Hi everyone,
I’ve recently noticed an issue when running Time Machine on my TrueNAS VM. Here is the setup…
- I have (2) subnets or physical VLANs, one for my network equipment/servers/wired devices (192.168.10.0/24) and another for regular/wireless devices like laptops/phones/etc (192.168.20.0/24)
- Both subnets are configured on a pfSense device (physical, not a VM) and rules between the (2) subnets are open for all traffic to pass
- I also have a Netgear router configured as a dumb AP with OpenWRT flashed on it, it is setup for DynamicPSK
- My TrueNAS VM is on the .10 subnet and I usually have my MacBook on the .20 subnet
I setup a dataset on TrueNAS to run as a Time Machine backup server and did an initial backup of my MacBook when connected to the network via ethernet. This is so the initial TM backup would run faster and the incremental TM backups wouldn’t take as long.
Now here’s the issue…I noticed that when I was running an incremental backup of my MacBook while connected to the .20 subnet, it wouldn’t complete. It tried multiple times but just couldn’t finish and would stall. When I connected my MacBook to the .10 subnet (again this is wirelessly since I have DynamicPSK configured on my AP), the backup runs fine. It’s actually running as of this writing.
So I’m curious if anyone has a similar setup of physically separated subnets or VLANs, and has an issue with TM backups stalling or not completing when both devices are not on the same subnet. Any help or insight would be appreciated and I am more than will to provide any info needed to help. If it’s not the NAS, I’ll have to look at the firewall rules, but it’s all open between the subnets (as mentioned earlier in this post.
TIA 
So after a couple month I still haven’t been able to get this to work. I even added another NIC to the VM so it is accessible via both subnets, TM won’t even show when on the second subnet.
Someone has to have had a similar issue. IF anyone can provide some info, that would be great. I am more than willing to provide any info needed to figure this out. Thanks.
Time Machine relies on Bonjour (Apple’s version/brand name for mDNS) to announce itself to the network. If your pfsense device (I assume that’s the device that’s routing between your two /24s) isn’t forwarding the mDNS announces from one network to the other that could be a problem, and explain why it works when the client’s on the same network as the server.
Is your pfsense device the same device that routes between your local networks and the Internet? If so, does everything have it set as the default gateway? If not, do your hosts on the different networks know what gateway to use for the Internet (the default gateway) and for accessing the other networks (the pfsense box?)
It sounds like you’ve got two routers on your network: the openwrt and pfsense devices, so this is probably going to be about routing.
2 Likes
FWIW, you can use tmutil to set up a time machine backup without using mDNS. See man tmutil on MacOS.
3 Likes
Yeah, you can manually add a server by IP as a Time Machine target. But as the network sounds a bit wonky to me, I 'd suggest diagnosing and fixing that first 
@WiteWulf
Time Machine relies on Bonjour (Apple’s version/brand name for mDNS) to announce itself to the network. If your pfsense device (I assume that’s the device that’s routing between your two /24s) isn’t forwarding the mDNS announces from one network to the other that could be a problem, and explain why it works when the client’s on the same network as the server.
I have Avahi running on my pfSense device and TM is seen by the client when it’s connected to the .20 subnet. However it never completes. Only when the client is on the .10 subnet does it complete successfully.
@WiteWulf
Is your pfsense device the same device that routes between your local networks and the Internet?
Yes.
@WiteWulf
If so, does everything have it set as the default gateway? If not, do your hosts on the different networks know what gateway to use for the Internet (the default gateway) and for accessing the other networks (the pfsense box?)
DHCP hands out the default gateway per subnet. So the gateway for the .10 subnet is 10.1, and 20.1 for the .20 subnet. The firewall on the pfSense allows traffic between the 2 subnets and all clients can see TureNAS and TM.
@WiteWulf
It sounds like you’ve got two routers on your network: the openwrt and pfsense devices, so this is probably going to be about routing.
The is only one router on the network. As stated in my original post, the Netgear router (OpenWRT) is setup as a dumb AP and all router/DHCP functions have been disabled. This has been confirmed since I first set it up.
@awalkerix FWIW, you can use tmutil to set up a time machine backup without using mDNS. See man tmutil on MacOS.
Good to know, I’ll check that out.
1 Like
Network seems fine for everything else. Devices on the .20 subnet can easily connect to the NAS shares without issues. Only seems to be for TM. Again all traffic between the subnets are allowed via the pfSense firewall rules.
You won’t see mDNS advertisements from a different broadcast domain. You can use dns-sd -B on the MacOS client to check what devices you’re seeing. If you can’t see advertisements from the other subnet, then that’s the problem you need to fix (or not, if you’re OK with eschewing mDNS).
So when TrueNAS only has one NIC on the .10 subnet, and the client is on the .20 subnet, you’re saying the client can’t see the TM broadcast due to it being on a different subnet?
1 Like
Does your router have an mDNS repeater functionality?
Correct. mDNS is a Layer 2 protocol and does not route between subnets. You can “hack” this with something like Avahi running on your pfSense box. In my experience this does not always work well.
Avahi package | pfSense Documentation (netgate.com)
4 Likes
My pfSense has Avahi installed. This allows to broadcast mDNS over different subnets (NAS is on .10 and client is on .20). When Avahi is configured properly, I can see the TM disks. However the backup will never complete when the client is on the .20 subnet. I’ve only been able to complete successfully when on the .10 subnet (same subnet as the NAS/TM disk).
If I add a second NIC to the NAS and assign it to the .20 subnet, and disable Avahi on pfSense, I cannot see the TM disk on the .20 subnet (still accessible on the .10 subnet).
Right, which is why I was trying to add a second NIC to the NAS on the .20 subnet so those clients can run TM. However nothing is broadcast on that subnet after I disable Avahi on pfSense. I was thinking by adding the second NIC on the .20 subnet would allow the client to access TM thru the .20 NIC but that’s not the case.
Can you run this command, replacing “enp5s0” with the name of your adapter thats in the .20 subnet? This will let us know whats going on
root@prod[~]# tcpdump -ni enp5s0 port 5353
14:47:46.198835 IP 10.69.10.73.5353 > 224.0.0.251.5353: 0*- [0q] 4/0/3 (Cache flush) KEY, (Cache flush) SRV Wemo-Plug-972.local.:5683 0 0, (Cache flush) TXT "c#=2" "ff=2" "id=3B:EA:D5:E5:A8:E3" "md=WSP100" "pv=1.2" "s#=874" "sf=0" "ci=7" "sh=Nx4Teg==", PTR Wemo Plug 972._hap._udp.local. (339)
14:47:46.198837 IP6 fe80::105e:bf6b:a159:5387.5353 > ff02::fb.5353: 0*- [0q] 4/0/3 (Cache flush) KEY, (Cache flush) SRV Wemo-Plug-972.local.:5683 0 0, (Cache flush) TXT "c#=2" "ff=2" "id=3B:EA:D5:E5:A8:E3" "md=WSP100" "pv=1.2" "s#=874" "sf=0" "ci=7" "sh=Nx4Teg==", PTR Wemo Plug 972._hap._udp.local. (339)
14:47:46.199228 IP 10.69.10.74.5353 > 224.0.0.251.5353: 0*- [0q] 4/0/3 (Cache flush) KEY, (Cache flush) SRV Wemo-Plug-972.local.:5683 0 0, (Cache flush) TXT "c#=2" "ff=2" "id=3B:EA:D5:E5:A8:E3" "md=WSP100" "pv=1.2" "s#=874" "sf=0" "ci=7" "sh=Nx4Teg==", PTR Wemo Plug 972._hap._udp.local. (339)
14:47:46.199424 IP6 fe80::1822:1ed4:f7a2:f5e8.5353 > ff02::fb.5353: 0*- [0q] 4/0/3 (Cache flush) KEY, (Cache flush) SRV Wemo-Plug-972.local.:5683 0 0, (Cache flush) TXT "c#=2" "ff=2" "id=3B:EA:D5:E5:A8:E3" "md=WSP100" "pv=1.2" "s#=874" "sf=0" "ci=7" "sh=Nx4Teg==", PTR Wemo Plug 972._hap._udp.local. (339)
14:47:46.201980 IP6 fe80::1082:3c84:940a:8047.5353 > ff02::fb.5353: 0*- [0q] 4/0/3 (Cache flush) KEY, (Cache flush) SRV Wemo-Plug-972.local.:5683 0 0, (Cache flush) TXT "c#=2" "ff=2" "id=3B:EA:D5:E5:A8:E3" "md=WSP100" "pv=1.2" "s#=874" "sf=0" "ci=7" "sh=Nx4Teg==", PTR Wemo Plug 972._hap._udp.local. (339)
Here you go, let me know if you need more lines;
root@NAS[~]# tcpdump -ni em1 port 5353
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
12:03:31.785217 IP 192.168.20.131.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/2 (Cache flush) PTR iPhone.local., (Cache flush) PTR Darth-Vaders-iPhone.local. (196)
12:03:31.785233 IP6 fe80::14ee:9483:707a:b0c6.5353 > ff02::fb.5353: 0*- [0q] 2/0/2 (Cache flush) PTR iPhone.local., (Cache flush) PTR Darth-Vaders-iPhone.local. (196)
12:03:31.785233 IP 192.168.20.131.5353 > 224.0.0.251.5353: 0 [7q] PTR (QU)? _companion-link._tcp.local. PTR (QU)? _rdlink._tcp.local. PTR (QU)? _hap._tcp.local. PTR (QU)? _airplay._tcp.local. PTR (QU)? _hap._udp.local. PTR (QU)? lb._dns-sd._udp.local. PTR (QU)? _sleep-proxy._udp.local. (136)
So we are seeing at least your phone’s mDNS from the TrueNAS’s perspective. Is your phone natively just in the .20 VLAN?
Yes that I my phone. Would you like more info?
Well, mDNS is working in that VLAN in general. We see your phone advertising.
Are you mounting the time machine SMB share on your mac over the em1 interface on your NAS?
For me, I am running it via the FQDN, but for you, you would want to use the VLAN20 IP
Well I’m trying to use the SMB share over the em1 interface but nothing shows up. When on the em0 interface (.10), I see the TM disk just like in your screenshot, and it uses the FQDN.
If I need to use the VLAN20 IP, how would I add that in the TM settings?
tmutil setdestination /Volumes/YourTimeMachineDrive
Connect to your TrueNAS here via the correct IP:
Then you should have it mounted to a local path, the one you specify above.
In my case it gets mounted to /Volumes/timemachine
3 Likes
