[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Basic bridging concept questions

  • Subject: [Openvpn-users] Basic bridging concept questions
  • From: Whit Blauvelt <whit@xxxxxxxxxxxxx>
  • Date: Sun, 23 Jan 2005 18:14:19 -0500


The project is to use OpenVPN 2 running on Linux (2.4 kernel at the moment)
to bridge connections from a half-dozen remote developers to the company
LAN. I've looked at http://openvpn.net/bridge.html and at the FAQ and HOWTO
at http://bridge.sourceforge.net/document.html, and while both are clear
documents they presume background knowledge of bridging on Linux that I
lack. Some of the complex stuff I understand, but the simple stuff that I
should presumably already know is foggy.

Can someone please give a clear picture of the relationship of IPs, network
cards, and bridge devices? As the network currently sits, there are two
Linux router/firewall boxes, each dual-homed (two different external Net
connections each with multiple IPs). The second box, which is a mirror and
backup of the other, is the one I'd like to use for the bridge (so as to
keep this load off the main router). But when the second box is in takeover
mode, it needs to handle both the OpenVPN bridge and normal routing to the
outside. It also needs to maintain an internal IP for its mirroring
function. I'd also like to have the first box set up to take over the
bridging function if the second box goes down. 

My first question is: The docs at bridge.sourceforge.net assume that all
you're trying to run is a bridge, rather than combining the bridging with
other functions on the same box and interfaces. So I'm unclear whether I
need a separate internal-facing NIC for the bridge, or whether a single
internal NIC is enough. The internal NIC currently has one or more IPs in
the 192.168.1.x range (one of those being the gateway to the external net
for the internal machines). It needs to maintain those. Can it be the bridge
device at the same time?

My second question is: I want the remote users to be able to connect through
both external interfaces - two different external IPs. Can this work with a
single instance of OpenVPN? 

My third question is: Is it correct to assume that the remote connections
can simply be assigned IPs by the internal dhcp server, and that existing IP
assignments on the remote machines and internal LANs don't matter? Access
from within the actual LAN to the remote systems isn't wanted or desired,
just virtual remote access inward to the LAN.

My fourth question: One remote user runs OS/X. Somewhere on the OpenVPN site
it says bridging is only for Lin & Win, but elsewhere there's a suggestion
that OS/X can do it. What's the current state of that? Also, whether through
the bridge or through a separate, no-bridging instance of OpenVPN set up for
the remote Mac, what's required for OS/X to mount Windows drives on the
internal net? (I confess to total OS/X ignorance, beyond knowing its UNIX

Thanks for any answers or pointers.


Openvpn-users mailing list