Hi Manuel!
> I would like to know if its posible to establish a bridge (of the same
> network in two different physical locations) over internet using vtun.
>
> It's possible ? Someone did it?
Yes. Fairly easy. A little drawing explains a lot, so, here goes:
Two physical locations: SiteA and SiteB.
SiteA : part A of the network x.y.x.0/24
|
+-------o-------------------------------+
| |\port eth0 in promisc mode |
| | |
| |-bridge br0 |
| | |
| o-VTUN tap0 in promisc mode |
| |
| /port eth1 public IP = a.b.c.d |
+-------o-------------------------------+
| computer A
|
the internet
|
| computer B
+-------o-------------------------------+
| \port eth1 public IP = e.f.g.h |
| |
| o-VTUN tap0 in promisc mode |
| | |
| |-bridge br0 |
| | |
| |/port eth0 in promisc mode |
+-------o-------------------------------+
|
SiteB : part B of the network x.y.x.0/24
The idea is quite simple:
on SiteA, computer A has 2 ethernet ports:
- eth1 is connected (with public IP a.b.c.d) to the internet
- eth0 is connected (in promisc mode) to part A of the network
x.y.x.0/24
- bridge br0 includes eth0 and the tap (tap0) created by VTUN
in "ether" type, both with promisc=on
- computer A is configured as VTUN server
on SiteB, computer B has 2 ethernet ports:
- eth1 is connected (with public IP e.f.g.h) to the internet
- eth0 is connected (in promisc mode) to part B of the network
x.y.x.0/24
- bridge br0 includes eth0 and the tap (tap0) created by VTUN
in "ether" ether, both with promisc=on
- computer B is configured as VTUN client
For VTUN configuration details, the VTUN docs are relatively
clear. Anyway, I manage Debian systems, so here come the
/etc/default/vtun and /etc/vtund.conf files for both sites:
---- SiteA ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=yes
SERVER_ARGS="-P 5000"
#*** /etc/vtund.conf
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2001 Maxim Krasnyansky <max...@yahoo.com>
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
type stand;
bindaddr {
iface eth1;
};
}
default {
type ether;
# device tap; <<< this is always implied by "type ether", setting it causes
problems
proto udp;
persist yes;
keepalive yes;
# compress lzo:1;
compress no;
encrypt no;
stat no;
speed 0;
}
### server-side tunnel BA between Client SiteB and Server SiteA (here)
BA {
passwd SomePassword;
up {
program /sbin/ip "link set up dev %%";
program /sbin/ip "addr add 0.0.0.0/0 dev %%";
program /usr/sbin/brctl "addif br0 %%";
};
down {
program /usr/sbin/brctl "delif br0 %%";
};
}
---- SiteB ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=no
# Client sessions to start.
# Session name
CLIENT0_NAME=BA
# Destination host
CLIENT0_HOST=a.b.c.d
# Optional parameters
CLIENT0_ARGS="-P 5000"
#*** /etc/vtund.conf
#
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2001 Maxim Krasnyansky <max...@yahoo.com>
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
type stand;
bindaddr {
iface eth1;
};
}
default {
type ether;
# device tap; <<< this is always implied by "type ether", setting it causes
problems
proto udp;
persist yes;
keepalive yes;
# compress lzo:1; <<< no compression during debugging, please!
compress no;
encrypt no;
stat no;
speed 0;
}
### client-side tunnel BA between Client SiteB (here) and Server SiteA
BA {
passwd SomePassword;
up {
program /sbin/ip "link set up dev %%";
program /sbin/ip "addr add 0.0.0.0/0 dev %%";
program /usr/sbin/brctl "addif br0 %%";
};
down {
program /usr/sbin/brctl "delif br0 %%";
};
}
---- that's about it ----
So, good luck with VTUN, Manuel!
By the way, here I use two independent VTUN tunnels (say: left-side and
right-side) on the same internet link between two sites, with computer A
acting as server for the left-side tunnel and client for the right-side
tunnel, while computer B acts as client for the left-side tunnel and
server for the right-side tunnels. Both computers sport two interfaces
for the local networks (one interface per network) plus one interface
for the internet connection. Works great!
Bye!
Norman. sysad...@csur.ca
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Vtun-Users mailing list
Vtun-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vtun-users
