Menu
▾
▴
Re: [Openvpn-users] LAN gaming over openVPN
|
From: James Y. <ji...@yo...> - 2003-05-28 03:46:38
|
Owain Evans <tom...@ya...> said: > Sorry this is slightly off topic. > > I'm trying to use openVPN to connect two linux routers, RouterA and RouterB > with DSL connections. Now, it's all working fine except now I want to be > able to play LAN games which involve clients both sides of the VPN. ATM the > subnet behind RouterA is 192.168.1.0/24 and RouterB is 192.168.0.0/24. > > I've read somewhere that I have to either fool the computers on subnetA > that the clients on subnetB are on the same subnet or get multicast packets > to travel through the vpn tunnel. Is this correct? Yes that correct. The "fool the computers" method is otherwise known as ethernet bridging. Basically you make a tunnel using TAP devices, then you use a tool such as brctl to bridge your LAN ethernet device with the TAP device. If you do this on both ends of the VPN, you will create a bridged ethernet network, i.e. an ethernet subnet that looks like a LAN to clients, even though it's a WAN in real life. When you set up your openvpn config, follow the examples for tun devices, but instead use "--dev tap --tun-mtu 1500 --tun-mtu-extra 64 --up ./up-script" up-script is a shell script to ifconfig the tap device such as: ifconfig $1 $local netmask 255.255.255.0 mtu $2 where $local is the local endpoint IP address. Each openvpn peer uses a different $local address (they should be taken from a private subnet, and should be separate from the subnet of the LAN you are trying to bridge). Once you can ping across the TAP device, then use brctl (on linux) to bridge the tap device with your physical ethernet device. Note that ethernet bridging over OpenVPN requires that both OpenVPN peers have the ability to communicate with the other over a UDP port, AND the routers along the path must support IP fragmentation. While this is usually the case, broken routers do exist. Using ethernet bridging is only one possible solution. If you can get your client traffic to route at the IP level, then you use OpenVPN in --dev tun mode to create a tun device linkage, then use route commands to route traffic over the tun device. This is somewhat more efficient than using tap devices and ethernet bridging, but requires that you configure multicast routing. James > > So I'm wondering a) is it possible b) what tools I need to use to do this. > > I've read about ethernet bridging, proxy arp, routing, or do I just need > some clever iptables rules? > > I hope you can help, or point me in the right direction! > > Thanks Owain Evans > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ObjectStore. > If flattening out C++ or Java code to make your application fit in a > relational database is painful, don't do it! Check out ObjectStore. > Now part of Progress Software. http://www.objectstore.net/sourceforge > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- |