VPN / Bridge

Vulpes Velox v.velox at vvelox.net
Sat Jan 28 15:49:21 PST 2006

On Tue, 24 Jan 2006 16:01:11 +0100
Bob Kersten <bob at fellownet.com> wrote:

> Hello,
> I've been trying to create a tunnel/bridge between two networks
> which both reside behind a FreeBSD router using NAT. I've achieved
> it using the handbook example in chapter 14.10. Clients on network
> A are able to ping clients on network B and clients on network A
> are able to map samba shares on the NAT box/gateway of network B.
> The example however uses two different subnets to route traffic
> between both networks. Unfortunately broadcasts will not travel
> through the tunnel which causes Apple's bonjour (called rendezvous
> earlier) not being able to discover clients on the other network.
> What I want to achieve is what I believe a bridge between both  
> networks. The entire network A should be on the same subnet as  
> network B:
> network A
> range - /
>    |
> FreeBSD gateway A
> en1: IP: /
> en0: public IP:
>    |
> Internet
>    |
> FreeBSD gateway B
> en0: public IP:
> en1: IP: /
>    |
> Network B
> range - /
> Using the example from the handbook there was no additional  
> configuration necessary on the clients on both networks, the
> FreeBSD gateways handled all the necessary routing. It would be
> great if this new setup should also not require any additional
> settings on the clients aswell.
> Can anyone give me an example or the necessary steps to create
> this kind of VPN?

I would use openvpn. You need to select one to be a vpn server and
another to be a vpn client. You just create a basic vpn connection
that connect the two together. Then on each one add a route for that
points at the vpn address as the gateway for that subnet.

BTW the addressing is wrong there. You can't one one be and the other be The That netmask is not possible.
You can do a 28 bit netmask, which will give 126 address to play with
on both networks.

