I have OpenVpn client running on shorewall server connecting to an OpenVpn server in bridge mode. All of my "loc" boxes can communicate fine with all of the servers that are at the remote side of the bridge. I was wondering, if by definition, if it is impossible for the "loc" devices to receive broadcasts from the bridged VPN connection. When searching the archives I found a few similar questions, but not a definitive answer. Someone mentioned proxyarp as a possible solution. I just wanted to make sure there is no "magic" solution available for "loc" devices being able to receive broadcasts from bridged VPN connection. Thanks. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Scott Ruckh wrote:> I have OpenVpn client running on shorewall server connecting to an > OpenVpn server in bridge mode. > > All of my "loc" boxes can communicate fine with all of the servers that > are at the remote side of the bridge. > > I was wondering, if by definition, if it is impossible for the "loc" > devices to receive broadcasts from the bridged VPN connection.It is completely possible and should ''just work''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
This is what you said Tom Eastep> Scott Ruckh wrote: >> I have OpenVpn client running on shorewall server connecting to an >> OpenVpn server in bridge mode. >> >> All of my "loc" boxes can communicate fine with all of the servers that >> are at the remote side of the bridge. >> >> I was wondering, if by definition, if it is impossible for the "loc" >> devices to receive broadcasts from the bridged VPN connection. > > It is completely possible and should ''just work''. >Either what I am doing is wrong, or I have not explained my environment well enough. Shorewall server loc network: 1.1.1.0/24 Shorewall tap0 device assigned IP of 2.2.2.254/24 Via SMB I can map drives from the 1.1.1.0 network to the 2.2.2.0 network and do other things like SSH, http, etc..., but things like seeing Domain names in an explorer browser, or seeing other auto discovery services (UPnP, DAAP, etc) do not work. I did not think that broadcasts would traverse the two different sub-nets and that was the issue. Are you saying it is possible for the 1.1.1.0/24 devices to be able to use auto-discovery services just like they were if they were on the 2.2.2.0/24 network? If I connect a openvpn client from a device on the 1.1.1.0/24 network directly to the OpenVPN server on the 2.2.2.0/24 network everything works. When trying to use shorewall as the VPN client instead of devices on the 1.1.1.0/24 network is when the broadcasting stuff appears not to work. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > It is completely possible and should ''just work''. >I have attached a PDF document to better illustrate the network. I have also tried to re-word the question (see document) using the diagram as a reference. Thanks. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Fri, 2008-02-22 at 10:50 -0700, Scott Ruckh wrote:> This is what you said Tom Eastep > > Scott Ruckh wrote: > >> I have OpenVpn client running on shorewall server connecting to an > >> OpenVpn server in bridge mode. > >> > >> All of my "loc" boxes can communicate fine with all of the servers that > >> are at the remote side of the bridge. > >> > >> I was wondering, if by definition, if it is impossible for the "loc" > >> devices to receive broadcasts from the bridged VPN connection. > > > > It is completely possible and should ''just work''. > > > > Either what I am doing is wrong, or I have not explained my environment well enough. > > Shorewall server loc network: 1.1.1.0/24 > Shorewall tap0 device assigned IP of 2.2.2.254/24 > > Via SMB I can map drives from the 1.1.1.0 network to the 2.2.2.0 network and do other things like SSH, > http, etc..., but things like seeing Domain names in an explorer browser, or seeing other auto > discovery services (UPnP, DAAP, etc) do not work. > > I did not think that broadcasts would traverse the two different sub-nets and that was the issue. > > Are you saying it is possible for the 1.1.1.0/24 devices to be able to use auto-discovery services just > like they were if they were on the 2.2.2.0/24 network? > > If I connect a openvpn client from a device on the 1.1.1.0/24 network directly to the OpenVPN server on > the 2.2.2.0/24 network everything works. When trying to use shorewall as the VPN client instead of > devices on the 1.1.1.0/24 network is when the broadcasting stuff appears not to work.That would not work no. becouse broadcast does not cross between broadcast domains. When you said you had a bridged openvpn, we assumed you had your loc zone on your bridge interface. and the same ip area on the bridged openvpn. iow a loc zone, with a interface br0 the br0 interface having 2 ports tap0 and eth0 On the other hand. It makes sense to use a routed solution like you do. It reduces noise on the (often) slower openvpn then the lan. And just dont use services that need broadcasts. for getting all your machines up in windows exporer you can use a samba wins server, and give it''s ip to all all machines via dhcp. kind regards Ronny Aasen ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Ronny Aasen wrote:> On the other hand. It makes sense to use a routed solution like you do. > It reduces noise on the (often) slower openvpn then the lan. And just > dont use services that need broadcasts.Although there is really no point in using a bridged OpenVPN configuration there unless there is a requirement for broadcasts between the clients.> > for getting all your machines up in windows exporer you can use a samba > wins server, and give it''s ip to all all machines via dhcp. >Indeed -- but that would work in a routed OpenVPN environment just as well. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/