[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] ethernet bridge on single nic


  • Subject: Re: [Openvpn-users] ethernet bridge on single nic
  • From: "Ian Archer" <ian.archer.am.i@xxxxxxxxx>
  • Date: Mon, 5 Nov 2007 14:56:45 -0500

I am trying to achieve a bridged VPN network, moderated by a server
containing a single NIC.  The nuance is that the server cannot
distribute ip addresses on the subnet of either the server's or
client's subnet.  Doing so opens a routing loop.  Hence, I need to set
up an alternate address on the server with which the clients can
connect.  This was explained in the previous thread along this topic
and I'm trying to figure out how to do it.

I'd like the clients to be able to share Bonjour services with each
other.  However, the network is open, meaning non-trusted hosts can
connect.  I am trying to avert this by building the vpn.  Similarly, I
want to retain the ability to connect to this vpn from remote
locations that aren't on the local network.

This is extremely easy to set up on the client side using a tool like
Hamachi.  I'd like to mirror this functionality in my own OpenVPN set
up.

On Nov 5, 2007 11:44 AM, David Balazic <David.Balazic@xxxxxxxxxxxxxxxxxx> wrote:
>
>
>
> Hmm, what exactly are you trying to achieve ?
> What clients will access what services ?
> Why can't you use Bonjour directly (you said the network is open) ?
>
> David
>
>  ________________________________
>  From: Ian Archer [mailto:ian.archer.am.i@xxxxxxxxx]
> Sent: Mon 05-Nov-07 17:42
> To: David Balazic
> Cc: Gustavo Verduzco Vazquez; Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
>
> Subject: Re: [Openvpn-users] ethernet bridge on single nic
>
>
>
>
>
> I agree the routed configuration is simpler.  However, I want access
> to subnet services like Bonjour.
>
> On 11/5/07, David Balazic <David.Balazic@xxxxxxxxxxxxxxxxxx> wrote:
> >
> >
> >
> > Use TUN mode and make your life simpler.
> >
> >
> >  ________________________________
> >  From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on
> > behalf of Ian Archer
> > Sent: Mon 05-Nov-07 14:53
> > To: Gustavo Verduzco Vazquez
> > Cc: Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Openvpn-users] ethernet bridge on single nic
> >
> >
> >
> >
> > The problem is that the server cannot distribute IPs on the subnet
> > that either the server or client are already on.  This means the
> > server must host 2 different IP addresses.  How do you give the server
> > a second address and allow for clients to connect to it?
> >
> > On 11/2/07, Gustavo Verduzco Vazquez <gustavo.verduzco@xxxxxxxxxxx> wrote:
> > > As far as I know there's no problem with having a single nic on your
> > > PC because when you install OpenVPN it will create the Win32-TAP
> > > Adapter which can use any ip network you want, so if you are running
> > > the server on your PC, clients will connect to the TAP adapter,
> > > already bridged to your Local Area Connection with a native Windows
> > > Ethernet Bridge or using a software solution like Ethernet Bridge 2.0.
> > > The server will DHCP to connecting VPN clients an IP address on its IP
> > > network from a specified pool in server.ovpn config file.
> > >
> > > I have that setup and works fine with Ethernet Bridge 2.0
> > >
> > > Regards,
> > > --
> > > Gustavo Verduzco Vazquez
> > > ComXInt Consulting S.A.
> > >
> > > Quoting Ian Archer <ian.archer.am.i@xxxxxxxxx>:
> > >
> > > > I'm trying to get a bridging setup.
> > > >
> > > > The server only has a single nic, and is on the 192.168.1/24
> > > network.
> > > > The clients are within the same 192.168.1/24 (I'm doing VPN because
> > > > this is an open network).
> > > >
> > > >> From what I understand, the server must bridge on a subnet which
> > > is
> > > > different from the client connection path.  In other words, the
> > > VPN
> > > > should not be 192.168.1/24.
> > > >
> > > > It was suggested in a prior thread that a way around this was to
> > > give
> > > > the server a dummy interface with an address from a different
> > > subnet
> > > > and have clients connect to that in the 'remote <addr>' part of
> > > their
> > > > configuration.  I am really puzzled as to how to get clients to
> > > know
> > > > how to connect to this remote address.  In general, I hope this is
> > > the
> > > > correct way of going about an ethernet bridge solution when only
> > > using
> > > > a single NIC.
> > > >
> > > > Any pointers?
> > > >
> > > >
> > >
> > -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Splunk Inc.
> > > > Still grepping through log files to find problems?  Stop.
> > > > Now Search log events and configuration files using AJAX and a
> > > browser.
> > > > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > > > _______________________________________________
> > > > Openvpn-users mailing list
> > > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > > >
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > > >
> > >
> > >
> > >
> > >
> > ----------------------------------------------------------------
> > > This message was sent using IMP, the Internet Messaging Program.
> > >
> > >
> > >
> > -------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc.
> > > Still grepping through log files to find problems?  Stop.
> > > Now Search log events and configuration files using AJAX and a browser.
> > > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > > _______________________________________________
> > > Openvpn-users mailing list
> > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > >
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > >
> >
> > -------------------------------------------------------------------------______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users