On Fri, Jan 22, 2016 at 03:21:06PM +0000, mlist wrote:
[...]> Note that the IP addresses of eth0 and tap0 are the same. This is quite
possible, if you make sure that the netmasks of the interfaces are different. It
is in fact recommended to give both real internal network interfaces and tap
interfaces the same IP address, since that will make things a lot easier to
remember and set up.
> "
>
> Can you explain best the last statement saying that real eth0 and tap0 can
have some ip with different netmask ?
> Overlapping: 10.1.0.0 - 10.1.255.255 and 10.0.0.0 - 10.255.255.255
In general, you can use the same IP address on more than one interface.
And the routing table decides where to route packets to. If you assign
10.1.0.1/16 to eth0, and 10.1.0.1/8 to tap0, then the routing table will
look like:
10.1.0.0/16 dev eth0
10.0.0.0/8 dev tap0
Specifically, the route to eth0 will have priority over the one to tap0,
so packets for your local LAN will always be sent to the real Ethernet
interface, and any other packets in the 1.0.0.0/8 range will be sent to
the VPN. If you'd have the same netmask on both the kernel wouldn't know
which interface to route packets to.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160122/ea4c6f4c/attachment.sig>