Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Bridged VPN scenario descriptions. #1749

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Bridged VPN scenario descriptions. #1749

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 43 additions & 2 deletions xml/security_vpnserver.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -264,12 +264,53 @@ cd /etc/openvpn
<para>
Bridging is a more complex solution. It is recommended when you need
to browse Windows file shares across the VPN without setting up a
Samba or WINS server. Bridged VPN is also needed to use
non-IP protocols (such as IPX) or applications relying on network
Samba or WINS server. Bridged VPN uses network TAP devices, that
simulate a link layer between the VPN endpoints and operate in layer
2 carrying Ethernet frames. This makes it possible to use non-IP
protocols (such as IPX) or applications relying on network
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes it possible to use non-IP protocols such as IPX or applications (i know this is existing content , if you can please make this change)

broadcasts. However, it is less efficient than routed VPN. Another
disadvantage is that it does not scale well. This scenario is
depicted in the following figures.
</para>

<variablelist>
<varlistentry>
<term>Scenario 1</term>
<listitem>
<para>
The TAP devices are only available on the VPN endpoints
themselves. Layer 2 VPN traffic comes only directly from the
Server (Machine 1) side or the Client (Machine 2).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Scenario 2</term>
<listitem>
<para>
The TAP device <systemitem>tap0</systemitem> on the Server
(Machine 1) side is bridged to the <systemitem>eth1</systemitem>
network interface connected to LAN 1. Layer 2 traffic reaching
<systemitem>tap0</systemitem> via the bridge
<systemitem>br0</systemitem> will be forwarded via the VPN bridge
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please rephrase , will be to is forwarded

to the Client (Machine 2) system.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Scenario 3</term>
<listitem>
<para>
On both sides, the Server (Machine 1) and Client (Machine 2), the
TAP device <systemitem>tap0</systemitem> is bridged to a local
network interface <systemitem>eth1</systemitem>. Layer 2 traffic
from the client network LAN 2 will be forwarded to the server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is forwarded

network LAN 1 and vice versa.
</para>
</listitem>
</varlistentry>
</variablelist>

<!--<example>
<title>Scenario 2</title>
<screen> [ machine2 (client) ]&#x2d;&#x2d;eth0&#x2d;&#x2d;&#x2d;&#x2d;&#x2d;&#x2d;&#x2d;>[switch/router]->..
Expand Down