[TriLUG] OpenVPN: TAP vs TUN

Paul G. Szabady Paul at ThyService.com
Fri Nov 18 16:38:44 EST 2005 

Josh,

I owe you a beer!  That's the *key* piece I was missing:

setup the default gateway, since it gets lost when eth0 is
deconfigured (this step I had to add myself, since it is not mentioned
in the ethernet bridging howto):
> route add default gw $gw

I've set this up on my laptop at home and it works.  Now to implement in
production.  However, I think I'll go onsite, just to be safe.  ;)

Thanks for your help!

-- 
Paul
@ Thy Service

> You can assign an IP to a bridge interface in linux, this makes it not
> exactly a bridge, but its what I did to get bridge mode working with
> OpenVPN with a single NIC.
>
> I wrote up a nice HOWTO and stuck in on the OpenVPN wiki, but their
> wiki has now been down for months.  You can get my (hard to read)
> notes here:
>
> http://vickeryj.freeshell.org/notes/
>
> In short, I brought up the tap device like so:
>
>> openvpn --mktun --dev tap0
>
> and bridge it with the ethernet device like this:
>
>> brctl addbr br0
>> brctl addif br0 eth0
>> brctl addif br0 tap0
>
> then stick everything in promiscuous mode:
>
>> ifconfig tap0 0.0.0.0 promisc up
>> ifconfig eth0 0.0.0.0 promisc up
>
> then assign the ip that eth0 used to have to the bridge device (this
> might be what is missing if you are loosing network connectivity to
> the box):
>
>> ifconfig br0 $eth_ip netmask $eth_netmask broadcast $eth_broadcast
>
> setup the default gateway, since it gets lost when eth0 is
> deconfigured (this step I had to add myself, since it is not mentioned
> in the ethernet bridging howto):
>> route add default gw $gw
>
> if you want to do this remotely, all those lines need to be in a
> script, as you will lose network connectivity to the box until the
> last ifconfig line is run.
>
> Josh
>
> On 11/18/05, Paul G. Szabady <Paul at thyservice.com> wrote:
>> Jim,
>>
>> Done that, but note, I'm not even at the point of connecting a client
>> yet.
>>
>> --
>> Paul
>> @ Thy Service
>>
>> > make sure source and destination IP addresses are *not* on the same
>> > network address.
>> >
>> > regards,
>> >
>> > jim
>> >
>> > Jim Ray, President
>> > Neuse River Network, Inc.
>> >
>> > tel: 919-838-1672 x111
>> > toll free: 800-617-7652
>> > cell: 919-606-1772
>> > http://www.Neuse.Net
>> >
>> > Ask about our Clean Technologies.  Established in the Carolinas 1997.
>> >
>> >
>> >
>> > Paul G. Szabady wrote:
>> >
>> >>Greetings,
>> >>
>> >>I am trying to set up a TAP style VPN but I'm apparently missing a key
>> >>piece of information and was hoping someone could clarify this for me.
>> >>
>> >>I have a linux (CentOS 4.2) server w/OpenVPN (openvpn-2.1_beta7-1
>> >>installed from RPM built from src), and a windows 2000 server behind a
>> >>linksys router.  I need to be able to access the windows server on the
>> >>local LAN from the internet, with an IP address in the same subnet as
>> the
>> >>windows server, hence the desire to set up using TAP/bridge mode.
>> >>(Setting up TUN was easy, but didn't work as I needed it to.)  The
>> linux
>> >>machine has a single NIC, which is why this is so confusing to me.
>> When
>> >> I
>> >>set up OpenVPN w/TAP, I lose all network access to the linux server.
>> >>Having had a "home grown linux switch" (old pc w/6 NICs running in
>> bridge
>> >>mode), this makes sense.  I believe I have followed all the
>> >>instructions/notes/suggestions from the openVPN howto as well as the
>> >>Ethernet-Bridge-netfilter howto.  But I'm still missing something.
>> >>
>> >>The big question:  If I am apparently invisible to the network, how
>> does
>> >>one make a connection (VPN or other) to the linux server?
>> >>
>> >>
>> >>
>> > --
>> > TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> > TriLUG Organizational FAQ  : http://trilug.org/faq/
>> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list