Pierre LEONARD wrote:
now i continu my tour and i will work on an tap interface with a bridged
just a question : if is necessary to use tun interface in routed mode
and tap interface bridged mode?
if i well understood
* tap interface is an virtual ethernet interface which have to
be bridge with a real ethernet interface like eth0/1
* tun interface is an virtual interface too but i don't
understand why there is not necessary to brigde it?
tap interfaces transfer ethernet frames; tun interfaces transfer IP
packets. Common practice is to bridge tap interfaces, though routing can
also be used (it's just silly -- there's more overhead since you're
sending the Ethernet frame headers as well as the IP headers, so why use
tap if you're going to be routing?). With tun interfaces, however, it
doesn't make sense to do bridging, because they can't transfer any
non-IP traffic (whereas you can put lots of other things in an ethernet
frame); instead, it's expected that they'll be used for IP-level routing.
With bridging, any frames from one interface are copied over to the
other; with routing, only packets which are addressed to an appropriate
host are copied. Thus, when routing (with tun), you aren't sending a
copy of every single broadcast message on your LAN over to every single
client on your VPN; thus, you're saving what can add up to a
considerable amount of bandwidth. So -- unless you have a good reason to
use tap, you'll be better off with tun, and routing correctly configured.
As an aside: Please trim the quotations in your replies!
Openvpn-users mailing list