Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Transparent firewall thru OpenVPN site-to-site?

    OpenVPN
    3
    6
    1505
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      francescos last edited by

      I have the site-to-site OpenVPN connection working but I also want to make the remote site use the same IP addresses as the main site as if they are on the same network. Is this possible?

      Couldn't find any info on this topic.

      1 Reply Last reply Reply Quote 0
      • T
        tbaror last edited by

        Hi
        I don't think its possible since its have to go trough tunnel routing and bridge is the config you desire , i don't see what you benefit with such config
        In contrary you can gain lots troubles in my opinion  with such config lie broadcast storms ,in case one site will be infected with such broadcast worm both site could be infect very rapidly
        hope its answer your question
        Regards

        1 Reply Last reply Reply Quote 0
        • F
          francescos last edited by

          The benefit would be to have computers on both sides use one subnet and appear as one network. I can then configure devices on the remote site with that subnet and eventually move the devices from the main site over to the remote site.

          1 Reply Last reply Reply Quote 0
          • T
            tbaror last edited by

            @francescos:

            The benefit would be to have computers on both sides use one subnet and appear as one network. I can then configure devices on the remote site with that subnet and eventually move the devices from the main site over to the remote site.

            Hi,

            Still not convinced ;) , yet i didn't understand

            move the devices from the main site over to the remote site

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              You can use "tap" mode on your OpenVPN. That will make a bridge. IMHO, there is not that much benefit to a bridge:
              a) Users can browse for network resources as if they were on the LAN (they don't have to already know the names of servers…); and
              b) As you say, you can setup a whole system at the main site, including static IP and test it, then send it to the remote site without having to change anything. (but these days most things use DHCP, so they will happily be handed a suitable IP address anyway when connected at another site)
              Disadvantage: broadcast traffic across the OpenVPN.
              I find that most users end up using a couple of servers/printers/... across the OpenVPN and the names of those resources are soon well known to them. They map drives, have desktop shortcuts, whatever. They don't actually need (a) - browsing of network resources.
              I have always use "tun" (tunnel) mode, for what its worth.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • F
                francescos last edited by

                Itried switching to tap but get this error:

                openvpn[5474]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post