Re: bridge with tap - trying to set up openvpn server

To: yancm%sdf.lonestar.org@localhost
Subject: Re: bridge with tap - trying to set up openvpn server
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Tue, 5 Apr 2011 10:37:28 +0200

On Mon, Apr 04, 2011 at 08:42:18PM -0400, yancm%sdf.lonestar.org@localhost 
wrote:
> > If you use bridging, you have the same netmask everywhere.
> > So wm1 says as 192.168.1.1/24, tap0 doesn't have an interface
> > (as its packets will be bridged to wm1).
> 
> I apologize, but I do not understand what you are saying apparently...
> 
> Here's what I have tried ...
> 
> First, I think you are saying my wm1 should keep a netmask of
> 255.255.255.0 so that wm1 sees the full /24 subnet. Easy enough -
> I reset that subnet mask. And tap0 should have the same netmask.
> As soon as I added wm1 to the bridge0, I loose wm1 and local network.
> 
> Second, I re-read "tap0 doesn't have an interface"? Do you mean
> tap0 doesn't have an address? It is an interface?? (if only

Yes, I meant "doens't have an address", sorry.

> virtual by definition)... I destroyed tap0...but it has to exist
> to add it to the bridge. I create tap0 again without an address:
> # ifconfig tap0
> tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         address: f2:0b:a4:fd:9f:04
>         media: Ethernet autoselect
> 
> But I get the same result, if I add wm1 to bridge0, I loose wm1
> connectivity.

Hum. How long did you wait after adding wm1 to bridge0 ?
Adding an interface to a bridge cause it to be switched to promiscous mode.
On some interfaces (and wm has been one of them until recently, it's
possible you're in this case), switching to promisc cause the
link to be down/up, which cause a spanning tree renegotiation on
the other end if STP is enabled. While the spanning tree renegotiation
is taking place no traffic is switched on this link, and the
negogtiation can take some time (it's usually 30s in my case).

> 
> Even if I do not have tap0 in bridge0, if I add wm1 to bridge0,
> I loose wm1 connectivity.
> 
> if I just use the following command, should it kill wm1?:
> brconfig bridge0 add wm1
> 
> before I do this ifconfig wm1 and bridge0 gives:
> wm1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:1b:21:95:00:1a
>         media: Ethernet autoselect (1000baseT)
>         status: active
>         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
> bridge0: flags=41<UP,RUNNING> mtu 1500
> 
> 
> Is there a better description of brconfig and bridging does?
> I've looked at the man pages...it just seems a bit too sparse?
> 
> Are there any more illustrative examples? Maybe someone has set up
> openvpn?

I have, in the exact setup you describe. It worked for me without problems.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: bridge with tap - trying to set up openvpn server
  - From: yancm

References:
- bridge with tap - trying to set up openvpn server
  - From: yancm
- Re: bridge with tap - trying to set up openvpn server
  - From: Manuel Bouyer
- Re: bridge with tap - trying to set up openvpn server
  - From: yancm

Prev by Date: Re: bridge with tap - trying to set up openvpn server
Next by Date: Re: bridge with tap - trying to set up openvpn server
Previous by Thread: Re: bridge with tap - trying to set up openvpn server
Next by Thread: Re: bridge with tap - trying to set up openvpn server
Indexes:

Home | Main Index | Thread Index | Old Index