[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: openvpn and ccd


  • Subject: Re: [Openvpn-users] Re: openvpn and ccd
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Thu, 13 Apr 2006 11:25:30 -0500

Pierre LEONARD wrote:
now i continu my tour and i will work on an tap interface with a bridged mode

just a question : if is necessary to use tun interface in routed mode and tap interface bridged mode?
if i well understood
* tap interface is an virtual ethernet interface which have to be bridge with a real ethernet interface like eth0/1
* tun interface is an virtual interface too but i don't understand why there is not necessary to brigde it?

tap interfaces transfer ethernet frames; tun interfaces transfer IP packets. Common practice is to bridge tap interfaces, though routing can also be used (it's just silly -- there's more overhead since you're sending the Ethernet frame headers as well as the IP headers, so why use tap if you're going to be routing?). With tun interfaces, however, it doesn't make sense to do bridging, because they can't transfer any non-IP traffic (whereas you can put lots of other things in an ethernet frame); instead, it's expected that they'll be used for IP-level routing.


With bridging, any frames from one interface are copied over to the other; with routing, only packets which are addressed to an appropriate host are copied. Thus, when routing (with tun), you aren't sending a copy of every single broadcast message on your LAN over to every single client on your VPN; thus, you're saving what can add up to a considerable amount of bandwidth. So -- unless you have a good reason to use tap, you'll be better off with tun, and routing correctly configured.

As an aside: Please trim the quotations in your replies!


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users