MultiCast Tunnel Creation, or Rendezvous across the Internet 
5 June 2003
Rendezvous is cool.
There just isn’t any other way about it.
If you haven’t been convinced about how cool it is, just open up iChat or turn off your DHCP server and realize that you can still communicate with your local network.
Rendezvous, also known as ZeroConf, encompasses three major ideas.
First off, Rendezvous machines will assign themselves an IP address in the 169.254.0.0-169.254.255.255 range, if they can’t get an address any other way. This allows machines to communicate with each other with no configuration on the client side. Additionally, other Mac OS X machines that have a configured IP address will be able to communicate with the Rendezvous machine. That’s really cool.
The second feature that Rendezvous brings to the table is “.local” DNS names. Every Rendezvous enabled machine will respond to its host or Rendezvous name ending in “.local.” For example my laptop knows itself as “mactroll.local.” which means I can ping it on my local network using that address.
Finally Rendezvous allows services to broadcast their existence and respond to queries. When you open up the “Connect to Server?” menu on your machine, you send out a Rendezvous query that looks for file servers on the network. Rendezvous services will respond back and fill up the window with file servers.
All of this magic happens through multicast packets. A multicast packet is sent to a specific IP address. Machines that understand the multicasted packet will be listening for traffic going to that IP and then respond accordingly. With Rendezvous those multicast packets are sent to 224.0.0.251, regardless of what network you are on.
The problem with multicast packets is that routers will typically not pass those packets on to other networks. This means that the users in your New York office won’t be able to browse the file server in your San Francisco office.
Being a good system administrator, you’ve read our articles on IPSec. You enjoyed them so much that you set up a full IPSec VPN between your two locations. Packets fly back and forth like crazy, snuggly wrapped in massive amounts of encryption. Life is pretty good, but you’d still like to see those remote servers show up in the menu when you connect to them.
Have no fear—multicast tunneling is here.
Using a Java app from a few years ago—originally set up for IPV6 session information—we can pass the Rendezvous packets from one network to another. Cruise on over to http://www.cdt.luth.se/~peppar/progs/mTunnel and download the UNIX version that you find there. You’ll need this application running on both sides of the tunnel. After it has been download and uncompressed you’ll need to edit two lines at the top of the mTunnel file itself.
Change the JAVA_HOME entry to 'JAVA_HOME="/usr/"'. Then edit the HOME entry to the path of the folder that contains the mTunnel application.
Now you need to start up both sides and get them communicating to each other. In our examples here I’ll use 10.0.37.10 for the server in New York and 192.168.223.40 for the server in San Francisco. These two machines can see each other through the IPSec VPN that you set up, so no worries there.
On the NY machine, start mTunnel with “./mTunnel -v 192.168.223.40/10000". This will start up the server on the first machine which will build a tunnel to the second machine over the udp socket on port 10000. On the SF server start it up with “./mTunnel -v 10.0.37.10/10000"
Now that both ends of the tunnel have been set up, you will need to actually set up the Rendezvous tunnel. Pick which machine is closest to you and use a web server to connect to port 9000 on them. This will bring up a web interface. You want to create a new private tunnel. Click on “Add a new tunnel,” then click on “Tunnel a private session". Select one channel. You can give this tunnel a name, perhaps “Rendezvous.” Select any “Media” type that you want. I haven’t found this to matter. For group you’ll need to enter “224.0.0.251.” And set the Baseport to “5353.” Hit the Create button at the bottom of the screen.
Now, “View all tunnels” and you should have an entry for the tunnel you just created. Hit the “No” entry under the Tunneling header and you’ll actually kick this tunnel off.
Now walk over to the soda machine and grab something cold. Casually walk around the office for a minute or two before sitting down in front of the boss' machine. Open up the “Connect to Server?” menu and look with confidence at the remote servers that have magically appeared.
This won’t work for all services. For example, iChat won’t show you the users on the remote network. I haven’t cracked that nut yet, but I’m assuming that iChat actually filters out those users that live in a separate IP range, even if it can see them. However, a lot of other Rendezvous services might work for you. Give it a whirl and see what happens.
If you like the application, drop the author a note. I have and he says he likes to hear from people. You can find his contact info in the readme file for mTunnel, or on his site.