[TriLUG] OpenVPN: TAP vs TUN

Fri Nov 18 13:35:08 EST 2005

You can assign an IP to a bridge interface in linux, this makes it not
exactly a bridge, but its what I did to get bridge mode working with
OpenVPN with a single NIC.

I wrote up a nice HOWTO and stuck in on the OpenVPN wiki, but their
wiki has now been down for months.  You can get my (hard to read)
notes here:

http://vickeryj.freeshell.org/notes/

In short, I brought up the tap device like so:

> openvpn --mktun --dev tap0

and bridge it with the ethernet device like this:

> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 tap0

then stick everything in promiscuous mode:

> ifconfig tap0 0.0.0.0 promisc up
> ifconfig eth0 0.0.0.0 promisc up

then assign the ip that eth0 used to have to the bridge device (this
might be what is missing if you are loosing network connectivity to
the box):

> ifconfig br0 $eth_ip netmask $eth_netmask broadcast $eth_broadcast

setup the default gateway, since it gets lost when eth0 is
deconfigured (this step I had to add myself, since it is not mentioned
in the ethernet bridging howto):
> route add default gw $gw

if you want to do this remotely, all those lines need to be in a
script, as you will lose network connectivity to the box until the
last ifconfig line is run.

Josh

On 11/18/05, Paul G. Szabady <Paul at thyservice.com> wrote:
> Jim,
>
> Done that, but note, I'm not even at the point of connecting a client yet.
>
> --
> Paul
> @ Thy Service
>
> > make sure source and destination IP addresses are *not* on the same
> > network address.
> >
> > regards,
> >
> > jim
> >
> > Jim Ray, President
> > Neuse River Network, Inc.
> >
> > tel: 919-838-1672 x111
> > toll free: 800-617-7652
> > cell: 919-606-1772
> > http://www.Neuse.Net
> >
> > Ask about our Clean Technologies.  Established in the Carolinas 1997.
> >
> >
> >
> > Paul G. Szabady wrote:
> >
> >>Greetings,
> >>
> >>I am trying to set up a TAP style VPN but I'm apparently missing a key
> >>piece of information and was hoping someone could clarify this for me.
> >>
> >>I have a linux (CentOS 4.2) server w/OpenVPN (openvpn-2.1_beta7-1
> >>installed from RPM built from src), and a windows 2000 server behind a
> >>linksys router.  I need to be able to access the windows server on the
> >>local LAN from the internet, with an IP address in the same subnet as the
> >>windows server, hence the desire to set up using TAP/bridge mode.
> >>(Setting up TUN was easy, but didn't work as I needed it to.)  The linux
> >>machine has a single NIC, which is why this is so confusing to me.  When
> >> I
> >>set up OpenVPN w/TAP, I lose all network access to the linux server.
> >>Having had a "home grown linux switch" (old pc w/6 NICs running in bridge
> >>mode), this makes sense.  I believe I have followed all the
> >>instructions/notes/suggestions from the openVPN howto as well as the
> >>Ethernet-Bridge-netfilter howto.  But I'm still missing something.
> >>
> >>The big question:  If I am apparently invisible to the network, how does
> >>one make a connection (VPN or other) to the linux server?
> >>
> >>
> >>
> > --
> > TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>