[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Patch: TAP & True MAC aging

  • Subject: Re: [Openvpn-users] Re: Patch: TAP & True MAC aging
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Tue, 11 Oct 2005 19:54:04 -0400

On 10/11/05, Brent Gardner <brent.gardner@xxxxxxxxx> wrote:
> On 10/11/05, Rolf Fokkens <r.fokkens@xxxxxxxxx> wrote:
> >  Hi,
> >
> > Attached the latest version of the MAC table patch. This patch allowes
> > OpenVPN to learn (and importantly forget!) MAC addresses like ethernet
> > switches. Also (like ethernet switches), OpenVPN now broadcasts packets
> > with unknown MAC addresses (without the patch these packets are dropped).
> >
[[> > This patch is work in progess, so testing is needed. I've tested it with
> > UDP and TCP using certificates. I'm using it now in our production
> > situation. Special testing however is needed for shared keys, as I
> > received a report which suggests this may not work.
> >
> > For those who are interrested, the patch can be downloaded here:
> > http://adsl-dc-4dd05.adsl.wanadoo.nl/dinges/openvpn-2.0.2-fks-mac7.patch
> Thank you for your work.  Would this patch have any beneficial effect
> on IPX/SPX traffic traversing an OpenVPN bridge?  I've had trouble in
> the past where I could not communicate with a remote Netware server.
> I haven't had time to pursue it and it's not a hot issue for me right
> now, just wondering.

I'm going to guess that this is IPX with either no routing or RIP/SAP.
 If either of these are true you are experiencing Novell's WAN
broadcast purgatory.  The protocol was developed for LANs and ease of
use and every 60 seconds broadcasts galore.  the entire SAP and RIP
tables. Lost packets and clogged WAN "pipes" are the bane of this

There are options, but ther defaults are not pretty with a WAN or even
large LAN.

Leonard Isham, CISSP
Ostendo non ostento.

Openvpn-users mailing list