VPN / Bridge

Vulpes Velox v.velox at vvelox.net
Sat Jan 28 15:49:21 PST 2006 

On Tue, 24 Jan 2006 16:01:11 +0100
Bob Kersten <bob at fellownet.com> wrote:

> Hello,
> 
> I've been trying to create a tunnel/bridge between two networks
> which both reside behind a FreeBSD router using NAT. I've achieved
> it using the handbook example in chapter 14.10. Clients on network
> A are able to ping clients on network B and clients on network A
> are able to map samba shares on the NAT box/gateway of network B.
> The example however uses two different subnets to route traffic
> between both networks. Unfortunately broadcasts will not travel
> through the tunnel which causes Apple's bonjour (called rendezvous
> earlier) not being able to discover clients on the other network.
> 
> What I want to achieve is what I believe a bridge between both  
> networks. The entire network A should be on the same subnet as  
> network B:
> 
> network A
> range 192.168.100.100 - 192.168.100.199 / 255.255.255.0
>    |
> FreeBSD gateway A
> en1: IP: 192.168.100.101 / 255.255.255.0
> en0: public IP: 25.25.25.1
>    |
> Internet
>    |
> FreeBSD gateway B
> en0: public IP: 25.25.25.2
> en1: IP: 192.168.100.1 / 255.255.255.0
>    |
> Network B
> range 192.168.100.1 - 192.168.100.99 / 255.255.255.0
> 
> Using the example from the handbook there was no additional  
> configuration necessary on the clients on both networks, the
> FreeBSD gateways handled all the necessary routing. It would be
> great if this new setup should also not require any additional
> settings on the clients aswell.
> 
> Can anyone give me an example or the necessary steps to create
> this kind of VPN?

I would use openvpn. You need to select one to be a vpn server and
another to be a vpn client. You just create a basic vpn connection
that connect the two together. Then on each one add a route for that
points at the vpn address as the gateway for that subnet.

BTW the addressing is wrong there. You can't one one be
192.168.100.1-192.168.100.99 and the other be
192.168.100.100-192.168.100.199. The That netmask is not possible.
You can do a 28 bit netmask, which will give 126 address to play with
on both networks.

More information about the freebsd-questions mailing list