Ramses II
2010-Feb-04 19:10 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switch mode?.
Hello to everybody, Sorry if my english isn?t very good. I need pass 802.1q through a VPN between two offices. I have mounted a WRT54GL, with OpenWRT firmware, conected to a switch trunk port in both offices. In the switch of the first office I have created five tagged VLANs and I need pass these VLAN to the second offices where it has created it too. Can I do this with Tinc in HUB/Switch mode? I?m not configured nothing yet. Made somebody this with WRT54GL? Can you help me with the configuration with WRT54GL? I will follow this guide "http://www.tinc-vpn.org/examples/bridging/". Very thanks and regards, Ramses
Guus Sliepen
2010-Feb-04 19:22 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switch mode?.
On Thu, Feb 04, 2010 at 08:10:04PM +0100, Ramses II wrote:> I need pass 802.1q through a VPN between two offices. > > I have mounted a WRT54GL, with OpenWRT firmware, conected to a switch trunk > port in both offices. > > In the switch of the first office I have created five tagged VLANs and I > need pass these VLAN to the second offices where it has created it too. > > Can I do this with Tinc in HUB/Switch mode?Yes.> Can you help me with the configuration with WRT54GL?It doesn't seem WRT54GL specific to me.> I will follow this guide "http://www.tinc-vpn.org/examples/bridging/".I think it should just work if you set up bridging like in that example. If not, let us know. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100204/bba1d315/attachment.pgp>
Ramses II
2010-Mar-14 21:19 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switch mode?.
Hi everybody again, I go on with the same problem.
I'll tell you again. I have the next configuration:
VLAN1(U)--| Switch Switch |-- VLAN1(U)
VLAN5(T)--|-- Trunk -- TincS-01 ---VPN--- TincS-02 -- Trunk --|-- VLAN5(T)
VLAN10(T)-| Port Port |-- VLAN10(T)
(U) = Untagged
(T) = Tagged
I do Ping between the PCs in VLAN1 but I can?t do Ping between the PCs in
VLAN5 or VLAN10, that both are tagged.
In both Tinc Servers, the VLAN5 has asociated to sub-interface eth0.5 and
the VLAN10 to the eth0.10.
Each server is connected to the other by the sub-interface eth0.1 (Internet
interface).
Both servers have installed Openwrt firmware.
I have this config in both servers:
--------------
root at RT-VPN-01:/# cat /etc/tinc/tinc.conf Name = Central (in the other
Server - SedeA) Device = /dev/net/tun Mode = switch ConnectTo = SedeA (in
the other Server - Central)
--------------
--------------
root at RT-VPN-01:/# cat /etc/tinc/tinc-up
#!/bin/sh
ifconfig $INTERFACE 0.0.0.0
brctl addif br-lan $INTERFACE
ifconfig $INTERFACE up
---------------
In the bridge I have:
--------------
root at RT-VPN-01:/# brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.00259c63fbdf no eth0.0
tap0
--------------
So, can you tell me what can i do to pass the VLAN5 and VLAN10 through the
Tinc tunel?
I know I'm close but can not find the solution.
Regards,
Ramses
> -----Mensaje original-----
> De: Guus Sliepen [mailto:guus at tinc-vpn.org]
> Enviado el: mi?rcoles, 24 de febrero de 2010 14:58
> Para: Ramses II
> CC: jagm at multico.es
> Asunto: Re: Can I pass 802.1q (VLAN tagged) through a VPN Tinc in
> HUB/Switch mode?.
>
> On Wed, Feb 24, 2010 at 01:01:33PM +0100, Ramses II wrote:
>
> > Don't you know the Linksys WRT54GL router?
> >
> > This is the internal architecture:
> >
> > http://garycourt.com/wp-
> content/images/WRT54_sw2_internal_architecture.png
>
> Yes, I know about this architecture, which is used in many routers by the
> way.
> I do not know the details of every router though :)
>
> > It only have a fisical interface eth0 and two subinterfaces eth0.0
(LAN)
> and
> > eth0.1 (WAN).
> >
> > I can do this with it?
>
> I see. Yes, in that case you should probably bridge with eth0.0. Anyway,
> tinc
> handles untagged and tagged packets in exactly the same way, because in
> Switch
> mode it will only look at the source and destination MAC address, not at
> the
> rest of the packet. But maybe you should run tcpdump on eth0.0 on both
> sides to
> check what happens when PCs in VLAN5 for example try to ping each other.
> If no
> side sees any ping traffic on eth0.0, then the switch doesn't forward
> VLAN5
> tagged packets to the router. If one sides sees ping traffic, but there is
> nothing on the other side, then perhaps something is wrong with tinc. If
> you
> see packets on both sides, but there are only ping requests, no responses,
> then, assuming PCs on both sides use the same subnet in VLAN5, I would
> guess it
> is still a problem with the switches.
>
> If the problem still persists, perhaps you could run tcpdump on both
> eth0.0 and
> tap0, capturing the full link-layer headers, and send me the results so I
> can
> have a look at what's happening in your setup?
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
michael-dev at fami-braun.de
2010-Mar-23 20:44 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switchmode?.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ramses II schrieb:> Michael, do you try tell me that each vlan should be in a separate bridge > and then create a tinc vpn associating each tinc vpn interface with one > bridge?No, the console output I posted should have indicated that bridge br0 is bridging eth2 and tinc, that means it carries ALL vlans. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkupKBEACgkQja4h02Y9mlcxrwCcDYIrpcUac5+B40Acx9WbhGWW h20AnRB8NXKfuctjr2SZYmh/dZF9cpke =pKCo -----END PGP SIGNATURE-----
Ramses II
2010-Apr-05 11:02 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tincin HUB/Switchmode?
Hi again, I have changed both routers by two servers with CentOS linux and two physical interfaces (eth0 and eth1). I have connected both servers by the eth1 interface. I have created a bridge and I have added the tap0 and the eth0 interface. Each eth0 interface was connect to a trunk port (802.1q) of a switch. I have connected a PC to a untagged port (VLAN5) of one of the switches. I can see the Mac Address of this PC in the trunk port of the other switch but is asociated to the VLAN1 (Default). I have captured the traffic of the eth0 interface of the server that is connected to the trunk interface of the same switch tha is connected the PC and not show me the VLAN ID: ----------------------------------------------------------------------- [root@ /]# tcpdump -ne -i eth0 | grep ICMP tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 12:55:57.984204 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 4, length 64 12:55:58.983872 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 5, length 64 12:55:59.983579 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 6, length 64 12:56:00.983273 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 7, length 64 12:56:01.982993 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 8, length 64 12:56:02.982721 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 9, length 64 12:56:03.982380 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 16148, seq 10, length 64 12:56:18.506129 00:17:c5:12:f6:80 > 00:15:e9:86:2a:d9, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.67: ICMP echo request, id 32789, seq 1, length 64 12:56:18.657118 00:17:c5:12:f6:80 > 00:19:66:3a:06:a3, ethertype IPv4 (0x0800), length 98: 10.158.3.60 > 10.158.5.50: ICMP echo request, id 43029, seq 1, length 64 224 packets captured 224 packets received by filter 0 packets dropped by kernel [root@ /]# ----------------------------------------------------------------------- Can anybody help me with this? Best regards, Ramses
Guus Sliepen
2010-May-17 10:51 UTC
Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switch mode?
On Thu, Feb 04, 2010 at 08:10:04PM +0100, Ramses II wrote:> I need pass 802.1q through a VPN between two offices.I do not know exactly what this does, but there is a new "macvtap" driver in Linux 2.6.34 that exposes a macvlan as a tap device, which might be useful for those who want to selectively tunnel VLANs over their VPN: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=20d29d7a916a47bf533b5709437fe735b6b5b79e -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20100517/772ebed0/attachment.pgp>