[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] LAN gaming over openVPN

  • Subject: Re: [Openvpn-users] LAN gaming over openVPN
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Wed, 28 May 2003 03:46:07 -0000

Owain Evans <tom_jones_mk2@xxxxxxxxxxx> said:

> Sorry this is slightly off topic.
> I'm trying to use openVPN to connect two linux routers, RouterA and RouterB
> with DSL connections. Now, it's all working fine except now I want to be
> able to play LAN games which involve clients both sides of the VPN. ATM the
> subnet behind RouterA is and RouterB is
> I've read somewhere that  I have to either fool the computers on subnetA
> that the clients on subnetB are on the same subnet or get multicast packets
> to travel through the vpn tunnel. Is this correct?

Yes that correct.  The "fool the computers" method is otherwise known as
ethernet bridging.  Basically you make a tunnel using TAP devices, then you
use a tool such as brctl to bridge your LAN ethernet device with the TAP
device.  If you do this on both ends of the VPN, you will create a bridged
ethernet network, i.e. an ethernet subnet that looks like a LAN to clients,
even though it's a WAN in real life.  When you set up your openvpn config,
follow the examples for tun devices, but instead use "--dev tap --tun-mtu 1500
--tun-mtu-extra 64 --up ./up-script"

up-script is a shell script to ifconfig the tap device such as:

ifconfig $1 $local netmask mtu $2

where $local is the local endpoint IP address.  Each openvpn peer uses a
different $local address (they should be taken from a private subnet, and
should be separate from the subnet of the LAN you are trying to bridge).

Once you can ping across the TAP device, then use brctl (on linux) to bridge
the tap device with your physical ethernet device.

Note that ethernet bridging over OpenVPN requires that both OpenVPN peers have
the ability to communicate with the other over a UDP port, AND the routers
along the path must support IP fragmentation.  While this is usually the case,
broken routers do exist.

Using ethernet bridging is only one possible solution.  If you can get your
client traffic to route at the IP level, then you use OpenVPN in --dev tun
mode to create a tun device linkage, then use route commands to route traffic
over the tun device.  This is somewhat more efficient than using tap devices
and ethernet bridging, but requires that you configure multicast routing.


> So I'm wondering a) is it possible b) what tools I need to use to do this.
> I've read about ethernet bridging, proxy arp, routing, or do I just need
> some clever iptables rules?
> I hope you can help, or point me in the right direction!
> Thanks Owain Evans
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users


Openvpn-users mailing list