Linux Ethernet Bridging - Apr 2007 - [Bridge] FW: [Openvpn-users] linux bridge is bad

An HTML attachment was scrubbed...
URL:
http://lists.linux-foundation.org/pipermail/bridge/attachments/20040429/18161e5b/attachment-0002.htm

On Thu, 29 Apr 2004 17:20:29 +0200
"herwam herwam" <dedmoroz3000@hotmail.com> wrote:
> 
> 
>  
> Hi All,
> I am using a bridge with openvpn .Linux Server with dhcp and a debian
client .With Windows Client evrything looks great i have 2 Ip opne
> public from provider other private from dhcp one from vpn.
> With Linux Client i have problem with this setup: up.sh
> >
> >#!/bin/sh
> >/sbin/modprobe tun
> >/sbin/modprobe bridge
> >ifconfig eth0 down
> >/usr/sbin/openvpn --mktun --dev tap0
> >/usr/sbin/brctl addbr br0
> >/usr/sbin/brctl addif br0 tap0
> >/usr/sbin/brctl addif br0 eth0
> >/sbin/ifconfig tap0 0.0.0.0 promisc up
> >/sbin/ifconfig eth0 0.0.0.0 promisc up
Turning on promiscious here is not necessary.  addif does it already.
You probably want to do:

 modprobe tun
 modprobe bridge
 ifconfig eth0 0.0.0.0
 openvpn --mktun --dev tap0
 ifconfig tap0 0.0.0.0
 brctl addbr br0
 brctl addif br0 tap0
 brctl addif br0 eth0
 ifconfig br0 xxx.xxx.xxx.240 netmask 255.255.0.0 broadcast xxx.xxx.255.255  

Since bridging is at link level (2) not network level (3), you should have an IP
for the bridge and none for eth0 and tap0.  If you need to forward packets but
have separate IP subnets, than you want to use IP forwarding not bridging.