|
|
On Thu, 8 Sep 2005, James Yonan wrote: But the discussion continued, and more recently we hit upon the idea to use a proxy-ARP mechanism to allow the TAP-Win32 driver to support tun-mode subnets: Cool! I was just thinking about this feature a day ago because I had a customer ask me about how to use OpenVPN to tunnel a public IP address over a network using private IP addresses. This feature fits this need perfectly as using /30 subnets waists public IP addresses and --dev tap waists bandwidth with broadcasts and packet overhead. A couple of questions: What happends with IP broadcasts with this topology? Are they dropped or forwarded to all clients? Does this solve the "security issue" with --dev tap that the IP address wasn't checked if it really belonged to the correct client or not (without using iptables or such todo this check outside of OpenVPN)? I mean does this new topology pass the same checks as normal --dev tun mode? I assume the normal ways of assigning static IP addresses can still be used; ccd files, client-connect scripts and ipp files, right? Great work - as always // Mathias -- _____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign OpenVPN GUI for Windows X NO HTML/RTF in e-mail http://openvpn.se/ / \ NO Word docs in e-mail Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00081.html on line 199 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-09/msg00081.html on line 199 |