[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Patch: TAP & True MAC aging


  • Subject: Re: [Openvpn-users] Re: Patch: TAP & True MAC aging
  • From: Brent Gardner <brent.gardner@xxxxxxxxx>
  • Date: Wed, 12 Oct 2005 07:54:31 -0700

On 10/11/05, Leonard Isham <leonard.isham@xxxxxxxxx> wrote:
> On 10/11/05, Brent Gardner <brent.gardner@xxxxxxxxx> wrote:
> > On 10/11/05, Rolf Fokkens <r.fokkens@xxxxxxxxx> wrote:
> > >  Hi,
> > >
> > > Attached the latest version of the MAC table patch. This patch allowes
> > > OpenVPN to learn (and importantly forget!) MAC addresses like ethernet
> > > switches. Also (like ethernet switches), OpenVPN now broadcasts packets
> > > with unknown MAC addresses (without the patch these packets are dropped).
> > >
> snip]
> [[> > This patch is work in progess, so testing is needed. I've tested it with
> > > UDP and TCP using certificates. I'm using it now in our production
> > > situation. Special testing however is needed for shared keys, as I
> > > received a report which suggests this may not work.
> > >
> > > For those who are interrested, the patch can be downloaded here:
> > > http://adsl-dc-4dd05.adsl.wanadoo.nl/dinges/openvpn-2.0.2-fks-mac7.patch
> [snip]
> > Thank you for your work.  Would this patch have any beneficial effect
> > on IPX/SPX traffic traversing an OpenVPN bridge?  I've had trouble in
> > the past where I could not communicate with a remote Netware server.
> > I haven't had time to pursue it and it's not a hot issue for me right
> > now, just wondering.
> >
>
> I'm going to guess that this is IPX with either no routing or RIP/SAP.
>  If either of these are true you are experiencing Novell's WAN
> broadcast purgatory.  The protocol was developed for LANs and ease of
> use and every 60 seconds broadcasts galore.  the entire SAP and RIP
> tables. Lost packets and clogged WAN "pipes" are the bane of this
> environment.
>
> There are options, but ther defaults are not pretty with a WAN or even
> large LAN.
>
> --
> Leonard Isham, CISSP
> Ostendo non ostento.
>

Thanks, Leonard.

I've always thought that a Netware misconfiguration was probably the
source of my woes.  Other non-IP protocols traverse my OpenVPN bridge
without difficulty.  The Netware server in question will be retired
soon anyway so I'm not actively pursuing it.

Brent Gardner

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users