Jeff Kowalczyk wrote:
On Wed, 16 Jan 2008 00:56:38 -0600, Josh Cepek wrote:
Jeff Kowalczyk wrote:
You don't want bridging. In a bridged setup both your LAN networks
would need to be the same subnet and would thus share broadcast services
such as DHCP between them (unless otherwise firewalled.) From your
unique LAN subnets I'm assuming your goal is to exchange IP data between
the clients of both LAN's, in which case you shouldn't use bridging.
I'm trying to establish a bridged connection between two LANs with two OpenWRTs
(WRT65GL, kamikaze release) Running OpenVPN 2.0.9.
Thanks for the reply, it's very informative. Before I change to routing, I
should mention that this is an (unscheduled) migration from an IPSec IKE.
The Windows PCs on both subnets are looking to a Windows Domain
Controller on LAN1 for DHCP, Active-Directory integrated DNS and
All IP based protocols will work, but DHCP and Windows NBNS need some
custom attention. If you want your DHCP server on your primary LAN to
provide the IP address (and other associated options like DNS, WINS, and
other DHCP-related settings) you will need to set up a DHCP relay agent
on the OpenWRT. The dhcp-fwd package can do this, and you'll also need
to set up your DHCP server at the main office with a 2nd subnet for the
IP range of your remote site.
Windows subnets usually use NBNS to resolve computer names, which is a
broadcast-based protocol. WINS is usually used in situations where a
domain spans more than 2 subnet, so you may want to look at configuring
a WINS server and pushing it out in your DHCP options if necessary.
LAN2 is small, and the dozen or so PCs could be migrated to
192.168.10.150+, sharing a bridged subnet with 192.168.10.2-150 on LAN2.
While you could use bridging in this capacity you will suffer a
performance hit as broadcasts on the subnet are sent across the Internet
through your VPN tunnel. Especially in a Windows network, this
broadcast traffic can amount to a bit depending on the number of hosts.
If you can avoid it don't use bridging since it's slightly less
efficient in terms of the packet header and will cause considerably more
traffic to go across your VPN link.
In light of those considerations, do I still want to use routing over
Yes, unless there's a really really good reason not to. I've set up a
similar configuration before where remote offices needed to gain access
to a pre-existing infrastructure, and routing works quite nicely after
DHCP/WINS has been handled.
Description: OpenPGP digital signature