On Tue, 16 Sep 2003, James Yonan wrote: > > I'd like to challenge the "better" claim: > > I mean "better" only in the sense of simpler configuration -- i.e. not needing > to set up a WINS server to make cross-subnet browsing work. I agree that tun > is more scalable, secure, etc.
After being through setting up a tap for a particular configuration (pure ethernet with fallback to OpenVPN-on-WLAN), tap isn't easier to configure than tun either. --ifconfig is one reason, although it's going to get competition, getting routing right if you "tap" one IP into an existing eth subnet is non-trivial and requires like 4 lines of --up scripting. My Linux distro also defaults to ethertap rather than tun, so if you're running SuSE, better make sure you load the "tun" module early. ethertap won't work with tun at the other end of the pipe -- different framing apparently. -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95
