Can I pass 802.1q (VLAN tagged) through a VPN Tinc inHUB/Switch mode?.

Ramses II ramses.sevilla at gmail.com
Thu Mar 18 10:22:13 CET 2010 

Hi Guus and everybody,

The physical config:

VLAN1(U)--|   Switch                                  Switch   |-- VLAN1(U)
VLAN5(T)--|-- Trunk -- TincS-01 ---VPN--- TincS-02 -- Trunk  --|-- VLAN5(T)
VLAN10(T)-|   Port                                    Port     |-- VLAN10(T)

(U) = Untagged
(T) = Tagged

I don't say that Tinc can not work with 802.1q in switch mode, I say that I
don't know how to configure it in OpenWRT becouse the OpenWRT in the WRT54GL
work with sub-interfaces.

Because this, I have asked you if anybody have configured a similar
configuration in OpenWRT and WRG54GL.

The example that appear in the web work with two physical interfaces (eth0 -
External and eth1 - Internal).

I think that in this case, if I configure two vlans (VLAN5 - eth1.5 and
VLAN10 - eth1.10), as eth1 physical interface is into the bridge with the
tinc interface, all will work fine, isn't it?

But in my case, the External Interface is eth0.1, the VLAN5 is eth0.5 and
the VLAN10 is eth0.10, if I add to the bridge the eth0 physical interface, I
have the inbound interface and the outbound interface in the same bridge
and.... Do you know?

Does anyone have a silimar configuration with WRT54GL routers and OpenWRT
firmware?

Sorry by my bad inglish...


Best regards,

Ramses

-----Mensaje original-----
De: tinc-bounces at tinc-vpn.org [mailto:tinc-bounces at tinc-vpn.org] En nombre
de Guus Sliepen
Enviado el: lunes, 15 de marzo de 2010 0:03
Para: tinc at tinc-vpn.org
Asunto: Re: Can I pass 802.1q (VLAN tagged) through a VPN Tinc inHUB/Switch
mode?.

On Sun, Mar 14, 2010 at 10:19:27PM +0100, Ramses II wrote:

> Hi everybody again, I go on with the same problem.
> 
> I'll tell you again. I have the next configuration:
[...]

I'll also tell you again:

> > But maybe you should run tcpdump on eth0.0 on both sides to check what
> > happens when PCs in VLAN5 for example try to ping each other.  If no
side
> > sees any ping traffic on eth0.0, then the switch doesn't forward VLAN5
> > tagged packets to the router. If one sides sees ping traffic, but there
is
> > nothing on the other side, then perhaps something is wrong with tinc. If
> > you see packets on both sides, but there are only ping requests, no
> > responses, then, assuming PCs on both sides use the same subnet in
VLAN5, I
> > would guess it is still a problem with the switches.
> > 
> > If the problem still persists, perhaps you could run tcpdump on both
eth0.0
> > and tap0, capturing the full link-layer headers, and send me the results
so
> > I can have a look at what's happening in your setup?

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>

More information about the tinc mailing list