|
|
On Thu, 8 Sep 2005, James Yonan wrote: But the discussion continued, and more recently we hit upon the idea to use a proxy-ARP mechanism to allow the TAP-Win32 driver to support tun-mode subnets: Cool! I was just thinking about this feature a day ago because I had a customer ask me about how to use OpenVPN to tunnel a public IP address over a network using private IP addresses. This feature fits this need perfectly as using /30 subnets waists public IP addresses and --dev tap waists bandwidth with broadcasts and packet overhead. A couple of questions: What happends with IP broadcasts with this topology? Are they dropped or forwarded to all clients? Does this solve the "security issue" with --dev tap that the IP address wasn't checked if it really belonged to the correct client or not (without using iptables or such todo this check outside of OpenVPN)? I mean does this new topology pass the same checks as normal --dev tun mode? I assume the normal ways of assigning static IP addresses can still be used; ccd files, client-connect scripts and ipp files, right? Great work - as always // Mathias -- _____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign OpenVPN GUI for Windows X NO HTML/RTF in e-mail http://openvpn.se/ / \ NO Word docs in e-mail |