From owner-freebsd-questions@FreeBSD.ORG Sun Feb 15 17:43:46 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 765DE3E8 for ; Sun, 15 Feb 2015 17:43:46 +0000 (UTC) Received: from mail-wg0-x236.google.com (mail-wg0-x236.google.com [IPv6:2a00:1450:400c:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E64C1179 for ; Sun, 15 Feb 2015 17:43:45 +0000 (UTC) Received: by mail-wg0-f54.google.com with SMTP id y19so25377513wgg.13 for ; Sun, 15 Feb 2015 09:43:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oXU8zU96KM7lCll+IDSdCQ8BYPnJIeFr6QMb1OCBeWc=; b=F+98unCBx7pKDKbs9LPxod/igRkIzVQsFaba9KigQiTylx6spn6O3nyR/FnI+Dsq0h TSSwB0QqDQk8qWtqZuXDbbEaUijyndB8m4+mBdyCQbZYQ5lveXVFceQz8eENSIeiAddT lbDNCUC/fBGmNegXamcITaw8mcEK+xnR2Put5pT/UrPnqXPgtWutBOJ1F/oYYmln8ZNg LS8kSCwflmozZ5P9LfMZWsPPpaP2hY/1NdB0ktLL5RKHpMBWaxp7bLQ5vgIBlrGcIxrh sK3DTVCe8ugIC2APOdAMg0MdQ8xWA5S2JRCLjx4t/PMtyDQqQIlivEVfIR7JSn54oPLZ vKnw== MIME-Version: 1.0 X-Received: by 10.180.9.171 with SMTP id a11mr28981145wib.60.1424022224056; Sun, 15 Feb 2015 09:43:44 -0800 (PST) Received: by 10.27.210.200 with HTTP; Sun, 15 Feb 2015 09:43:44 -0800 (PST) In-Reply-To: References: Date: Sun, 15 Feb 2015 09:43:44 -0800 Message-ID: Subject: Re: UPnP inspector and mediatomb on different Subnets. From: Waitman Gobble To: KK CHN Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2015 17:43:46 -0000 On Sun, Feb 15, 2015 at 9:08 AM, KK CHN wrote: > Sorry for reposting this as I didn't receive any hints so far . Apologies!! > > > List, > > I have a FreeBSD-10 server box running on 10.184.0.37 IP Address and a > Debian Desktop running on 10.184.39.120 > > > I installed mediatomb in my FreeBSD10 box (Recompiled the kernel with > option MROUTING for multicast support. I am not sure whether the FreeBSD-10 > installation supports Multicast out of box. So I recompiled the Kernel with > MROUTING option.) > > I referred this link for Installing Mediatomb on FreeBSD ==> > virtuallyhyper.com/2012/10/installing-mediatomb-on-freebsd-9-and-connecting-to-it-with-xbmc-from-a-fedora-17-os/ > > Mediatomb installed on this box up and running I can point from Desktop m/c > browser to the URL http://my_server_ip:49152 showing the mediatomb html > page .. > > But I can't get the Mediatomb server detected by the UPnP inspector from > my Desktop PC. > > Here my Desktop PC is on 10.184.39.120 IP Address and My FreeBSD box with > mediatomb server is in 10.184.0.37 IP Address. > > I suspect the UPnP inspector failed to find the mediatomb inspector due to > they are on different subnets. > > A work around, that I am not very familiar with is to install OpenVPN > server in freebsd box and OpenVPN client in my Desktop PC so as to make a > Virtual network of the server and desktop pc on same subnet by using > OpenVPN. > > ( > http://mediatomb.cc/dokuwiki/faq:faq#my_upnp_player_can_not_see_mediatomb_what_is_wrong > says to do the VPN tunneling) So I given a try.. > > I have done that and started OpenVPN in server box and OpenVPN client in > Desktop PC > > I can see that from the ifconfig output of my server box the "tun0" > interface is up with Multi cast support > > tun0: flags=8051 metric 0 mtu 1500 > options=80000 > inet6 fe80::20e:cff:fee4:62c%tun0 prefixlen 64 scopeid 0x4 > inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff > nd6 options=21 > Opened by PID 62158 > > > > And in Desktop pc I started the client by# openvpn --script-security 2 > --config /etc/openvpn/client.conf I can see tun0 up here too. > > > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:10 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:3542 (3.4 KiB) TX bytes:0 (0.0 B) > > > I launch the UPnP inspector from the Desktop PC, Still it unable to show > the mediatomb server in the UPnP Inspector. > > Am I doing the the right way? > > > Any more inputs required, I can attach the required inputs whatever > required to analyze the problem. > > > > I am able to ping from the Desktop pc(A debian Distro ) to the FreeBSD > Server after the OpenVPN setting up > > root@[openvpn]#ping 10.184.0.37 (Original Remote IP of FBSD Box specified > in the openvpn client.conf) > > PING 10.184.0.37 (10.184.0.37) 56(84) bytes of data. > 64 bytes from 10.184.0.37: icmp_req=1 ttl=63 time=0.223 ms > 64 bytes from 10.184.0.37: icmp_req=2 ttl=63 time=0.256 ms > > > Also pinging the new tun0 iP to the server box also works > > root@kk[openvpn]#ping 10.8.0.1 > PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. > 64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=0.778 ms > 64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=0.720 ms > ^Z > > This is the netstat -r output in Desktop PC for reference purpose.. > > root@dhaneshkk[openvpn]#netstat -rn > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 0.0.0.0 10.184.39.1 0.0.0.0 UG 0 0 0 > eth1 > 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 > tun0 > 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 > tun0 > 10.184.39.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > > > netstat -r output in server box is > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 10.184.0.1 UGS 0 46021 em0 > 10.8.0.0/24 10.8.0.2 UGS 0 447 tun0 > 10.8.0.1 link#4 UHS 0 0 lo0 > 10.8.0.2 link#4 UH 0 8 tun0 > 10.184.0.0/24 link#1 U 0 3817 em0 > 10.184.0.37 link#1 UHS 0 0 lo0 > 127.0.0.1 link#3 UH 0 27650 lo0 > > Internet6: > ...................... > > > Do I have to add any manual root after the OpenVPN setup in both server > and client PCs? > > If so what to add? > > > > > Here is my openvpn.conf file of server box.. > > > cat openvpn.conf > > ################################################# > # Sample OpenVPN 2.0 config file for # > # multi-client server. # > # # > # This file is for the server side # > # of a many-clients <-> one-server # > # OpenVPN configuration. # > # # > # OpenVPN also supports # > # single-machine <-> single-machine # > # configurations (See the Examples page # > # on the web site for more info). # > # # > # This config should work on Windows # > # or Linux/BSD systems. Remember on # > # Windows to quote pathnames and use # > # double backslashes, e.g.: # > # "C:\\Program Files\\OpenVPN\\config\\foo.key" # > # # > # Comments are preceded with '#' or ';' # > ################################################# > > # Which local IP address should OpenVPN > # listen on? (optional) > ;local a.b.c.d > > # Which TCP/UDP port should OpenVPN listen on? > # If you want to run multiple OpenVPN instances > # on the same machine, use a different port > # number for each one. You will need to > # open up this port on your firewall. > port 1194 > > # TCP or UDP server? > ;proto tcp > proto udp > > # "dev tun" will create a routed IP tunnel, > # "dev tap" will create an ethernet tunnel. > # Use "dev tap0" if you are ethernet bridging > # and have precreated a tap0 virtual interface > # and bridged it with your ethernet interface. > # If you want to control access policies > # over the VPN, you must create firewall > # rules for the the TUN/TAP interface. > # On non-Windows systems, you can give > # an explicit unit number, such as tun0. > # On Windows, use "dev-node" for this. > # On most systems, the VPN will not function > # unless you partially or fully disable > # the firewall for the TUN/TAP interface. > ;dev tap > dev tun > > # Windows needs the TAP-Win32 adapter name > # from the Network Connections panel if you > # have more than one. On XP SP2 or higher, > # you may need to selectively disable the > # Windows firewall for the TAP adapter. > # Non-Windows systems usually don't need this. > ;dev-node MyTap > > # SSL/TLS root certificate (ca), certificate > # (cert), and private key (key). Each client > # and the server must have their own cert and > # key file. The server and all clients will > # use the same ca file. > # > # See the "easy-rsa" directory for a series > # of scripts for generating RSA certificates > # and private keys. Remember to use > # a unique Common Name for the server > # and each of the client certificates. > # > # Any X509 key management system can be used. > # OpenVPN can also use a PKCS #12 formatted key file > # (see "pkcs12" directive in man page). > ca ca.crt > cert server.crt > key server.key # This file should be kept secret > > # Diffie hellman parameters. > # Generate your own with: > # openssl dhparam -out dh2048.pem 2048 > #dh dh2048.pem > dh dh1024.pem > # Network topology > # Should be subnet (addressing via IP) > # unless Windows clients v2.0.9 and lower have to > # be supported (then net30, i.e. a /30 per client) > # Defaults to net30 (not recommended) > ;topology subnet > > # Configure server mode and supply a VPN subnet > # for OpenVPN to draw client addresses from. > # The server will take 10.8.0.1 for itself, > # the rest will be made available to clients. > # Each client will be able to reach the server > # on 10.8.0.1. Comment this line out if you are > # ethernet bridging. See the man page for more info. > server 10.8.0.0 255.255.255.0 > > # Maintain a record of client <-> virtual IP address > # associations in this file. If OpenVPN goes down or > # is restarted, reconnecting clients can be assigned > # the same virtual IP address from the pool that was > # previously assigned. > ifconfig-pool-persist ipp.txt > > # Configure server mode for ethernet bridging. > # You must first use your OS's bridging capability > # to bridge the TAP interface with the ethernet > # NIC interface. Then you must manually set the > # IP/netmask on the bridge interface, here we > # assume 10.8.0.4/255.255.255.0. Finally we > # must set aside an IP range in this subnet > # (start=10.8.0.50 end=10.8.0.100) to allocate > # to connecting clients. Leave this line commented > # out unless you are ethernet bridging. > ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 > > # Configure server mode for ethernet bridging > # using a DHCP-proxy, where clients talk > # to the OpenVPN server-side DHCP server > # to receive their IP address allocation > # and DNS server addresses. You must first use > # your OS's bridging capability to bridge the TAP > # interface with the ethernet NIC interface. > # Note: this mode only works on clients (such as > # Windows), where the client-side TAP adapter is > # bound to a DHCP client. > ;server-bridge > > # Push routes to the client to allow it > # to reach other private subnets behind > # the server. Remember that these > # private subnets will also need > # to know to route the OpenVPN client > # address pool (10.8.0.0/255.255.255.0) > # back to the OpenVPN server. > ;push "route 192.168.10.0 255.255.255.0" > ;push "route 192.168.20.0 255.255.255.0" > > # To assign specific IP addresses to specific > # clients or if a connecting client has a private > # subnet behind it that should also have VPN access, > # use the subdirectory "ccd" for client-specific > # configuration files (see man page for more info). > > # EXAMPLE: Suppose the client > # having the certificate common name "Thelonious" > # also has a small subnet behind his connecting > # machine, such as 192.168.40.128/255.255.255.248. > # First, uncomment out these lines: > ;client-config-dir ccd > ;route 192.168.40.128 255.255.255.248 > # Then create a file ccd/Thelonious with this line: > # iroute 192.168.40.128 255.255.255.248 > # This will allow Thelonious' private subnet to > # access the VPN. This example will only work > # if you are routing, not bridging, i.e. you are > # using "dev tun" and "server" directives. > > # EXAMPLE: Suppose you want to give > # Thelonious a fixed VPN IP address of 10.9.0.1. > # First uncomment out these lines: > ;client-config-dir ccd > ;route 10.9.0.0 255.255.255.252 > # Then add this line to ccd/Thelonious: > # ifconfig-push 10.9.0.1 10.9.0.2 > > # Suppose that you want to enable different > # firewall access policies for different groups > # of clients. There are two methods: > # (1) Run multiple OpenVPN daemons, one for each > # group, and firewall the TUN/TAP interface > # for each group/daemon appropriately. > # (2) (Advanced) Create a script to dynamically > # modify the firewall in response to access > # from different clients. See man > # page for more info on learn-address script. > ;learn-address ./script > > # If enabled, this directive will configure > # all clients to redirect their default > # network gateway through the VPN, causing > # all IP traffic such as web browsing and > # and DNS lookups to go through the VPN > # (The OpenVPN server machine may need to NAT > # or bridge the TUN/TAP interface to the internet > # in order for this to work properly). > ;push "redirect-gateway def1 bypass-dhcp" > > # Certain Windows-specific network settings > # can be pushed to clients, such as DNS > # or WINS server addresses. CAVEAT: > # http://openvpn.net/faq.html#dhcpcaveats > # The addresses below refer to the public > # DNS servers provided by opendns.com. > ;push "dhcp-option DNS 208.67.222.222" > ;push "dhcp-option DNS 208.67.220.220" > > # Uncomment this directive to allow different > # clients to be able to "see" each other. > # By default, clients will only see the server. > # To force clients to only see the server, you > # will also need to appropriately firewall the > # server's TUN/TAP interface. > ;client-to-client > > # Uncomment this directive if multiple clients > # might connect with the same certificate/key > # files or common names. This is recommended > # only for testing purposes. For production use, > # each client should have its own certificate/key > # pair. > # > # IF YOU HAVE NOT GENERATED INDIVIDUAL > # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, > # EACH HAVING ITS OWN UNIQUE "COMMON NAME", > # UNCOMMENT THIS LINE OUT. > ;duplicate-cn > > # The keepalive directive causes ping-like > # messages to be sent back and forth over > # the link so that each side knows when > # the other side has gone down. > # Ping every 10 seconds, assume that remote > # peer is down if no ping received during > # a 120 second time period. > keepalive 10 120 > > # For extra security beyond that provided > # by SSL/TLS, create an "HMAC