[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: new tap device for each connection

  • Subject: [Openvpn-users] Re: new tap device for each connection
  • From: Samuel Tardieu <sam@xxxxxxxxxxx>
  • Date: 19 Nov 2005 20:11:07 +0100

>>>>> "Charles" == Charles Duffy <cduffy@xxxxxxxxxxx> writes:

Charles> How about connecting the single tap device to every bridge
Charles> but using ebtables rules to block or allow packets from
Charles> different clients onto whichever bridge happens to be
Charles> appropriate?

Can't the peer send you what it wants on the tunnel and spoof another
client thus sending packets to the wrong bridged interface?

Charles> Even better, though, I'd just run a different OpenVPN
Charles> instance for each bridge and give each client a configuration
Charles> file that connects them to the port associated with the
Charles> OpenVPN instance for their appropriate bridge.

That would also be my solution.

Samuel Tardieu -- sam@xxxxxxxxxxx -- http://www.rfc1149.net/

Openvpn-users mailing list