[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

RE: [Openvpn-users] Setup with bridge

  • Subject: RE: [Openvpn-users] Setup with bridge
  • From: Scott MacKay <scottmackay@xxxxxxxxx>
  • Date: Thu, 22 Jul 2004 10:11:06 -0700 (PDT)

Yup, stuff in there makes more sense now.  I guess my
issue then is that I want to use the tun design, but
on a box who's only interface is a bridge (so the role
of 'bridge' is not related to the tunnel, it just is
how the system is configured).  I don't really have an
'external/internal' interface setup.
So: simple diagram:


BridgeA and BridgeB are my linux bridge configured
machines.  HostA and HostB are connect to the bridge
such that HostA physically goes thru BridgeA to get to
Router (Done so I can accept/deny packets from HostA
to other places).  Router is 1 or more router hops
separating BridgeA from BridgeB.
Recap is that BridgeA IP is and BridgeB
IP is
Right now, BridgeA and BridgeB can talk, so those IPs
route properly.
Would I use a tun device for this scenario?
BridgeA: openvpn --remote --dev tun0
BridgeB: openvpn --remote --dev tun0

--- knetknight <mailbox1@xxxxxxxxxxxx> wrote:
> > I was pretty sure the --ifconfig option of openvpn
> was
> >
> > --ifconfig localIP  remoteIP
> that is the format for tun connections. tap
> connections use
>  --ifconfig localIP NetMask
> since one of the primary purposes of a bridge and
> tap devices is to create
> a common broadcast domain it "typically" follows
> that you want the openvpn
> sessions that connect to it to use ifconfigs that
> place them in the same
> ip subnet.
> e.g. on one end...
> --ifconfig
> and on the other...
> --ifconfig
> > I was also unsure about using tun0 vs tap0.
> tun is more effecient because it's a point-to-point
> connection that
> doesn't forward chatty broadcasts. tun works at
> layer 3 of the OSI model
> and thus typically routes only IP traffic across the
> link.
> tap is not as effecient but is useful for when you
> absolutely need the two
> (or more) ends to exchange broadcast traffic. (e.g.
> games, windows network
> browsing without a wins server) or if you need to
> tunnel a protocol other
> than IP. tap devices work at layer 2 of the OSI
> model and can encapsulate
> other protocols (IPX/SPX for example) into IP, shove
> it across an IP-only
> network (i.e. the Internet), unwrap it on the end,
> and then put the packet
> on the remote sides ethernet as an IPX/SPX packet
> again... pretty cool if
> that's what you need.
> hope that makes sense and that i actually answered
> your question. :-)
> This SF.Net email is sponsored by BEA Weblogic
> Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1
> today.
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx

Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!

Openvpn-users mailing list