bridging on debian stable endpoints - clarification
mooshii
mooshii at sympatico.ca
Thu Aug 31 19:16:35 CEST 2006
I would like to clarify the email I sent yesterday.
There are two ethernet segments in two different cities that I would
like to operate as one logical network. Both physical lans have a
switch/hub, a gateway with one external IP address that NATs traffic
and can port forward tinc ports to the internal debian stable machine
(where tinc is run), various client computers ('c' in the diagram
below) and the aforementioned debian/stable server ('ds' in the
diagram below).
Crude ASCII diagram:
hub --------------NAT-ing gateway -------------
INTERNET---------------NATing gateway--------------hub
/ / \
\
/ / \ \
| | |
|
| | | |
c c c
ds
c c c ds
I would like to forward UDP and possibly IPX between the two
networks, so I thought it was necessary to bridge the networks
together. The machines ('c' in the above diagram) that need to
communicate with each other will be assigned a common IP network for
UDP, and will send and receive all packets on the local segment,
completely ignorant that the machine it may be talking to is not
actually on the same physical ethernet segment.
Both debian/stable machines will bind the ethernet NIC and the VPN
tunnel (which connects the two debian/stable machines) to a bridge,
and route packets as necessary based on ethernet mac addresses.
This setup is like the example configuration on the tinc web page:
http://www.tinc-vpn.org/examples/bridging
and the two tinc daemons establish their connections (meta and data).
Both ends send out the proper packets on the vpn tunnel, and although
the data is received, it doesn't make it up the stack. tcpdump on
either end of the tunnel shows only outbound data.
It appears that the configuration is correct, but the daemon is at
fault. Specifically, it appears to be a known issue with tinc 1.0.3,
and the solution is to move to 1.0.4:
http://brouwer.uvt.nl/pipermail/tinc/2006-January/001497.html
Unfortunately that version is not available in debian/stable.
I'm looking for solutions to 'port' the tinc 1.0.4 daemon to debian/
stable, or use a different tool to achieve the same objective (which
is to logically link/bridge the two segments together).
Anyone have any thoughts on the matter?
Thanks,
Christian.
More information about the tinc
mailing list