VPN / Bridge
Vulpes Velox
v.velox at vvelox.net
Sat Jan 28 15:49:21 PST 2006
On Tue, 24 Jan 2006 16:01:11 +0100
Bob Kersten <bob at fellownet.com> wrote:
> Hello,
>
> I've been trying to create a tunnel/bridge between two networks
> which both reside behind a FreeBSD router using NAT. I've achieved
> it using the handbook example in chapter 14.10. Clients on network
> A are able to ping clients on network B and clients on network A
> are able to map samba shares on the NAT box/gateway of network B.
> The example however uses two different subnets to route traffic
> between both networks. Unfortunately broadcasts will not travel
> through the tunnel which causes Apple's bonjour (called rendezvous
> earlier) not being able to discover clients on the other network.
>
> What I want to achieve is what I believe a bridge between both
> networks. The entire network A should be on the same subnet as
> network B:
>
> network A
> range 192.168.100.100 - 192.168.100.199 / 255.255.255.0
> |
> FreeBSD gateway A
> en1: IP: 192.168.100.101 / 255.255.255.0
> en0: public IP: 25.25.25.1
> |
> Internet
> |
> FreeBSD gateway B
> en0: public IP: 25.25.25.2
> en1: IP: 192.168.100.1 / 255.255.255.0
> |
> Network B
> range 192.168.100.1 - 192.168.100.99 / 255.255.255.0
>
> Using the example from the handbook there was no additional
> configuration necessary on the clients on both networks, the
> FreeBSD gateways handled all the necessary routing. It would be
> great if this new setup should also not require any additional
> settings on the clients aswell.
>
> Can anyone give me an example or the necessary steps to create
> this kind of VPN?
I would use openvpn. You need to select one to be a vpn server and
another to be a vpn client. You just create a basic vpn connection
that connect the two together. Then on each one add a route for that
points at the vpn address as the gateway for that subnet.
BTW the addressing is wrong there. You can't one one be
192.168.100.1-192.168.100.99 and the other be
192.168.100.100-192.168.100.199. The That netmask is not possible.
You can do a 28 bit netmask, which will give 126 address to play with
on both networks.
More information about the freebsd-questions
mailing list