|
|
Tom,
I think you're on to something.. I noticed that when i set an IP on
the tap devices, i started seeing traffic from the other side on one
side of the segment. This however seems to only be happening on one
half of the network. It's strange, I set ip's on both sides,
everything i do on one side i'm now doing on the other to make it
symmetrical. But ping packets from outside i only see on one side and
not the other. Any idea what could be causing this?
Also is it documented anywhere that ip addresses need to be set on tap
devices? It doesn't seem to follow any logic i was aware of, so it
should probably be stated somewhere (or at least an explaination
written somewhere why this is critical).
Thanks for your help thus far,
Alex
On Thursday, September 4, 2003, at 12:38 AM, Tom Bin wrote:
Hi Alex,
I originally guessed the reason is that you didn't assign an IP
address to
tap device when I first saw your question.
And I just did a real test on my box and the result shows that my
assumption
is true.
If I removed the IP address from my tap device, the traffic thru the
tap
device stopped.
( ps. the VPN connection is still up)
I don't know why, and I think it is not reasonable.
So, could you do a test to set IP address on tap0 to see if it works ?
According to your bridge sysctl value :
net.link.ether.bridge_cfg: fxp0:1,tap0:1
You have fxp0 and tap0 on the same bridge group.
You can simply set the IP of tap0 as any IP within the same subnet of
fxp0.
Tom
----- Original Message -----
From: "Alex K" <alex@xxxxxxx>
To: "Tom Bin" <openvpn@xxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, September 04, 2003 11:40 AM
Subject: Re: [Openvpn-users] Is ethernet bridging possible on FreeBSD
via
OpenVPN?
hi Tom, thanks for the quick reply.
I do not have any ip address set on the tap device. I do not know
what
address I would even pick.
Because i've set up boxes with multiple ethernet cards that i've
bridged (and used ipfw/dummynet making the box do traffic shaping).
And in neither of those cases do the bridging interfaces need (or
have)
ip addresses. They take everything arriving on one ethernet card,
pass
it by ipfw, and dump it onto the other network card.
It took me a while to even come up with the idea of using the same
concept with a tunnel, via the tap interface as the "other network
card".
The real network card doesn't have an IP address set either. Would it
need one too?
Are there any other tests I can do to figure out what's going on? I've
set verbosity level of openvpn to 9 and i see the pings going through
both ways.
Alex
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|