Using iTunes Library Sharing over a VPN or the Internet

We run an L2TP-over-IPSEC VPN at home to allow remote access to our data and computers. On my server, I'm running forked-daapd, an itunes daap server for Linux. It's a great tool and I would really suggest checking it out.

This works perfectly when I'm in the house, but what if I want to access my iTunes library externally? Bonjour traffic, along with most multicast traffic usually doesn't travel over VPNs, unless you're using OpenVPN.

The solution is to use SSH tunneling. This means if you have an SSH gateway to your network, you could use that instead of a VPN.

First you have to grab the bonjour record of your library using avahi-browse on the linux box hosting your library.

Step 1: Browsing for your service

avahi-browse -ar

the -a means browse for all services, and the -r means resolve them.

You will likely see one of the services looks like this:

= eth0 IPv4 Music on server    iTunes Audio Access     local
    hostname = [server.local]
    address = []
    port = [3689]
    txt = ["ffid=some_number" "Password=true/false" "Version=some_number" "iTSh Version=some_number" "mtd-version=some_number" "Machine Name=Music on server" "Machine ID=some_number" "Database ID=some_number" "txtvers=some_number"]

You'll need to copy the bit between the square brackets in the txt argument for the next step.

Step 2: Setting up the SSH Tunnel

As my portable computer is a mac, I made a quick and easy script to make the tunnel and advertise the mDNS service.


With the following contents


dns-sd -P "Music on server" _daap._tcp local 3689 localhost.local. \ "ffid=some_number" "Password=true/false" "Version=some_number" "iTSh Version=some_number" "mtd-version=some_number" "Machine Name=Music on server" "Machine ID=some_number" "Database ID=some_number" "txtvers=some_number"

ssh -C -N -L 3689:localhost:3689 [email protected]

Obviously, you will need to change the variables to the ones copied in the previous step for your library to register correctly, and remember to put in your password for SSH (it sometimes becomes obscured by all the debug data outputted by dns-sd, but if you just type it into the terminal regardless of if debug has been echoed out as SSH is the last running command)

Remember to make the script executable

chmod +x

And run it


If everything has worked, your library should now show up in iTunes and you can listen to music remotely over the VPN or SSH.

Published 2016-09-03