On Mon, Oct 12, 2009 at 7:52 PM, Hrishikesh Murali <[email protected]> wrote: > > My problem is that all the packets go to the VPN server and then it is > forwarded to the gateways. I feel this will result in too much load on > the VPN server as it keeps running and in burst traffic situations > (and might crash). Am i wrong in this assumption? >
The network seems to be a lab network or something for you to try out VPNs. One cannot talk of crashes without knowing where the bottleneck is. With a PIII processor, 100Mb traffic can be handled with 1500 packet sizes. I guess that is the ethernet card speed here and so processor will not be the bottleneck. > > Is there a better way to do the routing, that is can I push the > routing entries 1) and 2) automatically from the VPN server onto the > clients whenever they connect so that traffic does not have to come > through the VPN server, it can go directly to the gateway? > Yes. Obviously all the machines are on one 192... network. Like Kapil asked, there must be an intent for a VPN. Normally, VPNs are built over public networks between remote locations. You can build a star or a mesh networks. Obviously, a mesh will not suffer from a single point getting excessively loaded as in a star. > > I must prevent computers from one subnet from DOSing the VPN server, > or the other subnets, or any computer in the VPN. How do I do this? > IPTables. > > What is the difference between "dev tun" and "dev tap" in the VPN > configuration files? I know it specifies the tunneling device, but why > two separate devices? In what situations do I use each device? > *First task is to search. A google search yields "TAP (as in network tap) simulates an Ethernet device and it operates with layer 2 packets such as Ethernet frames. TUN (as in network TUNnel) simulates a network layer device and it operates with layer 3 packets such as IP<http://en.wikipedia.org/wiki/Internet_Protocol> packets. TAP is used to create a network bridge, while TUN is used with routing."* I have also noticed this, in my VPN server configuration file, I have the > line: > server 10.222.222.0 255.255.255.0 > If I specify "dev tun" in both server and clients, the server starts > giving out ip's to clients from 10.222.222.5, but if I specify "dev > tap" in both server and clients, the server starts giving out ip's to > clients from 10.222.222.2. Why is it so? > > TAP being a layer 2 device takes one IP. TUN device requires 2 endpoint IPs. The server assigns IP on its side and then to the other/client side and so this difference. -- Mohan Sundaram _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
