|
|
On Wed, 2004-01-07 at 08:40, Raymond wrote: > > The bridge essentially routes all traffic bound to/from the physical network > > adapter to all the bridged tunnels. > > So the bridge IP is the default route for all the bridged clients? > Well, no, the default route is set by the routing table in each client. And the default client on each client needs to be to their actual gateway, or the VPN packets won't make it to the other side of the VPN. > > > It's not only the same network address space, it's the same address as > > eth1. You remove the ip address from eth1, and configure the bridge to > > replace it. > > Would it be safe to say that an unbound NIC is required if one does not > wish to supplant an existing network? > Not quite sure what you mean by this. You mean, to create a "virtual" LAN between the VPN clients? I really don't know. I would think if you want to bridge together a bunch of VPN clients, you probably don't need to bridge any NIC--just bridge all the tap devices and configure IP addresses manually. In this case, I would think you could keep your NIC unbridged, and give the bridge an IP address on the same subnet as the clients. This would keep the clients from seeing any other computers on the LAN beyond the OpenVPN server (I think). Is that what you're trying to do? I actually have a potential client who wants to create a virtual LAN between half a dozen computers--they're a small company without an office or a server, and everyone works from their home. This might be a solution, if it works. The way I've done it, I bridged the NIC on the VPN server to all the tap devices, unbound the original IP address for the NIC, and bound that address to the bridge itself. This has the effect of putting all of the remote tap interfaces and the NIC on the same ethernet segment (which I thought was the whole purpose of the bridge). If you bridge the tap devices to an unused NIC, those tap devices can only talk to each other--they're not attached to your LAN. If you want the clients to connect to your LAN, you have to bridge a NIC attached to that LAN. Hope that helps... -- John Locke Open Source solutions for small business problems http://freelock.com ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |