN connection

You can download these tools onto your client system as long it is on your bonjour network to get the info you need.

First things first, we want to fire up Bonjour Browser to get a look at what bonjour services are running on our network. In my network, it looks like this:

Bonjour Browser Screen Shot

Bonjour Browser

You will notice a lot of the “known” services are highlighted in bold as they are published protocols. What you will also notice are a lot of non-bold services in there as well. While it isn’t necessarily easy to know what does what immediately, we can just read the names and figure most of them out. In this case, my PresSTORE bonjour processes are _awcln._tcp (for the client) and _awsrv._tcp (for the server). I also see a few other noticeable broadcasts in there too – ._attocfgd._tcp (ATTO config tool), ._touch-able._tcp (Mobile Mouse), and what I was actually looking for ._qbmu._tcp (Quickbooks server).

Flipping down the toggles for this broadcast gives me all the info I need to build a proxy on a remote connection:

So first it is important to know what it is we are looking at here. You can see the the _qbmu._tcp. This is the PTR service DNS record name. Under each of these is the host itself (qbmac://server.local/PVT.qb2012-3B01AF67-9E67-4944-813C-AD551AE) and beneath that are the TXT record entries (appVersionStageNumber, displayName). We also can see that our QB server connects over port 57219. We are now going to use this information to build a bonjour proxy using Network Beacon so our systems on remote networks can access bonjour only entries across a VPN link.

Fire up Network Beacon and you should have the option to make a new Beacon. We are going to fill in all the information we learned from Bonjour Browser to create a local representation of that Bonjour broadcast (even though we can’t see it) so that our local application can connect to the server.

You’ll notice that I put a “�01″ in-between the two individual text records. This is actual how Network Beacon requests separation and you can get more info on modifying TXT records by hovering over the text box in the application. In this case I have called my database “Example” just so we can see both addresses.

What Network beacon is actually doing is firing up a local mDNS broadcaster for that PTR service on your client system connected over VPN. Since you aren’t receiving the multicast broadcast of this info over the VPN link, you are manually recreating it for any services you would like to be able to access remotely. What you end up with is a link back through VPN to a service that doesn’t have any options for manual entry of DNS name/IP address to connect. When I fire up Quickbooks now on my client system (while still on the local LAN), I see both entries and selecting either will connect me to the same database.

If all works properly connecting locally on your new beacon, simply export that beacon and import it onto your remote/VPN system, connect via VPN, and test. You should be able to get access to all sorts of bonjour services over a VPN link using this method, including iTunes sharing, iPhoto sharing, remote screen sharing, and even AFP registration in the Finder if you want to go that deep.

Posted in General Info | Comments (27)

27 Responses to “Bonjour and VPN or How I Learned To Stop Googling And Love Simplicity”

  1. Tom Willett Says:

    Thanks for the excellent article. I’m having one problem. I can now see the shared file, over VPN, but when I click “OK” to select it, NOTHING happens. It doesn’t respond. Same behavior on a local machine, NOT over VPN. The shared file is not selectable. Any ideas? I sent you a tweet with my contact info and would like to hire you to help resolve this.

  2. Mike Szumlinski Says:

    Tom,
    I sent a response via email. Feel free to contact me back via that medium and we can follow up.

  3. John Castaldo Says:

    I have the same issue using Quickbooks 2012 accountant. I have the server set up on one machine and QB on a laptop.
    Your article seems to be Apple Specific, will this solution also work for Windows 7?
    Any suggestions or direction to other sources would be appreciated.

    Thanks,
    John Castaldo

  4. Mike Szumlinski Says:

    Unfortunately I’m not sure how Quickbooks works in a Windows environment for mDNS. They may have their own protocol on that side of things. Sorry for not having the info that you needed, but I’ve never used Quickbooks on Windows in production to know more.

  5. John Castaldo Says:

    Thanks for your quick response! So in WIn7 it uses mDNS, is that correct?
    I’ll keep hunting for other VPN solutions. I like having the server in the office, but I need to be able to VPN to it when I’m away.
    John

  6. Jonathan Blue Says:

    Fantastic article!! This saved me hours of work trying to find a workaround solution.

    I initially had the same issue as Tom. I eventually got it to work by changing the Service Name in Network Beacon to the same name as the original host listed in Bonjour Browser (in the example above it would be: qbmac://server.local/PVT.qb2012-3B01AF67-9E67-4944-813C-AD551AE)

  7. Mike Szumlinski Says:

    Jonathan, glad I could help out!

  8. Chase Says:

    I have been having trouble getting any service up and running over bonjour. When I connect via vpn, I can connect to my home servers and the internet if I wanted to, but I can’t figure out how to get the bonjour services configured correctly, specifically iTunes Home Sharing. Which machine does Network Beacon need to be run on? And do I need to configure port forwarding for any services? I don’t figure I do because everything is being run over my vpn.