firewall" > # to help block DoS attacks and UDP port flooding. > # > # Generate with: > # openvpn --genkey --secret ta.key > # > # The server and each client must have > # a copy of this key. > # The second parameter should be '0' > # on the server and '1' on the clients. > ;tls-auth ta.key 0 # This file is secret > > # Select a cryptographic cipher. > # This config item must be copied to > # the client config file as well. > ;cipher BF-CBC # Blowfish (default) > ;cipher AES-128-CBC # AES > ;cipher DES-EDE3-CBC # Triple-DES > > # Enable compression on the VPN link. > # If you enable it here, you must also > # enable it in the client config file. > comp-lzo > > # The maximum number of concurrently connected > # clients we want to allow. > ;max-clients 100 > > # It's a good idea to reduce the OpenVPN > # daemon's privileges after initialization. > # > # You can uncomment this out on > # non-Windows systems. > ;user nobody > ;group nobody > > # The persist options will try to avoid > # accessing certain resources on restart > # that may no longer be accessible because > # of the privilege downgrade. > persist-key > persist-tun > > # Output a short status file showing > # current connections, truncated > # and rewritten every minute. > status openvpn-status.log > > # By default, log messages will go to the syslog (or > # on Windows, if running as a service, they will go to > # the "\Program Files\OpenVPN\log" directory). > # Use log or log-append to override this default. > # "log" will truncate the log file on OpenVPN startup, > # while "log-append" will append to it. Use one > # or the other (but not both). > ;log openvpn.log > ;log-append openvpn.log > > # Set the appropriate level of log > # file verbosity. > # > # 0 is silent, except for fatal errors > # 4 is reasonable for general usage > # 5 and 6 can help to debug connection problems > # 9 is extremely verbose > verb 3 > > # Silence repeating messages. At most 20 > # sequential messages of the same message > # category will be output to the log. > ;mute 20 > ################################################# > > > Here is my client.conf file of openvpn client in Desktop PC.. > > boss@kk[openvpn]$cat client.conf > ############################################## > # Sample client-side OpenVPN 2.0 config file # > # for connecting to multi-client server. # > # # > # This configuration can be used by multiple # > # clients, however each client should have # > # its own cert and key files. # > # # > # On Windows, you might want to rename this # > # file so it has a .ovpn extension # > ############################################## > > # Specify that we are a client and that we > # will be pulling certain config file directives > # from the server. > client > > # Use the same setting as you are using on > # the server. > # On most systems, the VPN will not function > # unless you partially or fully disable > # the firewall for the TUN/TAP interface. > ;dev tap > dev tun > > # Windows needs the TAP-Win32 adapter name > # from the Network Connections panel > # if you have more than one. On XP SP2, > # you may need to disable the firewall > # for the TAP adapter. > ;dev-node MyTap > > # Are we connecting to a TCP or > # UDP server? Use the same setting as > # on the server. > ;proto tcp > proto udp > > # The hostname/IP and port of the server. > # You can have multiple remote entries > # to load balance between the servers. > remote 10.184.0.37 1194 > ;remote my-server-2 1194 > > # Choose a random host from the remote > # list for load-balancing. Otherwise > # try hosts in the order specified. > ;remote-random > > # Keep trying indefinitely to resolve the > # host name of the OpenVPN server. Very useful > # on machines which are not permanently connected > # to the internet such as laptops. > resolv-retry infinite > > # Most clients don't need to bind to > # a specific local port number. > nobind > > # Downgrade privileges after initialization (non-Windows only) > ;user nobody > ;group nogroup > user nobody > group nogroup > # Try to preserve some state across restarts. > persist-key > persist-tun > > # If you are connecting through an > # HTTP proxy to reach the actual OpenVPN > # server, put the proxy server/IP and > # port number here. See the man page > # if your proxy server requires > # authentication. > ;http-proxy-retry # retry on connection failures > ;http-proxy [proxy server] [proxy port #] > > # Wireless networks often produce a lot > # of duplicate packets. Set this flag > # to silence duplicate packet warnings. > ;mute-replay-warnings > > mute-replay-warnings > # SSL/TLS parms. > # See the server config file for more > # description. It's best to use > # a separate .crt/.key file pair > # for each client. A single ca > # file can be used for all clients. > ca /etc/openvpn/certs/ca.crt > cert /etc/openvpn/certs/kk.crt > key /etc/openvpn/certs/kk.key > > # Verify server certificate by checking > # that the certicate has the nsCertType > # field set to "server". This is an > # important precaution to protect against > # a potential attack discussed here: > # http://openvpn.net/howto.html#mitm > # > # To use this feature, you will need to generate > # your server certificates with the nsCertType > # field set to "server". The build-key-server > # script in the easy-rsa folder will do this. > ns-cert-type server > > # If a tls-auth key is used on the server > # then every client must also have the key. > ;tls-auth ta.key 1 > > # Select a cryptographic cipher. > # If the cipher option is used on the server > # then you must also specify it here. > ;cipher x > > # Enable compression on the VPN link. > # Don't enable this unless it is also > # enabled in the server config file. > comp-lzo > > # Set log file verbosity. > verb 3 > > # Silence repeating messages > ;mute 20 > up /etc/openvpn/update-resolv-conf > down /etc/openvpn/update-resolv-conf > ################################################# > > > ifconfig out put of Client box > > boss@kk[openvpn]$/sbin/ifconfig > eth1 Link encap:Ethernet HWaddr 74:46:a0:8e:43:6b > inet addr:10.184.39.120 Bcast:10.184.39.255 Mask:255.255.255.0 > inet6 addr: fe80::7646:a0ff:fe8e:436b/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:633611 errors:0 dropped:0 overruns:0 frame:0 > TX packets:253003 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:345194263 (329.2 MiB) TX bytes:41049274 (39.1 MiB) > Interrupt:20 Memory:f7d00000-f7d20000 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:92 errors:0 dropped:0 overruns:0 frame:0 > TX packets:92 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:7132 (6.9 KiB) TX bytes:7132 (6.9 KiB) > > tun0 Link encap:UNSPEC HWaddr > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 > inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:17 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:5481 (5.3 KiB) TX bytes:168 (168.0 B) > > wlan0 Link encap:Ethernet HWaddr 10:fe:ed:8c:19:47 > inet6 addr: fe80::12fe:edff:fe8c:1947/64 Scope:Link > UP BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:38182 errors:0 dropped:1 overruns:0 frame:0 > TX packets:2273 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:4403352 (4.1 MiB) TX bytes:446232 (435.7 KiB) > > > ########################## > > > IFCONFIG Output of Server box > > # ifconfig > em0: flags=8843 metric 0 mtu 1500 > > options=209b > ether 00:0e:0c:e4:06:2c > inet 10.184.0.37 netmask 0xffffff00 broadcast 10.184.0.255 > inet6 fe80::20e:cff:fee4:62c%em0 prefixlen 64 scopeid 0x1 > nd6 options=29 > media: Ethernet autoselect (100baseTX ) > status: active > em1: flags=8802 metric 0 mtu 1500 > > options=209b > ether 00:0e:0c:e4:06:2d > nd6 options=29 > media: Ethernet autoselect > status: no carrier > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=21 > tun0: flags=8051 metric 0 mtu 1500 > options=80000 > inet6 fe80::20e:cff:fee4:62c%tun0 prefixlen 64 scopeid 0x4 > inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff > nd6 options=21 > Opened by PID 62158 > > > > I made sure the mediatomb Server is listening on the new VPN IP of server > box of tun0 "10.8.0.1" > > /etc/rc.conf > mediatomb_enable="YES" > mediatomb_flags="-i 10.8.0.1" // New openVPN ip address > > I can access in the browser of my Desktop PC to the URL of server > > http://10.8.0.1:49152 (OpenVPN assigned IP) mediatomb web html page is > loading properly. > > http://10.184.0.37:49152 (original IP address of Server box) also > showing the mediatomb web page in browser when accessed from the Desktop. > > But launching the UPnP inspector from the Desktop PC unable to detect the > mediatomb server.. Here I am at the end of the rope!! > > > Definitely a N/W configuration issue.. Any hints most welcome.. > > Dhanesh. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hi, I haven't much liked UPnP inspector, seems to me like it's not really picking everything up. All UPnP devices will broadcast/perform queries to 239.255.255.250 port 1900 (UDP). You can do a simple query by sending an M-SEARCH * command Here's a quick Tcl script that works pretty good. https://gist.github.com/waitman/ec3c50e9ab5ef7e22a91 if you send an M-SEARCH * query with ST: ssdp:all (see the line commented out) it should return everything in 'sight'. (including chrome/chromium browsers running on your client machines, which are querying for UPnP devices). -- Waitman Gobble Los Altos California USA 510-830-7975