mdns-reperater & udpbroadcastrelay not working due to capabilities

[Hexcode]

Hey,
I'm currently trying to get mDNS from one to another subnet (I know in regards of security not the best solution).
But I'm struggling with mdns-repeater, because it simply does nothing.
When trying a "mdns-repeater -f vtnet0 vtnet3" I see the incoming request, but it seems the plugin can't send the data due to "send(): Capabilities insufficient".

Same error message comes up when I try it with udpbroadcastrelay instead:
"udpbroadcastrelay --id 1 --port 5353 --multicast 224.0.0.253 --dev vtnet 0 --dev vtnet3 -d" simply results in nearly the same errors: "sendto: Capabilities insufficient" and "sendto: Permission denied".

Does anyone know how I could solve this problem or where it could come from?
Kind regards

[muchacha_grande]

Hi, why don't you try with the broadcast relay plugin. I'm using it and it works.

[Hexcode]

Pretty sure you mean the "UDP Broadcast Relay"? This is exactly what I'm using (for debug from cli), but unfortunately it doesn't seem to work proberly with port 5353.
At least I don't get mDNS from a to b.

[muchacha_grande]

Check my config...

[Hexcode]

I have the same - nevertheless it's not working.
And also not from CLI - so why should it work from GUI when it's not even running from CLI? :P

[CJ]

I have the same - nevertheless it's not working.
And also not from CLI - so why should it work from GUI when it's not even running from CLI? :P

Because things aren't supposed to be run from the CLI?  The UI exists for a reason and there is very little reason to ever need to use the CLI.

I just set up the mdns plugin on 23.7 and it was simple and just worked.  The only thing beyond adding the proper listen interfaces is making sure that the firewall allowed mdns access on each of the interfaces.

[Hexcode]

The whole thing is intended to be running by CLI for debug: https://github.com/marjohn56/udpbroadcastrelay
GUI is just nice to have.

Actually it should be allowed from Rule side... but I'm not 100% if the OPNSense is handling it as supposed... From the errors it could be that the firewall is somehow not allowing stuff.

[CJ]

The UI is not just nice to have.  It does things certain ways and by attempting to do them via the CLI you can cause more problems.

Additionally, you didn't read what I wrote.  You don't need udpbroadcastrelay for mdns.  The mdns plugin handles everything except for firewall rules.

Reboot to clear out your current state, add the mdns plugin, configure it and then make sure the firewall is allowing access and it should all just work.

[Hexcode]

I'm using udpbroadcastrelay also for Sonos stuff (which is working fine).
But yeah you are totally right: the mdns repeater is the better option then udpbroadcastrelay because with the repeater the mDNS Stuff comes from the gateway ip and not from ip range outside of the local vlan.

Besides this I found the error: Wireguard seem to have some side effects here.

Disabling this plugin and then everything else was fine...

[muchacha_grande]

Hexcode, would you explain your findings in respect to Wireguard side effects?

I'm using both Wireguard (now in core, not more a plugin) and udpbroadcastrelay and both are working fine so if there are some caveats I'd like to know them in advance.

[Hexcode]

Actually it was an issue with my Wireguard Configuration, which was working fine in VPN context, but not in other context: I was using the same subnet in Wireguard as in my local Network, which then caused the plugins have some issues.
Nevertheless I not got rid of both plugins and have a VM running, connected to both networks with avahi-deamon since I needed IPv4 und IPv6 mDNS to reach from a to b. Seams like the addons are not cabaple of this yet.