[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Netbios + Routing?

  • Subject: Re: [Openvpn-users] Netbios + Routing?
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Thu, 4 Mar 2004 09:28:56 -0000
John Locke <mail@xxxxxxxxxxxx> said:

> 
> 
> On Wed, 2004-03-03 at 10:41, vklengh wrote:
> > Why a WINS server if I can allow broadcasts even with routing?
> > Don't the netbios clients ask for servers with service broadcasts?
> > WINS would be only needed if you deny broadcasts to the specific subnet,
> > isn't so?
> 
> Well, I'm not sure how you would allow broadcasts with routing.
> Broadcasts are (usually) limited to the subnet. A WINS server is the
> common way to get Windows networking to work across subnets. (And if you
> have a Linux computer with Samba available, it's really easy...)
> 
> If you set up a bridged configuration, then broadcasts work fine--your
> remote computer essentially is bridged to be in the same subnet as your
> other computers.
> 
> If somebody can explain how to route broadcasts, that sounds
> interesting, but I'm not sure it's the best way to solve the problem...

IPv4 implementations tend not to support routed broadcasts due to scalability
and DoS issues, though there are two exceptions that I know of: (a) a subnet
can have a broadcast address (usually something like x.y.z.255 -- ifconfig
will tell you), and packets directed to this address can originate from
another subnet, and (b) IPv4 supports multicast which is a kind of efficiently
directed broadcast which is designed to scale to very large networks (such as
the internet).

As far as OpenVPN is concerned, there's a tradeoff -- avoiding broadcasts by
using a routed VPN is more efficient and scalable, but you need to set up the
WINS server.  Luckily, the latest version of OpenVPN makes it easier to
configure for WINS.

The current OpenVPN 1.6 release (candidate) simplifies the client-side
configuration on Windows by letting you set WINS servers from the OpenVPN
config file using --dhcp-option.  This allows you to have a routed VPN over a
tun virtual interface, but still be able to take advantage of lots of
DHCP-settable TCP/IP properties, including several which are key to samba
client operation such as the WINS server address(es).  And this all works
without even needing a real DHCP server.

In fact, a real DHCP server wouldn't work anyway over a routed tun VPN because
the tun interface wouldn't pass the DHCP DISCOVER broadcasts that DHCP clients
use to find DHCP servers.

James



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users