Re: openvpn question
On 8/24/13, Bob Proulx <bob@proulx.com> wrote:
> Gregory Nowak wrote:
>> Bob Proulx wrote:
>> > The device will still have an ethernet address whether you assigned
>> > one to it or not. It is not necessary for you to assign one since one
>> > has already been assigned by default. (From the vendor. Or in the
>> > case of virtual hardware from the software that created the
>> > simulation.)
>>
>> Uhhm, no.
>
> Uhm... Yes.
>
>> # ifconfig tun0
>> tun0 Link encap:UNSPEC HWaddr
>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>
> Silly bear! That is the tun device. Never tunnel the tun device.
>
>> The above is from the VPS, with the openvpn connection from the laptop
>> running. This is a tun device, which doesn't require a MAC address at
>> all to function as I understand it.
>
> Right. Which does not have anything to do with the way proxy arp is
> set up.
>
>> I thought this over again with my brain fresher in the afternoon than
>> it was last night, and you are right, it would work in this situation
>> as long as the tun device had a MAC address of course.
>
> Do not attempt to proxy arp the tunnel device. That way leads to madness.
Whether or not using proxy arp, I recommend using tap device. I
believe there is a little more overhead with tun (higher in the
stack), _especially_ given you want to forward everything, ie DNAT and
SNAT. tun buys nothing but overhead, compared to tap.
Change dev tun to dev tap in openvpn config.
Not sure why tun device is still useful - perhaps just for legacy clients?
Reply to: