I'm currently running Openvpn on a multi-homed linux server. The bridge device br0 comprises the tap0 virtual device and the physical eth0 device. Eth0 is wired to the local LAN. Remote clients dial into the server's external interface eth1's udp port 1194. This works but when the number of clients increases (over 12), we see lots of dropped packets and lost connections. We look at the interface stats when high volume transfers occur, the tx_bytes rate averages 8Mbytes/s. Our line is symmetric 1Gbit which we are guaranteed at worst 80% of the rated speed. So we don't think the bottleneck is on the line though we have no means of checking it. Our server is an i5 and we don't see the loading is too heavy just by looking at top. I would like to try out tinc but have not got a spare machine to install and run it. I am wondering how I would set up the bridge device if I run both at the same time. Would I be able to set up another bridge device (br1) encompassing the same physical eth0 port and a new tap1 virtual device. It doesn't feel right... And even if I could, I wonder if there would be intermixing of vpn traffic appearing on the two tap ports. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150313/73594160/attachment.html>
On Fri, Mar 13, 2015 at 04:54:00PM +0800, Terry T wrote:> I'm currently running Openvpn on a multi-homed linux server. The bridge > device br0 comprises the tap0 virtual device and the physical eth0 device. > Eth0 is wired to the local LAN.[...]> I would like to try out tinc but have not got a spare machine to install > and run it. I am wondering how I would set up the bridge device if I run > both at the same time. Would I be able to set up another bridge device > (br1) encompassing the same physical eth0 port and a new tap1 virtual > device. It doesn't feel right... And even if I could, I wonder if there > would be intermixing of vpn traffic appearing on the two tap ports.I don't think you can add one interface to more than one bridge, but you can add as many devices as you like to a single bridge. So just set up tinc, and add its tap interface to br0. The tinc-up script will look like this: #!/bin/sh ifconfig $INTERFACE 0.0.0.0 brctl addif br0 $INTERFACE ifconfig $INTERFACE up You have to run tinc in switch mode or explicitly set the virtual interface to be a tap interface using "DeviceType = tap". The bridge will allow intermixing of VPN traffic. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150313/c74a42a5/attachment.sig>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greeting- I had a need to include some pptp clients into my tinc network, mainly because those hosts had not been updated to tinc yet. All I did to make everything talk was on my VPN hub box I assigned the PPTP hosts to addresses in the same network as the tinc machines were using. With this setup I have no trouble with my tinc and PPTP nodes speaking to each other. Having used openVPN in the past I believe the same would be true. I will say my vpn hub box is FreeBSD 10.1, so if your hub is something else you may not have the same results. - -Brett - -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVBR4PAAoJEK6K3yrc+RuDKkcH/Aki5/LBMoIbyaR8Fe0pSW0V JVFzWpF21aMCFjURAO+5GC1uky59NeIagoKRsuzTMzuXUyF0wU9yMD6vnEwPIiIX eEN330XVW+jaRpWQ9JxSo4hZoress01/02cp5AhC4Z5vjavw21afvQRBszpu1eWc zJ2eeWAyM2p19145wevSTgDZIqqMuq/tnaYCRIB0y8IA8dXOAyyFHFQn1Z2YZE8h /vn+FbmBOlMzJsH/9+X11XoaA6isIL4Ehg1c9qebxpbahN6zqxK1OcstlbMXxK/1 T75SsT88VWH6f00QM6/2C6BvElPgZMGrujH87szhZOhfk7LE85jdz9rAIk/ey5o=lh1l -----END PGP SIGNATURE-----