[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Patch: TAP & True MAC aging

  • Subject: Re: [Openvpn-users] Re: Patch: TAP & True MAC aging
  • From: Brent Gardner <brent.gardner@xxxxxxxxx>
  • Date: Tue, 11 Oct 2005 14:43:30 -0700

On 10/11/05, Rolf Fokkens <r.fokkens@xxxxxxxxx> wrote:
>  Hi,
> Attached the latest version of the MAC table patch. This patch allowes
> OpenVPN to learn (and importantly forget!) MAC addresses like ethernet
> switches. Also (like ethernet switches), OpenVPN now broadcasts packets
> with unknown MAC addresses (without the patch these packets are dropped).
> The command line has two new options:
> --mac-ttl n             : Time To Live for MAC entries (default: 300)
> --mac-table-size n : The number of MAC entries that can be stored
> (default: 1024)
> The Admin interface command now shows the TTL (Time To Live) of each
> learnt packet, this is for debugging purposes. It may however conflict
> with adminfrontends!
> This patch is work in progess, so testing is needed. I've tested it with
> UDP and TCP using certificates. I'm using it now in our production
> situation. Special testing however is needed for shared keys, as I
> received a report which suggests this may not work.
> For those who are interrested, the patch can be downloaded here:
> http://adsl-dc-4dd05.adsl.wanadoo.nl/dinges/openvpn-2.0.2-fks-mac7.patch
> Rolf


Thank you for your work.  Would this patch have any beneficial effect
on IPX/SPX traffic traversing an OpenVPN bridge?  I've had trouble in
the past where I could not communicate with a remote Netware server. 
I haven't had time to pursue it and it's not a hot issue for me right
now, just wondering.


Brent Gardner

Openvpn-users mailing list