Re: [Openvpn-users] Bridged configuration question

[William M. <wgm...@gm...>]

Couple of corrections... sorry:
When I bridge this interface with the TAP adapter the bridge receives an *IP
of* 192.168.1.114.
I've decided that the VPN will operate under the subnet
*10.8.0.0/24<http://10.0.8.0/24>
*. My understand is that the following configuration command:

On Sat, Oct 31, 2009 at 4:14 PM, William McMahon <wgm...@gm...>wrote:

> OK, then all of this might have been in vain. Let me try to explain what I
> am trying to accomplish with openVPN because now I am understanding it as
> bridging software between an already existing LAN and a virtual LAN.
>
> The overall goal of this project is to create a LAN environment for pc
> gaming - I know childish; but we all enjoy our down time. Through reading
> the how-to's I've deducted that I need to create a bridged VPN (to allow
> broadcasts). I hope to use the server as a client as well; so here is my
> topology... more or less.
>
> Server behind a router under the subnet 192.168.1.0/24. Server is equipped
> with one network interface card that receives an IP of 192.168.1.108. When I
> bridge this interface with the TAP adapter the bridge receives an interface
> with 192.168.1.114.
>
> I've decided that the VPN will operate under the subnet 10.0.8.0/24. My
> understand is that the following configuration command:
>
> server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
>
> Will allocate 10.8.0.4 to the server's tap adapter and reserve the pool
> 10.8.0.50-10.8.0.100 to the connecting clients.
>
> Now I am assuming that most my clients also are behind their local subnet
> 192.168.1.0/24 or 192.168.0.0/24 (since those are the most commonly used
> home lans). When the client connects to the VPN using open vpn I am assuming
> their TAP adapter is receiving a 10.8.0.0/24 address within the range
> .50-.100 and through trials I have verified this assumption (one of the
> remote clients received an IP of 10.8.0.50).
>
> My hope then is if the server were to host a LAN game all clients connected
> to the VPN would be able to connect. Similarly if a client were to host a
> LAN game all clients connected to the VPN plus the server would be able to
> connect. My question is then is this possible? Am I going about this in the
> right way? If this is possible, would the server need to be running it's
> gaming server on it's 192.168.1.0/24 IP? or on it's 10.8.0.0/24 IP? Will
> both destinations be reachable by the clients? If both destinations are
> reachable then wouldn't this create IP conflicts if say one of my clients
> had 192.168.1.114 as the IP assigned to their Ethernet interface? Or should
> I just give up and move on with my life :P
>
>
> On Sat, Oct 31, 2009 at 3:32 PM, Davide Brini <da...@gm...> wrote:
>
>> On Saturday 31 October 2009, William McMahon wrote:
>>
>> > Ok, I'm starting to understand a lot better - thanks for all your help.
>> I
>> > was able to test the connection with one of my clients and they were
>> able
>> >  to connect to the VPN. Their TAP adapter was receiving an IP of
>> 10.8.0.50.
>> >  However they were unable to ping the server and I was unable to ping
>> them
>> >  - but this could have been a firewall/router issue on the client side.
>> >  Just to clarify further.. if I am using a bridged VPN would the client
>> >  need to ping:
>> >
>> > 1. My Ethernet Address: in the above case: 192.168.1.114
>> > --or/and--
>> > 2. My VPN address: in the above case: 10.8.0.4
>> >
>> > Similarly, for the server to ping the client would I ping their:
>> >
>> > 1. Local Ethernet address: probably something like 192.168.x.x
>> > --or/and--
>> > 2. Their VPN address: in the above case: 10.8.0.50
>>
>> Assuming your main LAN you want to give access to bridged clients is using
>> addresses in the range 10.0.8.0/24, you should be able to ping from any
>> internal LAN host to any VPN client, and from any VPN client you should be
>> able to ping internal LAN hosts.
>> If the server itself has an IP address in that range (ie on the bridged
>> interface), you should be able to ping that address too.
>>
>> Note that what you say above, together with what you said in earlier
>> emails,
>> is making me think that you're trying to use an address that should be
>> part of
>> the LAN/VPN pool as the "public" endpoint IP for the VPN itself (not
>> really
>> public here, but that's what its logical function would be).
>> While it is possible to make such a thing work with some tricks (though I
>> strongly advise against doing that), that is usually a signal that you
>> either
>> haven't understood how bridging should work, or you did not design your
>> VPN
>> correctly.
>>
>> What is usually done when bridging is to have a bridge interface composed
>> of
>> an ethernet and a tap interface. The ethernet interface is physically
>> connected to the LAN you want to make reachable over the VPN, and the
>> bridge
>> interface, optionally, has an IP address in that same LAN. Remote clients
>> are
>> supposed to receive IP addresses that are part of the same pool.
>> The OpenVPN server should then have another separate interface, usually
>> with a
>> public IP (or that receives traffic forwarded by some router with a public
>> IP), and that interface is where OpenVPN should listen for remote client
>> connections.
>>
>> --
>> D.
>>
>>
>> ------------------------------------------------------------------------------
>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>> is the only developer event you need to attend this year. Jumpstart your
>> developing skills, take BlackBerry mobile applications to market and stay
>> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>> http://p.sf.net/sfu/devconference
>> _______________________________________________
>> Openvpn-users mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>
>
>