[Openvpn-users] Re: new tap device for each connection

  Subject: [Openvpn-users] Re: new tap device for each connection
  From: Samuel Tardieu <sam@xxxxxxxxxxx>
  Date: 19 Nov 2005 20:11:07 +0100

>>>>> "Charles" == Charles Duffy <cduffy@xxxxxxxxxxx> writes:

Charles> How about connecting the single tap device to every bridge
Charles> but using ebtables rules to block or allow packets from
Charles> different clients onto whichever bridge happens to be
Charles> appropriate?

Can't the peer send you what it wants on the tunnel and spoof another
client thus sending packets to the wrong bridged interface?

Charles> Even better, though, I'd just run a different OpenVPN
Charles> instance for each bridge and give each client a configuration
Charles> file that connects them to the port associated with the
Charles> OpenVPN instance for their appropriate bridge.

That would also be my solution.

Samuel Tardieu

