I have a mac connecting over client VPN using LT2P with the built in macos vpn connection to my MX68.
VPN client is not able to browse for printers or browse for network games like minecraft or CIV.
VPN client can ping the printers and can ping the minecraft server or CIV server but the local discovery, like scan for printer or scan for games does not find anything.
I have nothing being blocked at the firewall. I have the client VPN on mac set to route all traffic over VPN and have set service order so that VPN is top on the list. I have also tried turning on Bonjour forwarding for all options, but did not help.
It appears you cannot configure Client VPN to give IPs on the regular LAN but the VLANS are able to communicate with each other just not broadcast which I think might be my issue.
Solved! Go to solution.
The mDNS is not a VPN configuration.
He won't be able to find out because it's via broadcast and the subnets are in different broadcast domains.
Apart from network discovery, can you add printers manually?
I was able to add 1 printer via IP but the other printer (older model brother) it would fail even with IP. I am not able to nslookup or resolve any of the hostnames.
Those behaviors are to be expected if you are relying on uPNP, broadcast or mDNS.
If you use an internal DNS server you can at least use the dns suffix option in client VPN to get by in your domain.
However game server discovery is going to be a problem.
Most LAN games used to have an option to join directly by IP. My experience in this however stems from the time of Quake 3 and Unreal Tournament. So current games might be quite different.
I think the MX will also only forward mDNS request over VLAN's, not client VPN.
I go back to Doom and Quake and started losing my touch by Unreal 🙂
I figured this might be the case, I can set the Meraki Client VPN DNS server but I think this comes down to broadcast or mDNS. The Meraki does have bounjour forwarding but based on what is lists out it seems only applies to the normal VLANs and does not apply to VPN VLAN.
Is it possible for the server running the game locally behind the MX68 to also connect to the VPN, so that both external user and server are on the same VPN VLAN? I tried setting up a connection on the mac server using VPN but it does not connect. I tried with both external domain and MX68 VLAN IP but I get server did not respond. Another thought is I could set the server to a static IP on the VPN VLAN.
If the server is on the same network as the MX it is not possible.
Are all networks enabled to participate in SD-WAN?
I am not using site to site VPN just Client VPN. The server is behind the MX68 and is getting an IP from the MX
But you need to enable each subnet behind the MX including the VPN client to receive the routes, even if you don't use SD-WAN, otherwise how do you expect to have the route for your internal network?
Enable this and it will work.
Interesting, where would I go to enable this? I believe (could be wrong) that this is on by default as I can ping the users who connect via Client VPN from the server network and vice versa, they can ping the server and the printers and the server can ping them, but broadcast and mDNS do not pass from Client VPN VLAN and local VLAN.
I am not able to turn on site to site VPN, as I have no other site to connect it to, just a single location with a single MX68 appliance. The users connecting are using home internet and the built in Mac vpn client and I have enabled Client VPN on the MX68.
Yes, you are, I have a MX at home and I'm able to use it.
You just need to configure it as a Hub. It's pretty easy.
You were right, I was able to turn it on using Hub but would get the attached error if I tried with Spoke. However even with Hub on and both my Client VPN and local LAN enabled for use VPN I could still only ping the client and could not view mDNS or any broadcast and could not resolve nslookup.
The mDNS is not a VPN configuration.
It appears so...