[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] PPTP (PPP) like "proxyarp" configuration?

  • Subject: Re: [Openvpn-users] PPTP (PPP) like "proxyarp" configuration?
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 21 Sep 2005 15:03:19 +0200 (CEST)

On Wed, 21 Sep 2005, Andreas Haumer wrote:

| How about using --dev tap and bridge the clients into your local
| network? Then you don't even need todo proxyarp as the clients mac
| addresses will be seen directly on the local network.
I tried to do this, but I didn't figure how I can set the
VPN client's IP address out of the small reserved pool of,
say, two or three IP addresses.

Use the server-bridge macro directive like:


That will tell OpenVPN to use the IP address on the TAP interface which should be bridged with the local interface. This is accually wrong as usually only the br0 interface should hold the IP address when it's bridged but it doesn't seem to harm that OpenVPN sets the same IP address to the tap interface.

The last two numbers tells OpenVPN that it should hand out IP addresses from .200 to .202 to its clients.

Create the bridge in linux before launching OpenVPN like this:

openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 eth0
brctl stp br0 off
ifconfig tap0 promisc up
ifconfig eth0 promisc up
ifconfig br0 netmask broadcast

Then launch openvpn and make sure your config uses --dev tap0

| The only drawback of this is that it's bigger packet overhead to send
| the complete ethernet frames over the wire instead of only IP packets.
Yes, and it's also a quite complex setup to do.
IMHO the "PPP-proxyarp-way" is much easier to
set up and maintain.

It's not that complex - it's just like learning to bike ;-) Once you got it right you don't think its complex any longer!

Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail

Openvpn-users mailing list