Re: [Openvpn-users] Re: Re: openvpn-2 tap and nat - understanding problem [partially solved]

  Subject: Re: [Openvpn-users] Re: Re: openvpn-2 tap and nat - understanding problem [partially solved]
  From: Charles Duffy <cduffy@xxxxxxxxxxx>
  Date: Thu, 13 Jan 2005 09:57:29 -0600

On Thu, 2005-01-13 at 09:12 +0100, Konrad Karl wrote:
> most useser could use UDP (better performance) but some are forced to use
> TCP and one openvpn instance cannot support both at the same time.
> (am I correct?)

Ahh; in that context, using (and connecting) multiple instances makes
more sense.

Conventionally, one using tap mode would bridge the tap devices used by
the two OpenVPN instances; or, using tun mode, just make sure that both
of them have entries in the system routing table (and no firewall rules
or other settings are preventing the system from forwarding packets as

> > That said -- do you have any good reason for using tap rather than
> > tun+WINS?
> - less configuration for windows users

Hrm? Properly set up, there's no client-side configuration at all -- all
the settings get pushed from the server. For the oddball cases that *do*
have nonstandard settings (say, need a nondefault ip-win32), I use a
client-config-dir to push those from the server.

> additionally, some games communicate via IPX (i am no expert here).

Ahh. I run a VPN in a commercial setup where network gaming isn't
exactly a prpority -- so supporting network play on older games (I've
seen IPX used in very few if any new ones) isn't exactly a
consideration. That said -- if you're putting your tap devices on
different subnets and using IP routing rather than bridging to
communicate between them, you're not going to get working IPX anyhow.

> - i want to understand the stuff :-)

Instead of switching away to something you already understand, that
could also be fixed by filling in the bits you don't understand about
tun mode.

If you can describe what elements of that you're 

