[Openvpn-users] Re: Windows Network Neighborhood browsing over Vpn tunnel

  Subject: [Openvpn-users] Re: Windows Network Neighborhood browsing over Vpn tunnel
  From: Charles Duffy
  Date: Wed, 12 Jan 2005 18:15:35 -0600

On Thu, 13 Jan 2005 00:12:10 +0100, osgaldo wrote:

> I need to join each subnets over the internet with a Vpn so that windows 
> users on each lan can access or see the other subnet using
> the windows neighborhood Icon on their desktops.
> As I read in the Docs, I should use a Tap device instead of Tun for that 
> purpose, with bridging over ethernet.

You can use either tun or tap for connecting two LANs -- the question is
*how* you want to connect them.

If you want them to appear as if they're both the same network not only
in terms of Windows file sharing but also in terms of IP address space,
and you have bandwidth to spare, use tap to bridge them into a single,
large network.

If you want them to have distinct IP address ranges (so it's obvious
what's on one network versus the other), you don't run non-IP protocols,
and you're willing to configure a WINS server, use tun to connect the two,
distinct networks (and use WINS to tell the Windows clients how to find
each other).

Personally, I strongly prefer tun.

>    Do I have to compile something into the kernel (2.4.x) in order to 
> make the bridge work? install additional package?

You need brctl and friends. Most linux distributions include them. There's
also some kernel support; it's present by default.

> Do I have to use Certs or Preshared-Keys? Or is this irrelevant?

Doesn't matter in this case. (If you were to run a multi-client server,
you'd need certs; in most other cases, it doesn't make a difference other
than the security merits of the two).

> I have seen an example script for starting and stopping the bridge but  
> I cant  find an bridge example file for the tunnel.config using tap.???
> Am I mixing concepts here?

Yes. Bridging only works in tap mode, not tun. Tun mode uses routing
rather than bridging.

> Is it possible to add a third(or more) linux server to this scenario so 
> that 3 subnets can see each other in the network neighborhood?

It's possible. Note that the more systems you add, the more broadcast
traffic you'll have (and the more outgoing streams that broadcast traffic
will need to be mirrored over), and so the bigger your bandwidth savings
for using tun will be.

