Hi Marc,
On 19/05/19 16:54, Marc SCHAEFER wrote:
Hello,
I run a layer 2 (bridging) large OpenVPN network linking ethernet
interfaces, wifi interfaces, software bridges, tap interfaces, etc.
The idea behind the layer 2 virtual network was for maximum flexibility:
it is an educational network where people must collaboratively manage it
(including setting up their own DHCP server, WiFi authentification, etc).
It works like a charm.
As this is an educational network, there are times where I want
to see all exchanged traffic, for debugging or illustrative purposes.
What I noticed is if "client-to-client" is not enabled, then the layer 2
does not work, and with it enabled, it works, but I don't see inter-client
trafic on the main VPN server.
Question 1: how may I see inter-client trafic on the main VPN ?
you'd have to disable 'client-to-client' , enable IP forwarding on your
server and set up the appropriate routing and iptables rules. Packets
should essentially "leave" openvpn and be handed off to the kernel. The
kernel may then decide to feed them back into OpenVPN (via the tap i/f
again) based on routing rules.
I have made this work for tun-style networks on Linux and see no reason
why it wouldn't also work with tap
Question 2: would VLAN work in this setup ? I have already deployed VLANs
trunks on ethernet and wifi, but not so far attempted to make the VLAN tagged
frames travel through OpenVPN, is there anything special to do so it works,
or does it automagically works (no VLAN isolation required, just
trunk mode) ? If it is not possible, then I will implement multiple VPNs,
each with its own bridged VLAN.
as you are running a tap-style network I'd think this should "just work"
: the Linux kernel sees the tap device as "just another ethernet "
device . However, I do remember that there are some VLAN patches
floating around, but I don't know if they still apply and whether they
deal with tun or tap.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
