Discussion:
[Vtun-Users] Bridge over vtun
Manuel Padrón
2011-05-04 15:23:49 UTC
Permalink
Hi:

I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.

It's possible ? Someone did it?

Regards from Canary Islands
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
Telf.: +34 928 939 411 Fax: +34 928 939 343 email: ***@citec-sl.com
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
Norman Molhant
2011-05-05 01:09:07 UTC
Permalink
Hi Manuel!
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
Yes. Fairly easy. A little drawing explains a lot, so, here goes:

Two physical locations: SiteA and SiteB.

SiteA : part A of the network x.y.x.0/24
|
+-------o-------------------------------+
| |\port eth0 in promisc mode |
| | |
| |-bridge br0 |
| | |
| o-VTUN tap0 in promisc mode |
| |
| /port eth1 public IP = a.b.c.d |
+-------o-------------------------------+
| computer A
|
the internet
|
| computer B
+-------o-------------------------------+
| \port eth1 public IP = e.f.g.h |
| |
| o-VTUN tap0 in promisc mode |
| | |
| |-bridge br0 |
| | |
| |/port eth0 in promisc mode |
+-------o-------------------------------+
|
SiteB : part B of the network x.y.x.0/24

The idea is quite simple:

on SiteA, computer A has 2 ethernet ports:
- eth1 is connected (with public IP a.b.c.d) to the internet
- eth0 is connected (in promisc mode) to part A of the network
x.y.x.0/24
- bridge br0 includes eth0 and the tap (tap0) created by VTUN
in "ether" type, both with promisc=on
- computer A is configured as VTUN server

on SiteB, computer B has 2 ethernet ports:
- eth1 is connected (with public IP e.f.g.h) to the internet
- eth0 is connected (in promisc mode) to part B of the network
x.y.x.0/24
- bridge br0 includes eth0 and the tap (tap0) created by VTUN
in "ether" ether, both with promisc=on
- computer B is configured as VTUN client

For VTUN configuration details, the VTUN docs are relatively
clear. Anyway, I manage Debian systems, so here come the
/etc/default/vtun and /etc/vtund.conf files for both sites:

---- SiteA ----

#*** /etc/default/vtun

# Defaults for vtun initscript sourced by /etc/init.d/vtun

# Should the standalone server be started?
RUN_SERVER=yes
SERVER_ARGS="-P 5000"

#*** /etc/vtund.conf

# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2001 Maxim Krasnyansky <***@yahoo.com>
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link

options {
type stand;
bindaddr {
iface eth1;
};
}

default {
type ether;
# device tap; <<< this is always implied by "type ether", setting it causes problems
proto udp;
persist yes;
keepalive yes;
# compress lzo:1;
compress no;
encrypt no;
stat no;
speed 0;
}

### server-side tunnel BA between Client SiteB and Server SiteA (here)

BA {
passwd SomePassword;
up {
program /sbin/ip "link set up dev %%";
program /sbin/ip "addr add 0.0.0.0/0 dev %%";
program /usr/sbin/brctl "addif br0 %%";
};
down {
program /usr/sbin/brctl "delif br0 %%";
};
}

---- SiteB ----

#*** /etc/default/vtun

# Defaults for vtun initscript sourced by /etc/init.d/vtun

# Should the standalone server be started?
RUN_SERVER=no

# Client sessions to start.

# Session name
CLIENT0_NAME=BA
# Destination host
CLIENT0_HOST=a.b.c.d
# Optional parameters
CLIENT0_ARGS="-P 5000"

#*** /etc/vtund.conf

#
# VTun - Virtual Tunnel over TCP/IP network.
# Copyright (C) 1998-2001 Maxim Krasnyansky <***@yahoo.com>
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link

options {
type stand;
bindaddr {
iface eth1;
};
}

default {
type ether;
# device tap; <<< this is always implied by "type ether", setting it causes problems
proto udp;
persist yes;
keepalive yes;
# compress lzo:1; <<< no compression during debugging, please!
compress no;
encrypt no;
stat no;
speed 0;
}

### client-side tunnel BA between Client SiteB (here) and Server SiteA

BA {
passwd SomePassword;
up {
program /sbin/ip "link set up dev %%";
program /sbin/ip "addr add 0.0.0.0/0 dev %%";
program /usr/sbin/brctl "addif br0 %%";
};
down {
program /usr/sbin/brctl "delif br0 %%";
};
}

---- that's about it ----

So, good luck with VTUN, Manuel!

By the way, here I use two independent VTUN tunnels (say: left-side and
right-side) on the same internet link between two sites, with computer A
acting as server for the left-side tunnel and client for the right-side
tunnel, while computer B acts as client for the left-side tunnel and
server for the right-side tunnels. Both computers sport two interfaces
for the local networks (one interface per network) plus one interface
for the internet connection. Works great!

Bye!
Norman. ***@csur.ca
Manuel Padrón
2011-05-07 02:51:00 UTC
Permalink
Hi Norman

I've been triying to mount vtun but something is failling and I can't find it.

This is my scheme

SiteA : part A of the network 192.168.4.0/24
|
+-------o-------------------------------+
| |\port eth1 in promisc mode |
| | |
| |-bridge br0 |
| | |
| o-VTUN tap0 in promisc mode |
| |
| /port eth0 public IP = 192.168.2.2 |
+-------o-------------------------------+
| computer A
|
+-----------------------------------------
| \port eth1 192.168.2.1
|
| Stupid router machine that I can't change
|
| \port eth0 192.168.0.2
+-----------------------------------------
|
| computer B
+-------o-------------------------------+
| \port eth0 public IP = 192.168.0.2 |
| |
| o-VTUN tap0 in promisc mode |
| | |
| |-bridge br0 |
| | |
| |/port eth1 in promisc mode |
+-------o-------------------------------+
|
SiteB : part B of the network 192,168.4.0/24


Computer A and B are debian 5.0



The problem is that vtun establish the conection but I think that the
up part is not done (because there isn't br0 , tap0 is down, and eth1
still have an ip) So I did it manually

But still have the same problem... machines in the network 192.168.4.0
on both sides didn't see the other side

Looking eth1 stats information is reciving everything (from the
network) but it doesn't put on tap0

Any idea?


Thanks in advance
Post by Norman Molhant
Hi Manuel!
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
Two physical locations: SiteA and SiteB.
SiteA :    part A of the network x.y.x.0/24
                  |
          +-------o-------------------------------+
          |       |\port eth0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       o-VTUN tap0 in promisc mode     |
          |                                       |
          |        /port eth1 public IP = a.b.c.d |
          +-------o-------------------------------+
                  |             computer A
                  |
          the internet
                  |
                  |             computer B
          +-------o-------------------------------+
          |        \port eth1 public IP = e.f.g.h |
          |                                       |
          |       o-VTUN tap0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       |/port eth0 in promisc mode     |
          +-------o-------------------------------+
                  |
SiteB :    part B of the network x.y.x.0/24
 - eth1 is connected (with public IP a.b.c.d) to the internet
 - eth0 is connected (in promisc mode) to part A of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" type, both with promisc=on
 - computer A is configured as VTUN server
 - eth1 is connected (with public IP e.f.g.h) to the internet
 - eth0 is connected (in promisc mode) to part B of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" ether, both with promisc=on
 - computer B is configured as VTUN client
For VTUN configuration details, the VTUN docs are relatively
clear.  Anyway, I manage Debian systems, so here come the
---- SiteA ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=yes
SERVER_ARGS="-P 5000"
#*** /etc/vtund.conf
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### server-side tunnel BA between Client SiteB and Server SiteA (here)
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- SiteB ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=no
# Client sessions to start.
# Session name
CLIENT0_NAME=BA
# Destination host
CLIENT0_HOST=a.b.c.d
# Optional parameters
CLIENT0_ARGS="-P 5000"
#*** /etc/vtund.conf
#
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;   <<< no compression during debugging, please!
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### client-side tunnel BA between Client SiteB (here) and Server SiteA
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- that's about it ----
So, good luck with VTUN, Manuel!
By the way, here I use two independent VTUN tunnels (say: left-side and
right-side) on the same internet link between two sites, with computer A
acting as server for the left-side tunnel and client for the right-side
tunnel, while computer B acts as client for the left-side tunnel and
server for the right-side tunnels.  Both computers sport two interfaces
for the local networks (one interface per network) plus one interface
for the internet connection.  Works great!
Bye!
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
Telf.: +34 928 939 411 Fax: +34 928 939 343 email: ***@citec-sl.com
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
Manuel Padrón
2011-05-07 03:02:56 UTC
Permalink
Its seems that i forgot to get up br0 . Still don't work but now I can
see that eth1 from computer A recieves the trafic from a ping of a
computer on B side. It's seems to me something like eth1 don't send
the trafic that it receives.... Any idea what I forgot?
Post by Manuel Padrón
Hi Norman
I've been triying to mount vtun but something is failling and I can't find it.
This is my scheme
SiteA :    part A of the network 192.168.4.0/24
                  |
          +-------o-------------------------------+
           |       |\port eth1 in promisc mode     |
           |       |                               |
           |       |-bridge br0                    |
           |       |                               |
           |       o-VTUN tap0 in promisc mode     |
           |                                       |
           |        /port eth0 public IP = 192.168.2.2 |
          +-------o-------------------------------+
                  |             computer A
                  |
          +-----------------------------------------
           | \port eth1 192.168.2.1
           |
           | Stupid router machine that I can't change
           |
           | \port eth0 192.168.0.2
          +-----------------------------------------
                  |
                  |             computer B
          +-------o-------------------------------+
          |        \port eth0 public IP = 192.168.0.2 |
          |                                       |
          |       o-VTUN tap0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       |/port eth1 in promisc mode     |
          +-------o-------------------------------+
                  |
 SiteB :    part B of the network 192,168.4.0/24
Computer A and B are debian 5.0
The problem is that vtun establish the conection but I think that the
up part is not done (because there isn't br0 , tap0 is down, and eth1
still have an ip) So I did it manually
But still have the same problem... machines in the network 192.168.4.0
on both sides didn't see the other side
Looking eth1 stats information is reciving everything (from the
network) but it doesn't put on tap0
Any idea?
Thanks in advance
Post by Norman Molhant
Hi Manuel!
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
Two physical locations: SiteA and SiteB.
SiteA :    part A of the network x.y.x.0/24
                  |
          +-------o-------------------------------+
          |       |\port eth0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       o-VTUN tap0 in promisc mode     |
          |                                       |
          |        /port eth1 public IP = a.b.c.d |
          +-------o-------------------------------+
                  |             computer A
                  |
          the internet
                  |
                  |             computer B
          +-------o-------------------------------+
          |        \port eth1 public IP = e.f.g.h |
          |                                       |
          |       o-VTUN tap0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       |/port eth0 in promisc mode     |
          +-------o-------------------------------+
                  |
SiteB :    part B of the network x.y.x.0/24
 - eth1 is connected (with public IP a.b.c.d) to the internet
 - eth0 is connected (in promisc mode) to part A of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" type, both with promisc=on
 - computer A is configured as VTUN server
 - eth1 is connected (with public IP e.f.g.h) to the internet
 - eth0 is connected (in promisc mode) to part B of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" ether, both with promisc=on
 - computer B is configured as VTUN client
For VTUN configuration details, the VTUN docs are relatively
clear.  Anyway, I manage Debian systems, so here come the
---- SiteA ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=yes
SERVER_ARGS="-P 5000"
#*** /etc/vtund.conf
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### server-side tunnel BA between Client SiteB and Server SiteA (here)
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- SiteB ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=no
# Client sessions to start.
# Session name
CLIENT0_NAME=BA
# Destination host
CLIENT0_HOST=a.b.c.d
# Optional parameters
CLIENT0_ARGS="-P 5000"
#*** /etc/vtund.conf
#
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;   <<< no compression during debugging, please!
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### client-side tunnel BA between Client SiteB (here) and Server SiteA
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- that's about it ----
So, good luck with VTUN, Manuel!
By the way, here I use two independent VTUN tunnels (say: left-side and
right-side) on the same internet link between two sites, with computer A
acting as server for the left-side tunnel and client for the right-side
tunnel, while computer B acts as client for the left-side tunnel and
server for the right-side tunnels.  Both computers sport two interfaces
for the local networks (one interface per network) plus one interface
for the internet connection.  Works great!
Bye!
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
Telf.: +34 928 939 411 Fax: +34 928 939 343 email: ***@citec-sl.com
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
Manuel Padrón
2011-05-07 10:56:04 UTC
Permalink
Ok I got even more detail.

I can see that Site A recieves the arp packet from ping of Site B.
Even Site B machine answer to it with an arp reply but Computer B
didn't get the arp reply (even having eth1 in promisc mode)

Any idea?
Post by Manuel Padrón
Its seems that i forgot to get up br0 . Still don't work but now I can
see that eth1 from computer A recieves the trafic from a ping of a
computer on B side. It's seems to me something like eth1 don't send
the trafic that it receives.... Any idea what I forgot?
Post by Manuel Padrón
Hi Norman
I've been triying to mount vtun but something is failling and I can't find it.
This is my scheme
SiteA :    part A of the network 192.168.4.0/24
                  |
          +-------o-------------------------------+
           |       |\port eth1 in promisc mode     |
           |       |                               |
           |       |-bridge br0                    |
           |       |                               |
           |       o-VTUN tap0 in promisc mode     |
           |                                       |
           |        /port eth0 public IP = 192.168.2.2 |
          +-------o-------------------------------+
                  |             computer A
                  |
          +-----------------------------------------
           | \port eth1 192.168.2.1
           |
           | Stupid router machine that I can't change
           |
           | \port eth0 192.168.0.2
          +-----------------------------------------
                  |
                  |             computer B
          +-------o-------------------------------+
          |        \port eth0 public IP = 192.168.0.2 |
          |                                       |
          |       o-VTUN tap0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       |/port eth1 in promisc mode     |
          +-------o-------------------------------+
                  |
 SiteB :    part B of the network 192,168.4.0/24
Computer A and B are debian 5.0
The problem is that vtun establish the conection but I think that the
up part is not done (because there isn't br0 , tap0 is down, and eth1
still have an ip) So I did it manually
But still have the same problem... machines in the network 192.168.4.0
on both sides didn't see the other side
Looking eth1 stats information is reciving everything (from the
network) but it doesn't put on tap0
Any idea?
Thanks in advance
Post by Norman Molhant
Hi Manuel!
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
Two physical locations: SiteA and SiteB.
SiteA :    part A of the network x.y.x.0/24
                  |
          +-------o-------------------------------+
          |       |\port eth0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       o-VTUN tap0 in promisc mode     |
          |                                       |
          |        /port eth1 public IP = a.b.c.d |
          +-------o-------------------------------+
                  |             computer A
                  |
          the internet
                  |
                  |             computer B
          +-------o-------------------------------+
          |        \port eth1 public IP = e.f.g.h |
          |                                       |
          |       o-VTUN tap0 in promisc mode     |
          |       |                               |
          |       |-bridge br0                    |
          |       |                               |
          |       |/port eth0 in promisc mode     |
          +-------o-------------------------------+
                  |
SiteB :    part B of the network x.y.x.0/24
 - eth1 is connected (with public IP a.b.c.d) to the internet
 - eth0 is connected (in promisc mode) to part A of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" type, both with promisc=on
 - computer A is configured as VTUN server
 - eth1 is connected (with public IP e.f.g.h) to the internet
 - eth0 is connected (in promisc mode) to part B of the network
  x.y.x.0/24
 - bridge br0 includes eth0 and the tap (tap0) created by VTUN
  in "ether" ether, both with promisc=on
 - computer B is configured as VTUN client
For VTUN configuration details, the VTUN docs are relatively
clear.  Anyway, I manage Debian systems, so here come the
---- SiteA ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=yes
SERVER_ARGS="-P 5000"
#*** /etc/vtund.conf
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### server-side tunnel BA between Client SiteB and Server SiteA (here)
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- SiteB ----
#*** /etc/default/vtun
# Defaults for vtun initscript sourced by /etc/init.d/vtun
# Should the standalone server be started?
RUN_SERVER=no
# Client sessions to start.
# Session name
CLIENT0_NAME=BA
# Destination host
CLIENT0_HOST=a.b.c.d
# Optional parameters
CLIENT0_ARGS="-P 5000"
#*** /etc/vtund.conf
#
# VTun - Virtual Tunnel over TCP/IP network.
#
# interface 0 is a tunnelled bridge br0
# interface 1 is a physical point-to-point link
options {
 type stand;
 bindaddr {
   iface eth1;
 };
}
default {
 type ether;
#  device tap;  <<< this is always implied by "type ether", setting it causes problems
 proto udp;
 persist yes;
 keepalive yes;
#  compress lzo:1;   <<< no compression during debugging, please!
 compress no;
 encrypt no;
 stat no;
 speed 0;
}
### client-side tunnel BA between Client SiteB (here) and Server SiteA
BA {
 passwd SomePassword;
 up {
   program /sbin/ip "link set up dev %%";
   program /sbin/ip "addr add 0.0.0.0/0 dev %%";
   program /usr/sbin/brctl "addif br0 %%";
 };
 down {
   program /usr/sbin/brctl "delif br0 %%";
 };
}
---- that's about it ----
So, good luck with VTUN, Manuel!
By the way, here I use two independent VTUN tunnels (say: left-side and
right-side) on the same internet link between two sites, with computer A
acting as server for the left-side tunnel and client for the right-side
tunnel, while computer B acts as client for the left-side tunnel and
server for the right-side tunnels.  Both computers sport two interfaces
for the local networks (one interface per network) plus one interface
for the internet connection.  Works great!
Bye!
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
Telf.: +34 928 939 411 Fax: +34 928 939 343 email: ***@citec-sl.com
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
Vladimir N. Oleynik
2011-05-05 04:17:24 UTC
Permalink
Hi, Manuel.
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
For L3 is trivial. I use houses the IP address from a private network from work.
home { up { ifconfig "%% 10.X.Y.2 pointopoint 10.X.Y.1 mtu 1450"; }}
work { up { ifconfig "%% 10.X.Y.1 pointopoint 10.X.Y.2 mtu 1450";
program /sbin/arp "-sD 10.X.Y.2 eth0 pub"; } }

10.X.Y.0/24 is a LAN from work.
Is not L2 and without broadcast, but other L3 work fine.

This is vtund linux-specific, for example cisco (IPIP, GRE) and
MS Windows (openvpn) can not set IP for tunnels interface
eq local ethernet interface :(

PS: and my real mtu is 1480, I use my IP-header compressor for vtund :)


--w
vodz
Manuel Padrón
2011-05-05 07:06:28 UTC
Permalink
Thanks to all I'll try it
Post by Vladimir N. Oleynik
Hi, Manuel.
Post by Manuel Padrón
I would like to know if its posible to establish a bridge (of the same
network in two different physical locations) over internet using vtun.
It's possible ? Someone did it?
For L3 is trivial. I use houses the IP address from a private network from work.
home { up { ifconfig "%% 10.X.Y.2 pointopoint 10.X.Y.1 mtu 1450"; }}
work { up { ifconfig "%% 10.X.Y.1 pointopoint 10.X.Y.2 mtu 1450";
       program /sbin/arp "-sD 10.X.Y.2 eth0 pub"; } }
10.X.Y.0/24 is a LAN from work.
Is not L2 and without broadcast, but other L3 work fine.
This is vtund linux-specific, for example cisco (IPIP, GRE) and
MS Windows (openvpn) can not set IP for tunnels interface
eq local ethernet interface :(
PS: and my real mtu is 1480, I use my IP-header compressor for vtund :)
--w
vodz
--
Manuel Padrón Martínez
Administrador de Redes y Sistemas
.................................................................................................................
CITEC
Centro Canario de Tratamiento de la Información, S.L.
C/ Viera y Clavijo 34, 5ª Planta- 35002- Las Palmas de Gran Canaria - España
Telf.: +34 928 939 411 Fax: +34 928 939 343 email: ***@citec-sl.com
.................................................................................................................
Este mensaje y cualquier archivo adjunto al mismo son confidenciales y
atañe exclusivamente a las personas a las que va dirigido.  Si usted
no es el destinatario de este mensaje, considérese advertido de que lo
ha recibido por error y que cualquier uso, difusión o copia están
absolutamente prohibidos, recomendándole la comunicación de este hecho
a la siguiente dirección de e-mail del remitente. Asimismo, se le
advierte que toda la información personal contenida en este mensaje se
encuentra protegida por la Ley 15/1999, de 13 de Diciembre de
protección de datos de carácter personal, quedando totalmente
prohibido su uso y/o tratamiento, así como la cesión de aquella a
terceros al margen de lo dispuesto en la citada ley protectora de
datos personales y de su normativa de desarrollo.
Loading...