  9. Mike Szumlinski Says:

    Chase, you need to run network beacon on the system that is VPN’d in to your home network. You shouldn’t have to do any port forwarding, you just simply need to emulate your home environment when remote. Easiest way to do this is to fire up Bonjour Browser when you are in the home network and look for all the services you want to emulate. Then you need to replicate those services with independent Network Beacons.

  10. Chase Says:

    Gotcha. Just did it and it worked. Thanks!

  11. Chris Says:

    Mike, have you had problems with this since Mountain Lion came out? Mine worked perfectly up until very recently.

  12. Nuno Martins Says:

    Hello, great post.

    I was considering Wide Area for publishing services across sub networks, but I was curious about what you said:
    “After doing some research, I learned that WAB (Wide-Area-Bonjour) does not support private namespaces, so that was out.”

    Could you explain a bit better what did you mean by that, because the link you point to does not have any content.

    Thank you in advance.

  13. Mike Szumlinski Says:

    Basically the .local domain and my internal .lan domains wouldn’t be supported in the default spec (at least from what I could read) in Bonjour. Since my attempt was to use this over VPN, it had to conform to my .lan domain internally on my network.

  14. Mike Szumlinski Says:

    Sadly, I have. I’m not sure if it was a dot release of quickbooks though or ML that caused the problem. The service shows itself properly on my Retina MBP when I fire up Network Beacon, but attempting to connect in QB results in nothing happening at all. I wrote a nasty message board post on the QB2013 board about how useful a feature like this is to users with remote offices or mobile workspaces. The response I got was less than what I was hoping to hear.

  15. Stephen Says:

    I’m having one problem. I can now see the shared file, over VPN, but when I click “OK” to select it, NOTHING happens. It doesn’t respond. Same behavior on a local machine, NOT over VPN. The shared file is not selectable. Any ideas?

  16. Matt Says:

    Pulled my hair our for two weeks trying everything under the sun including this network beacon to get wide are bonjour working. I’m a pro when it comes to DNS.

    Two words that will save you the same experience:

    LogMeIn Hamachi

    Make a mesh Network, join the computers to it. DONE!!! no VPN, no DNS B.S. just works! and it works fast!

  17. Mike Szumlinski Says:

    True, Hamachi is probably the easiest way to accomplish this, but Hamachi is a paid service. While fine for most, it may not be the route some want to go.

  18. Asi Says:

    Hello Mike,
    I went through the process and got the same result as far as QuickBooks freezing upon selecting the company.
    I tried the method of putting the full qbmac:// ….. but in Bonjour browser I do not see the entire UID for the company file, and I think it is causing the freezing.
    Do you have a different way of making the problem go away?
    Thank you!

    using ML and QB2013 over ML Server VPN L2TP tunnel.

  19. Matt Says:

    Hey guys. I have found this article very helpful. The only thing I do not like is how you have to be running the network beacon application and there is no way to keep this service running and hide it. Any ideas?

    Also, I am having the same problem where now I see the file but I can not open it. On either the local or VPN machine. I have tried to ass the whole service name as previously published but it returns an error when trying.

    Any info would be great!

  20. Mike Szumlinski Says:

    Matt, unfortunately it looks like 10.8 has broken the way this works. I now get the same results on a 10.8 client talking to a 10.6.8 QB Server. I’ve bit the bullet and gone with Hamachi now for my laptop. Interestingly enough, I have to run Hamachi in a VM because IT breaks two other pieces of software I use regularly, but it still works a lot better than the old screen sharing way of doing things.

  21. Matt Says:

    I went the logmein hamachi route also. Seems to work relatively well. Alot better than VNC.

    This was honestly the first post I found relavent in providing any information on this issue. It seems like such a simple issue to fix!

    Thanks for the reply.

  22. Gwen Says:

    If you’re using a VPN for this sort of stuff, you’d not be wise enough to use one which doesn’t know your identity. I know of at least one http://www.sunvpn.net/. It is very cheap and affordable and also easy to understand.The response is quiet good on this website.

  23. Tom Morter-Laing Says:

    Using this method I’ve made it so a computer on the VPN appears in my shared at home. Is there a way to use similar trickery to enable that little ‘share screen’ button to appear when I click on it? Ive tried using a new beacon with _net-assistant._udp. and it’s a different port- but that doesn’t work. (It’s under Apple Remote Desktop in Bonjour Browser).
    Thanks in advance!

  24. Mike Szumlinski Says:

    Tom, I haven’t tried it myself, but the standard screen share service is just basic VNC which runs on TCP port 5900. You should be able to set up a beacon for that port and have it be usable.

  25. Tom Morter-Laing Says:

    Thanks Mike- although I’m not sure how to tell Network Beacon the service type is VNC?

  26. LK Says:

    Thanks a lot for this article! Using this method, I was able to setup backup to my home TimeMachine over VPN

Leave a Reply

  • Browse Categories

  • Site Archives