What is bonjour?
Bonjour is a very nice zero configuration service enabled on Mac computers by default.
If you are a Mac user, you should be familiar with the finder and it’s many features. You know how to browse the files on your server, the printer is configure by default and you can Remote Desktop the other computers in your network. When you are outside of the enterprise network it seems that finder can’t find anymore the enterprise resources even if the vpn is connected. Some people suggested to add a bonjour zone to your dns, configure network beacon and many other very complicated tricks. In fact, as soon as you install a new device in your enterprise you will need to manually add a configuration to make it work over vpn.
Why Bonjour doesn’t work with the normal vpn?
Bonjour relies on multicast and by default, the multicast doesn’t cross routers. Since the normal vpn are consider router, the multicasts from the mac servers in the enterprise, are not forwarded to the mac clients around the world.
How to enable Bonjour or Mac zero configuration service over a vpn?
The trick is to use a “bridge” vpn. Once the bridge vpn is connected, it will simulate a virtual connection to your enterprise office but without router. This way, the computer connected over vpn will receive the Bonjour multicast. Then, the finder will show you all your enterprise services just like if you were in the office. Every time you add new services like printer, new servers, etc, they will be automatically advertise over the vpn. You don’t need to manually add configuration. This Bonjour over vpn setup really is zero configuration.
Do I have to install a package on the mac client?
Yes you will need to use the free Tunnelblick package. Your system administrator can also package it in a way that it include all the configuration. Your users will only need to click on the icon.
How do I setup a “bridge” vpn?
We recommend to use openvpn for this task. It’s opensource, secure, free and it has many features. There is a very excellent guide on how to install/configure openvpn on CentOS.
Is it compatible with iPhone?
Unfortunately the “bridge” vpn are not working on iPhone. There are many users putting pressure on apple to add the feature.
Can I use my Mac server as an authentication source for the vpn users?
Yes it’s possible to use the openvpn-auth-ldap package. It can be configure that everybody in the enterprise are enable or only users with a special group.
I need help to set it up. Can you help me?
We are IT experts and we will be happy to assist you in this task.
I give up, how much is it?
For 50 € we will setup the vpn and use your mac server as an authentication source. Contact us for more details.