The bridge interface behaves like an ethernet switch well, because it effectively is an ethernet switch : it learns which MAC addresses are on each ports, and forwards frames accordingly broadcasts and unknown MACs are flooded on all ports. The interfaces that are enslaved into the bridge eth0 and eth1 in our example operate purely at layer 2, and can not have IP addresses of their own.
However, the bridge interface can have an IP address and is otherwise a normal interface, and as such can have firewall rules, routes etc. This is key: for our scenario, we are going to create a bridge interface that includes the gateway's eth0 LAN interface, and OpenVPN's tap0 interface. While the concept of a bridge interface is common, the methods used to actually create a bridge interface are OS dependent.
In the following paragraphs instructions are provided for the most common systems, using the addresses and interface names from the above example.
There are two ways to use a bridge with OpenVPN. The first method has several drawbacks: the biggest one is that it involves removing the IP address from the eth0 interface and assigning it to the bridge interface and the reverse when the bridge is destroyed. On most systems, deleting an IP address from an interface has the effect of removing all routes pointing out that interface, which means that these routes have to be recreated to point to the bridge when it is set up, and again recreated to point to eth0 again when the bridge is destroyed.
Also, in some operating systems, there is a delay of some seconds when bringing up the bridge due to STP, and this is turn delays the start of the OpenVPN daemon. Thus setting up a transient bridge is not only complicated to get right, but it also disrupts connectivity for some time.
Also, interfaces are not named "eth0" and "tap0" under Windows, but it should be possible to tel which is which by their descriptions. Under Windows, open the network interface screen, and select using CTRL-click the interfaces that you want to bridge in our example, the LAN interface and the tap adapter.
When they are selected, right-click on the selection and choose "Bridge The configuration dialog for the bridge interface will appear, complete it with the information that was previously applied to the regular ethernet interface ie IP address Under Linux, the tool needed to manage bridge interfaces is brctl , which is usually provided in a package called bridge-utils.
If we want to use the network configuration facilities provided by the distribution, then the details vary. Here are instructions for Debian-like and Redhat-like distros. Once the bridge interface is in place, here are sample configurations for the server and for the client s.
Following are sample up. Powered by Trac 1. In my case the server is Windows Server R2. For those who might have a similar situation here are the file compare changes on the server server.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Asked 4 years ago. Active 3 years ago. Viewed 5k times. I have been using OpenVPN for quite some time in routing mode. I need to move to bridging as I require the client to be on the same lan.
I entered the server-bridge line as server-bridge On the client side I followed the instructions. Improve this question. Add a comment. Active Oldest Votes. My mistake. Improve this answer.
0コメント