[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients

  • Subject: Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients
  • From: "Daniel L. Miller" <dmiller@xxxxxxxxx>
  • Date: Thu, 30 Aug 2007 13:56:00 -0700

Pasada Khumprakob wrote:
> Hi Daniel -
> Thank you very much for helping me. I am accually using CentOS, but 
> should be able to figure out the bridging information from what you 
> gave me. Let me run this by you so I'm sure I got this right.... My 
> server should have 1 ETH0 physical NIC that has my 
> 'public' IP address, and two virtual TAP addresses?
Nope.  The number of "physical" NIC's is irrelevant.  It's quite 
possible to have a server with a single physical NIC, but have multiple 
logical NIC's with different addresses on it.

I'm going to assume you have a LAN, that this server is connected to.  
That LAN should be using a private address space, such as 192.168.x.x.  
If you DON'T have a LAN, and just have the one server connected directly 
to the Internet, you need to create one.

If you have one NIC, configure it as:
auto eth0
iface eth0 inet static

auto eth0:0
iface eth0:0 inet static
    gateway <whatever your gateway IP is, is it>

After you've done that, your system should still have full internet 
function (no VPN yet).  Have to get this far before you continue.  Then 
re-do it for a bridging config:

auto br0
iface br0 inet static
    etc. etc. - with all the pre-up/post-down stuff

auto br0:0
iface eth0:0 inet static
    etc. etc. - no pre-up/post-down stuff needed here.

Then in the openvpn server config, specify in the local 
> So, an please bear with me, I am new to this.... Can you please 
> explain further how the TAP devices are used? Specifically, when they 
> should be created, what connects to them, and what they are bridged 
> with? I think I'm over-complicating this...
This is the critical concept in bridging VPN's.  You create a (virtual) 
point of connection for the external clients - a TAP device.  Then you 
join that connection to your INTERNAL connection - so it appears to the 
external clients that they are on the same physical network as your 
LAN.  That's the bridge.  The openvpn client speaks with the openvpn 
server, and each openvpn instance passes along information to/from the 
TAP or TUN devices.  From a networking config point of view, the TAP 
device on the client speaks with the TAP device on the server.  Behind 
the scenes, openvpn talks across the Internet (typically) using the 
external NIC's of the client and server - then magically translates that 
info to the TAP's.

BTW - unless asked to communicate off-list, try to keep your question 
on-list.  That way everyone can listen/learn - and archive search - 
these golden nuggets of misinformation <g>.
OpenVPN mailing lists