Re: bridging a tun(4) VPN

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: bridging a tun(4) VPN
From: Gert Doering <gert%greenie.muc.de@localhost>
Date: Sat, 19 Mar 2016 21:03:43 +0100

Hi,

On Sat, Mar 19, 2016 at 04:41:06PM +0100, Emmanuel Dreyfus wrote:
> I would like to bridge an OpenVPN tunnel (tun(4) based) with a vlan. 
> 
> But brconfig does not seem to like tun interfaces:
> brconfig bridge4 add tun4
> brconfig: add tun4: Invalid argument
> 
> Is there any hope to get this working?

As Taylor already answered, a tun(4) is a "pure IP" interface which
does not have a link layer - so to be able to bridge it to an ethernet
bridge, you'd need to have "something" between tun and bridge that 
synthesizes ethernet headers (tun->bridge) and strips them in the other
direction.

OpenVPN's "--dev tap" will use a tap(4) device, which looks like a 
proper ethernet device - with headers and everything, so that can
be bridged just fine.

If you have no control over the other end, you can play around with
proxy arp and routing tricks to "sort-of-bridge" tun and LAN...

(I've toyed with the idea of having a "shim ethernet layer" inside
OpenVPN to be able to have a bridge on one side and a tun-only client
on the other end - like, Android or iOS - but that was never more than
a "wouldn't it be cool...?" idea)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert%greenie.muc.de@localhost
fax: +49-89-35655025                        gert%net.informatik.tu-muenchen.de@localhost

References:
- bridging a tun(4) VPN
  - From: Emmanuel Dreyfus

Prev by Date: Re: bridging a tun(4) VPN
Next by Date: Re: bridging a tun(4) VPN
Previous by Thread: Re: bridging a tun(4) VPN
Next by Thread: Re: bridging a tun(4) VPN
Indexes:

Home | Main Index | Thread Index | Old Index