setting up a bridge is rather complex, and if one only needs unicast IP traffic
to work, and broadcast or non-IP traffic is not a requirement, one can use the
[proxy ARP](http://en.wikipedia.org/wiki/Proxy_ARP) features of the operating
-instead.
+system instead.
Since we only use unicast IP traffic, proxy ARP works with both router and
switch mode.
### Configuration of tinc at the office
-> host# cat /etc/tinc/vpn/tinc.conf
-> Name = office
-> #Optional:
-> #Mode = switch
->
-> host# cat /etc/tinc/vpn/tinc-up
-> #!/bin/sh
->
-> ifconfig $INTERFACE 192.168.1.2 netmask 255.255.255.255
-> route add 192.168.1.123 dev $INTERFACE
-> echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
-> echo 1 >/proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp
->
-> host# ls /etc/tinc/vpn/hosts
-> office roadwarrior ...
->
-> host# cat /etc/tinc/vpn/hosts/office
-> Address = 123.234.123.42
-> Subnet = 192.168.1.0/24
-> -----BEGIN RSA PUBLIC KEY-----
-> ...
-> -----END RSA PUBLIC KEY-----
->
-> host# cat /etc/tinc/vpn/hosts/roadwarrior
-> Subnet = 192.168.1.123
-> -----BEGIN RSA PUBLIC KEY-----
-> ...
-> -----END RSA PUBLIC KEY-----
+ host# cat /etc/tinc/vpn/tinc.conf
+ Name = office
+ #Optional:
+ #Mode = switch
+
+ host# cat /etc/tinc/vpn/tinc-up
+ #!/bin/sh
+
+ ifconfig $INTERFACE 192.168.1.2 netmask 255.255.255.255
+ route add 192.168.1.123 dev $INTERFACE
+ echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
+ echo 1 >/proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp
+
+ host# ls /etc/tinc/vpn/hosts
+ office roadwarrior ...
+
+ host# cat /etc/tinc/vpn/hosts/office
+ Address = 123.234.123.42
+ Subnet = 192.168.1.0/24
+ -----BEGIN RSA PUBLIC KEY-----
+ ...
+ -----END RSA PUBLIC KEY-----
+
+ host# cat /etc/tinc/vpn/hosts/roadwarrior
+ Subnet = 192.168.1.123
+ -----BEGIN RSA PUBLIC KEY-----
+ ...
+ -----END RSA PUBLIC KEY-----
### Configuration of tinc at the road warrior
-> host# cat /etc/tinc/vpn/tinc.conf
-> Name = roadwarrior
-> #Optional:
-> #Mode = switch
->
-> host# cat /etc/tinc/vpn/tinc-up
-> #!/bin/sh
->
-> ifconfig $INTERFACE 192.168.1.123 netmask 255.255.255.0
+ host# cat /etc/tinc/vpn/tinc.conf
+ Name = roadwarrior
+ #Optional:
+ #Mode = switch
+
+ host# cat /etc/tinc/vpn/tinc-up
+ #!/bin/sh
+
+ ifconfig $INTERFACE 192.168.1.123 netmask 255.255.255.0
The host config files are, of course, identical to those on the office node.
necessary routes, remove the `route add` command from the `tinc-up` script, and
instead add this `subnet-up` script:
-> host# cat /etc/tinc/vpn/subnet-up
-> #!/bin/sh
-> [ "$NAME" = "$NODE" ] && exit 0
-> ip route replace $SUBNET dev $INTERFACE
+ host# cat /etc/tinc/vpn/subnet-up
+ #!/bin/sh
+ [ "$NAME" = "$NODE" ] && exit 0
+ ip route replace $SUBNET dev $INTERFACE