Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Newbie
    Join Date
    Jun 2022
    Posts
    6

    Cool I wrote an Ansible playbook to get mDNS working with Untangle

    Okay so I literally just started using Untangle yesterday. Happy convert from OPNsense so far. My network got more complicated, and I was having a very hard time with OPNsense firewall rules between VLANs/subnets. So far, the grass is greener over here! Looks like I can even get away with the free tier if I really wanted to, though I'm starting to explore policies a bit, and I'm loving the pie charts.

    Anyway, I found a closed thread on this forum regarding mDNS, and a user said they wrote an Ansible playbook to get mDNS working in Untangle. They didn't post a link to the playbook, but they wrote some instructions. I adapted them into a playbook, and it works!!!

    I'm happy to say that with a little bit of Ansible prep work (documented in my GitHub repo at willquill/untangle-mdns), it will be working with a single command that looks like this:
    Code:
    ansible-playbook -i hosts -l untanglenodes untangle-mdns.yml
    I wrote the repo to be user friendly for anyone using macOS, Rocky Linux 8, or openSUSE. You can find the repo here: (https)://github.com/willquill/untangle-mdns

    It uses the MIT License and is totally free for the community.

    What works:

    * iPhone on internal/trust vlan/subnet
    * Sonos and Apple TVs on IoT vlan/subnet
    * iPhone can use AirPlay 2 with Sonos and Apple TVs
    * The Spotify app in iOS can also play to Sonos/Apple TV

    I did not have to create a UDP 5353 firewall rule between the subnets, though all traffic between the subnets is blocked.

    If any forum admins are reading this, I am a new user with 0 posts, so I can't post links. It would be great if you could whitelist GitHub links at least.

    Some key phrases for the googles:

    mdns with untangle
    get mdns to work with untangle
    mdns in untangle
    multicast dns with untangle

  2. #2
    Master Untangler
    Join Date
    Jul 2010
    Posts
    929

    Default

    Quote Originally Posted by willquill View Post
    Okay so I literally just started using Untangle yesterday. Happy convert from OPNsense so far. My network got more complicated, and I was having a very hard time with OPNsense firewall rules between VLANs/subnets. So far, the grass is greener over here! Looks like I can even get away with the free tier if I really wanted to, though I'm starting to explore policies a bit, and I'm loving the pie charts.

    Anyway, I found a closed thread on this forum regarding mDNS, and a user said they wrote an Ansible playbook to get mDNS working in Untangle. They didn't post a link to the playbook, but they wrote some instructions. I adapted them into a playbook, and it works!!!

    I'm happy to say that with a little bit of Ansible prep work (documented in my GitHub repo at willquill/untangle-mdns), it will be working with a single command that looks like this:
    Code:
    ansible-playbook -i hosts -l untanglenodes untangle-mdns.yml
    I wrote the repo to be user friendly for anyone using macOS, Rocky Linux 8, or openSUSE. You can find the repo here: (https)://github.com/willquill/untangle-mdns

    It uses the MIT License and is totally free for the community.

    What works:

    * iPhone on internal/trust vlan/subnet
    * Sonos and Apple TVs on IoT vlan/subnet
    * iPhone can use AirPlay 2 with Sonos and Apple TVs
    * The Spotify app in iOS can also play to Sonos/Apple TV

    I did not have to create a UDP 5353 firewall rule between the subnets, though all traffic between the subnets is blocked.

    If any forum admins are reading this, I am a new user with 0 posts, so I can't post links. It would be great if you could whitelist GitHub links at least.

    Some key phrases for the googles:

    mdns with untangle
    get mdns to work with untangle
    mdns in untangle
    multicast dns with untangle
    Nice work, i know one of the guys is bugging me about this :P on our discord channel He might like this !

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,968

    Default

    Come back after the next major Untangle upgrade (17.0 or later) and let us know if the changes stick or if the Untangle update reverts them.
    dashpuppy likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

  4. #4
    Newbie
    Join Date
    Jun 2022
    Posts
    6

    Default

    I spoke too soon on the Sonos thing. And I can't edit my OP Sonos needs an IGMP proxy on the firewall, which I haven't figured out yet.

    I was thinking of going back to OPNsense, but I decided screw it, Sonos is going on my main wifi network with the rest of my phones/tablets/laptops.

    The fix in my OP allows for mDNS, which I think means that Airplay should work flawlessly. But Sonos will not.

    A resources for Sonos IGMP proxy, which as far as I can tell no one has solved for Untangle yet: (https)(www).packetmischief.ca/2021/08/04/operating-sonos-speakers-in-a-multi-vlan-network/

  5. #5
    Newbie
    Join Date
    Jun 2022
    Posts
    6

    Default

    Quote Originally Posted by jcoehoorn View Post
    Come back after the next major Untangle upgrade (17.0 or later) and let us know if the changes stick or if the Untangle update reverts them.
    Will do. That's the reason I did it via an Ansible playbook instead of doing it manually on the Untangle box. Whether Untangle gets updated or even factory reset, all I have to do is use the "ssh-copy-id" command followed by the "ansible-playbook" command and it should just work again (after restoring my Untangle settings, of course, since I specify the interfaces).
    dashpuppy and donhwyo like this.

  6. #6
    Newbie
    Join Date
    Jun 2022
    Location
    Texas
    Posts
    8

    Default

    Thank you. I’ll be giving this a shot this weekend. I’m coming off opnsense and love everything Untangle does so much more, but It boggles my mind that they still haven’t added mdns despite it being the number 2 feature request.

    Thank you for pointing me here, dashpuppy
    dashpuppy likes this.

  7. #7
    Newbie
    Join Date
    Jun 2022
    Location
    Texas
    Posts
    8

    Default

    I went through the process of installing ansible and getting it working
    (by the way, I ran into an issue where I would get version 2.9.6 installed and your yaml wouldn't work.

    had to add
    sudo apt-add-repository ppa:ansible/ansible
    and do an update after adding that repo, and then I got 2.12.2 and that version ran the playbook.

    I'm not able to ping across my subnets still.
    For my test, I had my laptop hardwired, on a specific subnet.
    Joined my iphone on my wifi on a new subnet

    I could ping my iphone's IP address from my original vlan
    I could not ping joshuas-iphone.local from my original vlan to my new vlan

    put my laptop on the wifi, which swapped out the vlans for me
    at that point, I could ping joshuas-iphone.local

    So I'm not traversing subnets with avahi yet.
    I checked the /etc/avahi/avahi-daemon.conf on untangle and I do see it took my customizations regarding the eth1.25 and eth1.69 which are the two vlans I'm working with. So I do know the playbook got the configs moved over.

    There's a ton of commented out settings, such as dns, resolv, etc. Should I modify that?
    Might be nice to install avahi-browse as part of the playbook for troubleshooting as well.

    Any thoughts?

    (mods: I know this is unsupported, but I'm extremely frustrated that we've been asking for mdns reflection for years now with barely a response from the untangle team. I'm about to switch firewalls to one that supports this natively).
    dashpuppy likes this.

  8. #8
    Newbie
    Join Date
    Jun 2022
    Location
    Texas
    Posts
    8

    Default

    edit: I went ahead and opened an issue up on your github, it felt the more appropriate place to submit it.
    Last edited by diothar; 06-25-2022 at 01:59 PM.

  9. #9
    Newbie
    Join Date
    Jun 2022
    Posts
    6

    Default

    Quote Originally Posted by diothar View Post
    I went through the process of installing ansible and getting it working
    (by the way, I ran into an issue where I would get version 2.9.6 installed and your yaml wouldn't work.

    had to add
    sudo apt-add-repository ppa:ansible/ansible
    and do an update after adding that repo, and then I got 2.12.2 and that version ran the playbook.

    I'm not able to ping across my subnets still.
    For my test, I had my laptop hardwired, on a specific subnet.
    Joined my iphone on my wifi on a new subnet

    I could ping my iphone's IP address from my original vlan
    I could not ping joshuas-iphone.local from my original vlan to my new vlan

    put my laptop on the wifi, which swapped out the vlans for me
    at that point, I could ping joshuas-iphone.local

    So I'm not traversing subnets with avahi yet.
    I checked the /etc/avahi/avahi-daemon.conf on untangle and I do see it took my customizations regarding the eth1.25 and eth1.69 which are the two vlans I'm working with. So I do know the playbook got the configs moved over.

    There's a ton of commented out settings, such as dns, resolv, etc. Should I modify that?
    Might be nice to install avahi-browse as part of the playbook for troubleshooting as well.

    Any thoughts?

    (mods: I know this is unsupported, but I'm extremely frustrated that we've been asking for mdns reflection for years now with barely a response from the untangle team. I'm about to switch firewalls to one that supports this natively).
    First, I responded to your GitHub issue. Thank you for creating it there! That will help others find the info more easily.

    Here's what I posted to GitHub:

    Hi @diothar! I don't use Airprint across VLANs, but I did some research, and it looks like simply setting a few things in `/etc/avahi/avahi-daemon.conf`, which is all this playbook does, is not enough to get Airprint working.

    My research suggests you will need to create a file in the `/etc/avahi/services` directory. You can call it anything you want, and give it a `.service` extension. So you might create `/etc/avahi/services/airprint.service`, and you populate it with some XML content. I found this 12 year old (!) thread, which has instructions on what to do: (https)://(www).finnie.org/2010/11/13/airprint-and-linux/

    If you get it working, would you mind letting me know in this issue thread, and even going so far as creating a pull request with your change for this repo so that others can benefit from your development to fix Airprint?

    If you don't want to mess with the repo stuff, would you please let me know how you resolved it so that I may update the playbook code as well as the README with the new information?
    With regard to this - "I'm not able to ping across my subnets still." - that is expected behavior, as my playbook only enables mDNS on the various interfaces. It does not create any firewall rules or allow any specific TCP/UDP ports or ICMP traffic. You should be able to get ping working across the subnets with a firewall rule or a filter rule in Config > Network > Filter Rules that allows the ICMP protocol between subnets.

    Ping uses the ICMP protocol and operates at layer 3, so it wouldn't have anything to do with VLANs, specifically - it only cares about subnets, like allowing ICMP from 192.168.10.0/24 to 192.168.69.0/24. There's no way to allow ICMP from "VLAN 10 to VLAN 69" as VLANs operate at layer 2 via tagged frames (as opposed to network packets).

  10. #10
    Untangler
    Join Date
    May 2008
    Posts
    605

    Default

    Got a link to that github?

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2