Printing from ipad over wireguard

Ramon · February 2, 2021, 9:51pm

Hi all,

I need some advice.
I have a HP printer and using a raspberry pi running cups to print from a ipad. This all works fine.
However, i sometimes connect with my ipad via wireguard and also want to print in that case.
Any pointers on how to make that happen?
Currently the wireguard interface is on 192.168.16.1/24 and my main lan is on 192.168.8.1/21.
Should i just make the wireguard part of the lan subnet? that does sound like a bit of bad idea...
Or should I just do port forwarding? And if so, which ports?

Thanks,

Ramon

vgaetera · February 2, 2021, 10:17pm

Attach the WG interface to the LAN firewall zone on OpenWrt.
Make sure your LAN subnet is covered by the allowed IPs in the WG client config.
Verify that OpenWrt is the default gateway for your print server.

faser · February 3, 2021, 1:23am

Well not port fowarding but you would need to allow the ports between the two firewall zones.
Depending on which print protocol you use it would be TCP:631 or TCP:9100

Ramon · February 5, 2021, 11:29am

I have forwarding from the one zone to the other zone enabled, also tried both in one firewall zone (of course with forward to accept). The issue is that the discovery apparently is not working. I guess multicast/broadcast packets are not reaching there.

I tried putting the wireguard on 192.168.14.1/24. That did not work. I also tried 192.168.8.1/21, that locked me out of the router and had to do a full reset. I guess i need to maybe do port forwarding or some more advanced form of routing or bridging...

vgaetera · February 5, 2021, 11:38am

That's it.

It's a known issue.

You need to connect to the print server by IP.

Ramon · February 5, 2021, 12:55pm

Well printing directly from a laptop works, but thanks to Apples handy "zero config", i cant from an ipad. It needs to discover...

Maybe if i enable umdns on the router. But there is very little information on how to add something to that config.

thx for the help

vgaetera · February 5, 2021, 1:28pm

This should work to advertise the router itself, but announcing services might not be that simple.
And announcing services across subnets is even more complicated.

Ramon · February 5, 2021, 2:42pm

if i run a cups on the router maybe then announce that?

vgaetera · February 5, 2021, 2:46pm

You might need to install both:

Ramon · February 5, 2021, 9:53pm

Do you know what these two actually do?

Also i found this one: https://blog.christophersmart.com/2020/03/30/resolving-mdns-across-vlans-with-avahi-on-openwrt/
Which looks like what i want. However, seems the package is not called "avahi-daemon" anymore, and there is no dbus to start...

vgaetera · February 5, 2021, 10:10pm

It should enable mDNS and service announcement.
If that doesn't work, you can try other methods:

Ramon · February 7, 2021, 4:29pm

Ok I solved it. I Basically did what was in the link i posted above.

Its as simpel as installing the avahi-dbus-daemon
Then add under [server] in /etc/avahi/avahi-daemon.conf:
allow-interfaces=br-lan,VPN,br-guest
add under [reflector]
enable-reflector=yes

Start it:
/etc/init .d /dbus start
/etc/init .d /dbus enable
/etc/init .d /avahi-daemon start
/etc/init .d /avahi-daemon enable

Add firewall rule for guest (VPN and lan already have access to router)

Then add firewall rule to access CUPS server from guest (VPN and lan already have acces):

system · February 17, 2021, 4:29pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.