[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openvpn restart - bridge loses tap0 interface

Bernd Aufrecht:
>> Can i ask why you are bridging a openvpn interface ?  why not route ?
> For security reasons. My wireless access point has only WEP and so i  
> have it connected to my second LAN Port on my home server. I then use  
> openvpn to connect from from my notebook and bridge into the my local 
> lan.

You could still achieve the same by routing. For the last few years I
had a similar setup, but with three address ranges:

- one for wired LAN
- one for wireless LAN (completely unencrypted, but firewalled on the
  routing AP)
- one range for OpenVPN.

What's nice about this is that you can still separate trusted wifi users
from LAN users.

But my setup was a bit weird because the OpenVPN server ran in the LAN
and I had to DNAT on the AP. Almost every time I wanted to change
something, I ran into routing problems.  That's why I dropped OpenVPN in
favor of WPA2. Now I still have two address ranges, but both of them are
"trusted". And since the AP is the default gateway for all clients, I
don't need to push static routes around anymore.

Fashion is more important to me than war, famine, disease or art.
[Agree]   [Disagree]

Attachment: signature.asc
Description: Digital signature

Reply to: