intel wifi and bridging - have u done it?

Rob Townley rob.townley at gmail.com
Fri Feb 5 03:16:40 CET 2010


On Thu, Feb 4, 2010 at 6:18 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Fri, Feb 05, 2010 at 12:56:02AM +0100, Sven-Haegar Koch wrote:
>
>> > changed mode from router to switch on 2 Linux and 2 WinXP nodes.
>> > configured Linux bridging per the website and that worked for
>> > hardwired ethernet over cat5.
> [...]
>> Just bridging between a wifi interface in client mode (connected to an
>> AP as a client) and another interface (nothing tinc related, the
>> same goes for ethernet) does not work.
>>
>> An accesspoint accepts only packets from mac addresses that have
>> registered with it before (association+authentication).
>
> Indeed, this is mostly true, but there are cards that can sniff packets from
> other wireless cards, which would allow this to work.
>
>> Possible workarounds are things like mac-address-spoofing/replacing or
>> proxy-arp, but thats a not so trivial setup.
>
> On Linux, proxy-ARP is rather trivial to set up:
>
> echo 1 >/proc/sys/net/ipv4/conf/all/proxy_arp
> echo 1 >/proc/sys/net/ipv6/conf/all/proxy_ndp
>
> But on Windows, I wouldn't know how to do it.
>
>> > For the wifi wireless xp clients, i didnt have any luck.  Maybe i did
>> > something wrong, but it seems so easy to create a bridge in xp.  highlight
>> > 2 or more nics,  right click and choose bridge.  Did it numerous tmes years
>> > ago, but not sure w wifi.
>
> Do you really need to bridge on the XP clients? This is only necessary if they
> need to forward packets from the VPN to their LAN. If that is not necessary,
> then you don't need to bridge at all.


The XP clients are mobile TabletPCs that when connected _wirelessly_
are on a physically separate ethernet segment NATted behind a separate
internet IP address.  When connected by Cat5 ethernet, the wireless is
automatically disconnected at the BIOS level and they are on the same
hardwired ethernet segment as the server.

So yes Guus, normally mobile PCs should not have to forward packets
from non tinc nodes on their ethernet segment to the other ethernet
segment.  However, we were hoping to use some of the wireless clients
as connectors for expensive medical equipment running vxworks, Win95,
Win98, Win2000.  By the way, tinc should still install and work on
Win2000, right?  i noticed Win2000 was removed, now it just says XP,
Vista, 7.

So if tinc.conf has mode=switch, it does not mean that clients network
interfaces have-to-have bridging enabled.
Just the nodes at boundaries have-to-have bridging enabled.
That is really good news because now i do not have to connect the
hardwired cat5 ethernet into the bridge as well.

i was told that all tinc nodes must have the same mode.  Mixing of
nodes seems to work for me, now.  i have "router" nodes talking to
"switch" nodes.


I removed the subnet entries from the host files.
Currently, tinc-up has tinc 5.0.0.0/8 ip addresses.
Can i leave those tinc ip's in while in switch mode or do i have to them out?
Can i leave them in for the nodes that are in switch mode and bridged?

>
> --
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAktrY74ACgkQAxLow12M2nveMACfSPjuDcz3GaFYXkzx/fsXSk0k
> EAUAoJfwqDnFS8eG91jlAUWd2ay3Cy7e
> =dSi+
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>


More information about the tinc mailing list