[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients


  • Subject: Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 31 Aug 2007 14:08:05 +0200

Yes.
 
bridge together eth0 and tap0. They will become a new dridge device "br0".
Assignt he IP address (201.0.0.195) to the br0 device.
There is no need to use another IP (201.0.0.240) on it.
 
Note that after tha, eth0 and tap0 should not have any IP settings. I think this happens automatically when you add then to the bridge, but check anyway.
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Pasada Khumprakob
Sent: Thu 30-Aug-07 23:28
To: Daniel L. Miller; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients


Well, lets see.... Here's the setup (Note the IPs are changed for security). These 201 range IP's are accual real routable internet IP addresses, not a LAN subnet. The server is connected to the LAN with IP assigned to it 201.0.0.195, and that is accessible from the internet, and that is the machines normal address as well. The gateway is 201.0.0.193. The firewall on the LAN is allowing in/out access to this server, so when the client connects it will connect to 201.0.0.195 on port 9999.
 
I have 201.0.0.240 - 245 allocated for everything VPN. The client IP will be 201.0.0.241, the TAP0 on the server will be 201.0.0.240. If the clients are connecting to TAP0, should I bridge TAP0 with the ETH0 OpenVPN connection IP?
 
 

> Date: Thu, 30 Aug 2007 13:56:00 -0700
> From: dmiller@xxxxxxxxx
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients
>
> Pasada Khumprakob wrote:
> > Hi Daniel -
> >
> > Thank you very much for helping me. I am accually using CentOS, but
> > should be able to figure out the bridging information from what you
> > gave me. Let me run this by you so I'm sure I got this right.... My
> > server should have 1 ETH0 physical NIC that has my 200.0.0.195
> > 'public' IP address, and two virtual TAP addresses?
> Nope. The number of "physical" NIC's is irrelevant. It's quite
> possible to have a server with a single physical NIC, but have multiple
> logical NIC's with different addresses on it.
>
> I'm going to assume you have a LAN, that this server is connected to.
> That LAN should be using a private address space, such as 192.168.x.x.
> If you DON'T have a LAN, and just have the one server connected directly
> to the Internet, you need to create one.
>
> If you have one NIC, configure it as:
> auto eth0
> iface eth0 inet static
> address 192.168.0.1
> netmask 255.255.255.0
> broadcast 192.168.0.255
> network 192.168.0.0
>
> auto eth0:0
> iface eth0:0 inet static
> address 201.0.0.192
> netmask 255.255.255.192
> broadcast 201.0.0.255
> network 201.0.0.192
> gateway <whatever your gateway IP is, is it 201.0.0.191?>
>
> After you've done that, your system should still have full internet
> function (no VPN yet). Have to get this far before you continue. Then
> re-do it for a bridging config:
>
> auto br0
> iface br0 inet static
> address 192.168.0.1
> etc. etc. - with all the pre-up/post-down stuff
>
> auto br0:0
> iface eth0:0 inet static
> address 201.0.0.192
> etc. etc. - no pre-up/post-down stuff needed here.
>
> Then in the openvpn server config, specify 192.168.0.1 in the local
> directive.
> >
> > So, an please bear with me, I am new to this.... Can you please
> > explain further how the TAP devices are used? Specifically, when they
> > should be created, what connects to them, and what they are bridged
> > with? I think I'm over-complicating this...
> This is the critical concept in bridging VPN's. You create a (virtual)
> point of connection for the external clients - a TAP device. Then you
> join that connection to your INTERNAL connection - so it appears to the
> external clients that they are on the same physical network as your
> LAN. That's the bridge. The openvpn client speaks with the openvpn
> server, and each openvpn instance passes along information to/from the
> TAP or TUN devices. From a networking config point of view, the TAP
> device on the client speaks with the TAP device on the server. Behind
> the scenes, openvpn talks across the Internet (typically) using the
> external NIC's of the client and server - then magically translates that
> info to the TAP's.
>
> BTW - unless asked to communicate off-list, try to keep your question
> on-list. That way everyone can listen/learn - and archive search -
> these golden nuggets of misinformation <g>.
>
> --
> Daniel
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users