Date: Sat, 28 Jan 2006 18:00:05 -0600 From: Vulpes Velox <v.velox@vvelox.net> To: Bob Kersten <bob@fellownet.com> Cc: freebsd-questions@freebsd.org Subject: Re: VPN / Bridge Message-ID: <20060128180005.67b515ce@vixen42.vulpes> In-Reply-To: <E11CF724-B7BB-473B-B313-EBCFCB593424@fellownet.com> References: <E11CF724-B7BB-473B-B313-EBCFCB593424@fellownet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Jan 2006 16:01:11 +0100 Bob Kersten <bob@fellownet.com> wrote: > Hello, > > I've been trying to create a tunnel/bridge between two networks > which both reside behind a FreeBSD router using NAT. I've achieved > it using the handbook example in chapter 14.10. Clients on network > A are able to ping clients on network B and clients on network A > are able to map samba shares on the NAT box/gateway of network B. > The example however uses two different subnets to route traffic > between both networks. Unfortunately broadcasts will not travel > through the tunnel which causes Apple's bonjour (called rendezvous > earlier) not being able to discover clients on the other network. > > What I want to achieve is what I believe a bridge between both > networks. The entire network A should be on the same subnet as > network B: > > network A > range 192.168.100.100 - 192.168.100.199 / 255.255.255.0 > | > FreeBSD gateway A > en1: IP: 192.168.100.101 / 255.255.255.0 > en0: public IP: 25.25.25.1 > | > Internet > | > FreeBSD gateway B > en0: public IP: 25.25.25.2 > en1: IP: 192.168.100.1 / 255.255.255.0 > | > Network B > range 192.168.100.1 - 192.168.100.99 / 255.255.255.0 > > Using the example from the handbook there was no additional > configuration necessary on the clients on both networks, the > FreeBSD gateways handled all the necessary routing. It would be > great if this new setup should also not require any additional > settings on the clients aswell. > > Can anyone give me an example or the necessary steps to create > this kind of VPN? I would use openvpn. You need to select one to be a vpn server and another to be a vpn client. You just create a basic vpn connection that connect the two together. Then on each one add a route for that points at the vpn address as the gateway for that subnet. BTW the addressing is wrong there. You can't one one be 192.168.100.1-192.168.100.99 and the other be 192.168.100.100-192.168.100.199. The That netmask is not possible. You can do a 28 bit netmask, which will give 126 address to play with on both networks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060128180005.67b515ce>