X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=examples%2Fbridging.mdwn;h=239d1bf948bb5092883c2eca9acb199c49080f22;hb=HEAD;hp=c7c0d8f22cec026e34037f49c61d1b92ee2c39aa;hpb=13c2c7fa8d86e8543321a58ec30e7d4fb43053d9;p=wiki diff --git a/examples/bridging.mdwn b/examples/bridging.mdwn index c7c0d8f..239d1bf 100644 --- a/examples/bridging.mdwn +++ b/examples/bridging.mdwn @@ -43,49 +43,49 @@ a tinc VPN be contained within the same subnet (in this example, the subnet is 192.168.0.0/16). This is no different from the configuration that would be required if tinc was replaced with an actual switch or hub. -> host# brctl addbr bridge -> host# ifconfig bridge 192.168.10.20 netmask 255.255.0.0 -> -> host# ifconfig eth1 0.0.0.0 -> host# brctl addif bridge eth1 -> host# ifconfig eth1 up -> -> After starting tinc: -> -> host# brctl show -> bridge name bridge id STP enabled interfaces -> bridge 8000.005004003002 yes eth1 -> vpn -> -> host# ifconfig -> eth0 Link encap:Ethernet HWaddr 00:20:30:40:50:60 -> inet addr:123.234.123.42 Bcast:123.234.123.255 Mask:255.255.255.0 -> UP BROADCAST RUNNING MTU:1500 Metric:1 -> ... -> -> eth1 Link encap:Ethernet HWaddr 00:11:22:33:44:55 -> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -> ... -> -> lo Link encap:Local Loopback -> inet addr:127.0.0.1 Mask:255.0.0.0 -> UP LOOPBACK RUNNING MTU:3856 Metric:1 -> ... -> -> bridge Link encap:Ethernet HWaddr 00:11:22:33:44:55 -> inet addr:192.168.10.20 Bcast:192.168.255.255 Mask:255.255.0.0 -> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -> -> vpn Link encap:Ethernet HWaddr 00:11:22:33:44:55 -> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -> ... -> -> host# route -> Kernel IP routing table -> Destination Gateway Genmask Flags Metric Ref Use Iface -> 123.234.123.0 * 255.255.255.0 U 0 0 0 eth0 -> 192.168.0.0 * 255.255.0.0 U 0 0 0 bridge -> default 123.234.123.1 0.0.0.0 UG 0 0 0 eth0 + host# brctl addbr bridge + host# ifconfig bridge 192.168.10.20 netmask 255.255.0.0 + + host# ifconfig eth1 0.0.0.0 + host# brctl addif bridge eth1 + host# ifconfig eth1 up + + After starting tinc: + + host# brctl show + bridge name bridge id STP enabled interfaces + bridge 8000.005004003002 yes eth1 + vpn + + host# ifconfig + eth0 Link encap:Ethernet HWaddr 00:20:30:40:50:60 + inet addr:123.234.123.42 Bcast:123.234.123.255 Mask:255.255.255.0 + UP BROADCAST RUNNING MTU:1500 Metric:1 + ... + + eth1 Link encap:Ethernet HWaddr 00:11:22:33:44:55 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + ... + + lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + UP LOOPBACK RUNNING MTU:3856 Metric:1 + ... + + bridge Link encap:Ethernet HWaddr 00:11:22:33:44:55 + inet addr:192.168.10.20 Bcast:192.168.255.255 Mask:255.255.0.0 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + + vpn Link encap:Ethernet HWaddr 00:11:22:33:44:55 + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + ... + + host# route + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + 123.234.123.0 * 255.255.255.0 U 0 0 0 eth0 + 192.168.0.0 * 255.255.0.0 U 0 0 0 bridge + default 123.234.123.1 0.0.0.0 UG 0 0 0 eth0 ### Configuration of tinc @@ -96,32 +96,32 @@ mode, all packets are forwarded to the remote tinc instance. In switch mode, tinc maintains an ARP cache to determine whether any received packet should be forwarded to the remote tinc instance. -> host# cat /etc/tinc/vpn/tinc.conf -> Name = segment1 -> Mode = switch -> ConnectTo = segment2 -> -> host# cat /etc/tinc/vpn/tinc-up -> #!/bin/sh -> -> ifconfig $INTERFACE 0.0.0.0 -> brctl addif bridge $INTERFACE -> ifconfig $INTERFACE up -> -> host# ls /etc/tinc/vpn/hosts -> segment1 segment2 ... -> -> host# cat /etc/tinc/vpn/hosts/segment1 -> Address = 123.234.123.42 -> -----BEGIN RSA PUBLIC KEY----- -> ... -> -----END RSA PUBLIC KEY----- -> -> host# cat /etc/tinc/vpn/hosts/segment2 -> Address = 200.201.202.203 -> -----BEGIN RSA PUBLIC KEY----- -> ... -> -----END RSA PUBLIC KEY----- + host# cat /etc/tinc/vpn/tinc.conf + Name = segment1 + Mode = switch + ConnectTo = segment2 + + host# cat /etc/tinc/vpn/tinc-up + #!/bin/sh + + ifconfig $INTERFACE 0.0.0.0 + brctl addif bridge $INTERFACE + ifconfig $INTERFACE up + + host# ls /etc/tinc/vpn/hosts + segment1 segment2 ... + + host# cat /etc/tinc/vpn/hosts/segment1 + Address = 123.234.123.42 + -----BEGIN RSA PUBLIC KEY----- + ... + -----END RSA PUBLIC KEY----- + + host# cat /etc/tinc/vpn/hosts/segment2 + Address = 200.201.202.203 + -----BEGIN RSA PUBLIC KEY----- + ... + -----END RSA PUBLIC KEY----- ### Additional Configuration @@ -131,4 +131,4 @@ you will need to re-add the default route. If you want to be able to filter packets on your bridge interface, you will need to a kernel with [ebtables](http://ebtables.sourceforge.net/) support. More information For more information on Linux bridging, see the [bridge-utils -homepage](http://www.linuxfoundation.org/en/Net:Bridge). +homepage](http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge).