On Fri, 2008-02-22 at 10:50 -0700, Scott Ruckh wrote: > This is what you said Tom Eastep > > Scott Ruckh wrote: > >> I have OpenVpn client running on shorewall server connecting to an > >> OpenVpn server in bridge mode. > >> > >> All of my "loc" boxes can communicate fine with all of the servers that > >> are at the remote side of the bridge. > >> > >> I was wondering, if by definition, if it is impossible for the "loc" > >> devices to receive broadcasts from the bridged VPN connection. > > > > It is completely possible and should 'just work'. > > > > Either what I am doing is wrong, or I have not explained my environment well > enough. > > Shorewall server loc network: 1.1.1.0/24 > Shorewall tap0 device assigned IP of 2.2.2.254/24 > > Via SMB I can map drives from the 1.1.1.0 network to the 2.2.2.0 network and > do other things like SSH, > http, etc..., but things like seeing Domain names in an explorer browser, or > seeing other auto > discovery services (UPnP, DAAP, etc) do not work. > > I did not think that broadcasts would traverse the two different sub-nets and > that was the issue. > > Are you saying it is possible for the 1.1.1.0/24 devices to be able to use > auto-discovery services just > like they were if they were on the 2.2.2.0/24 network? > > If I connect a openvpn client from a device on the 1.1.1.0/24 network > directly to the OpenVPN server on > the 2.2.2.0/24 network everything works. When trying to use shorewall as the > VPN client instead of > devices on the 1.1.1.0/24 network is when the broadcasting stuff appears not > to work.
That would not work no. becouse broadcast does not cross between broadcast domains. When you said you had a bridged openvpn, we assumed you had your loc zone on your bridge interface. and the same ip area on the bridged openvpn. iow a loc zone, with a interface br0 the br0 interface having 2 ports tap0 and eth0 On the other hand. It makes sense to use a routed solution like you do. It reduces noise on the (often) slower openvpn then the lan. And just dont use services that need broadcasts. for getting all your machines up in windows exporer you can use a samba wins server, and give it's ip to all all machines via dhcp. kind regards Ronny Aasen ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
