[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Setup with bridge


  • Subject: RE: [Openvpn-users] Setup with bridge
  • From: Scott MacKay <scottmackay@xxxxxxxxx>
  • Date: Thu, 22 Jul 2004 10:11:06 -0700 (PDT)

Yup, stuff in there makes more sense now.  I guess my
issue then is that I want to use the tun design, but
on a box who's only interface is a bridge (so the role
of 'bridge' is not related to the tunnel, it just is
how the system is configured).  I don't really have an
'external/internal' interface setup.
So: simple diagram:

HOSTA-------BRIDGEA-------ROUTER------BRIDGEB-----HOSTB

BridgeA and BridgeB are my linux bridge configured
machines.  HostA and HostB are connect to the bridge
such that HostA physically goes thru BridgeA to get to
Router (Done so I can accept/deny packets from HostA
to other places).  Router is 1 or more router hops
separating BridgeA from BridgeB.
Recap is that BridgeA IP is 192.168.1.191 and BridgeB
IP is 192.168.2.181.
Right now, BridgeA and BridgeB can talk, so those IPs
route properly.
Would I use a tun device for this scenario?
BridgeA: openvpn --remote 192.168.2.181 --dev tun0
--ifconfig 10.0.0.1 10.0.1.1
BridgeB: openvpn --remote 192.168.1.191 --dev tun0
--ifconfig 10.0.1.1 10.0.0.1





--- knetknight <mailbox1@xxxxxxxxxxxx> wrote:
> > I was pretty sure the --ifconfig option of openvpn
> was
> >
> > --ifconfig localIP  remoteIP
> 
> that is the format for tun connections. tap
> connections use
>  --ifconfig localIP NetMask
> 
> since one of the primary purposes of a bridge and
> tap devices is to create
> a common broadcast domain it "typically" follows
> that you want the openvpn
> sessions that connect to it to use ifconfigs that
> place them in the same
> ip subnet.
> 
> e.g. on one end...
> --ifconfig 10.0.0.1 255.255.255.0
> 
> and on the other...
> --ifconfig 10.0.0.2 255.255.255.0
> 
> > I was also unsure about using tun0 vs tap0.
> 
> tun is more effecient because it's a point-to-point
> connection that
> doesn't forward chatty broadcasts. tun works at
> layer 3 of the OSI model
> and thus typically routes only IP traffic across the
> link.
> 
> tap is not as effecient but is useful for when you
> absolutely need the two
> (or more) ends to exchange broadcast traffic. (e.g.
> games, windows network
> browsing without a wins server) or if you need to
> tunnel a protocol other
> than IP. tap devices work at layer 2 of the OSI
> model and can encapsulate
> other protocols (IPX/SPX for example) into IP, shove
> it across an IP-only
> network (i.e. the Internet), unwrap it on the end,
> and then put the packet
> on the remote sides ethernet as an IPX/SPX packet
> again... pretty cool if
> that's what you need.
> 
> hope that makes sense and that i actually answered
> your question. :-)
> 
> 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic
> Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1
> today.
>
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users