On Wed, 2009-03-25 at 20:48 -0400, Aurelian Melinte wrote: > Hello, > > is there any way to bridge a tun interface which is up with a network card? I > need to brew a kind of a site-to-site VPN device. > > The problem: I have a couple of Ethernet dumb hardware devices that have to > be on a VPN. To establish the VPN I use Cisco AnyConnect, which, when > connected, establishes a tun iface. Now, any application on tun machine can > access the VPN. But not my devices. > > I want to bridge one of the network cards of the tun machine to the tun > interface so that my dumbs can access the VPN - they have to get an IP on the > VPN. Then hook a switch on that net card and attach my devices to it. The > other card goes out to my ISP. > > I cannot use OpenVPN (I know it does bridges). I know there is Cisco ASA that > does site-to-site but that requires a static IP. > > Any suggestions welcome. Would routing work instead of bridging? > > Thanks, > a. >
You can use brctl[1] for transparent bridging but that's only if DHCP will work over the vpn tunnel. Otherwise set up NAT[2] on your "tun" machine using iptables. From there you can use static IPs for the client machines or set up a DHCP server on the "tun" box to provide them with IP addresses. nick [1] http://www.linuxfoundation.org/en/Net:Bridge [2] http://www.revsys.com/writings/quicktips/nat.html or http://www.billauer.co.il/ipmasq-html.html _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
