Can I pass 802.1q (VLAN tagged) through a VPN Tinc in HUB/Switch mode?.
Ramses II
ramses.sevilla at gmail.com
Sun Mar 14 22:19:27 CET 2010
Hi everybody again, I go on with the same problem.
I'll tell you again. I have the next configuration:
VLAN1(U)--| Switch Switch |-- VLAN1(U)
VLAN5(T)--|-- Trunk -- TincS-01 ---VPN--- TincS-02 -- Trunk --|-- VLAN5(T)
VLAN10(T)-| Port Port |-- VLAN10(T)
(U) = Untagged
(T) = Tagged
I do Ping between the PCs in VLAN1 but I can´t do Ping between the PCs in
VLAN5 or VLAN10, that both are tagged.
In both Tinc Servers, the VLAN5 has asociated to sub-interface eth0.5 and
the VLAN10 to the eth0.10.
Each server is connected to the other by the sub-interface eth0.1 (Internet
interface).
Both servers have installed Openwrt firmware.
I have this config in both servers:
--------------
root at RT-VPN-01:/# cat /etc/tinc/tinc.conf Name = Central (in the other
Server - SedeA) Device = /dev/net/tun Mode = switch ConnectTo = SedeA (in
the other Server - Central)
--------------
--------------
root at RT-VPN-01:/# cat /etc/tinc/tinc-up
#!/bin/sh
ifconfig $INTERFACE 0.0.0.0
brctl addif br-lan $INTERFACE
ifconfig $INTERFACE up
---------------
In the bridge I have:
--------------
root at RT-VPN-01:/# brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.00259c63fbdf no eth0.0
tap0
--------------
So, can you tell me what can i do to pass the VLAN5 and VLAN10 through the
Tinc tunel?
I know I'm close but can not find the solution.
Regards,
Ramses
> -----Mensaje original-----
> De: Guus Sliepen [mailto:guus at tinc-vpn.org]
> Enviado el: miércoles, 24 de febrero de 2010 14:58
> Para: Ramses II
> CC: jagm at multico.es
> Asunto: Re: Can I pass 802.1q (VLAN tagged) through a VPN Tinc in
> HUB/Switch mode?.
>
> On Wed, Feb 24, 2010 at 01:01:33PM +0100, Ramses II wrote:
>
> > Don't you know the Linksys WRT54GL router?
> >
> > This is the internal architecture:
> >
> > http://garycourt.com/wp-
> content/images/WRT54_sw2_internal_architecture.png
>
> Yes, I know about this architecture, which is used in many routers by the
> way.
> I do not know the details of every router though :)
>
> > It only have a fisical interface eth0 and two subinterfaces eth0.0 (LAN)
> and
> > eth0.1 (WAN).
> >
> > I can do this with it?
>
> I see. Yes, in that case you should probably bridge with eth0.0. Anyway,
> tinc
> handles untagged and tagged packets in exactly the same way, because in
> Switch
> mode it will only look at the source and destination MAC address, not at
> the
> rest of the packet. But maybe you should run tcpdump on eth0.0 on both
> sides to
> check what happens when PCs in VLAN5 for example try to ping each other.
> If no
> side sees any ping traffic on eth0.0, then the switch doesn't forward
> VLAN5
> tagged packets to the router. If one sides sees ping traffic, but there is
> nothing on the other side, then perhaps something is wrong with tinc. If
> you
> see packets on both sides, but there are only ping requests, no responses,
> then, assuming PCs on both sides use the same subnet in VLAN5, I would
> guess it
> is still a problem with the switches.
>
> If the problem still persists, perhaps you could run tcpdump on both
> eth0.0 and
> tap0, capturing the full link-layer headers, and send me the results so I
> can
> have a look at what's happening in your setup?
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
More information about the tinc
mailing list