trunk-tap.py - Script to bridge VLANs over a tinc vpn bridge

Alexander Schreiber schreiberstein at gmail.com
Sun Oct 22 17:23:09 CEST 2017 

Hello,

I have been using tinc for quite a while now and am very pleased with it.
Thanks a lot to everyone involved in the project!

I am running a VMware ESXi server in a datacenter that provides some services for me.
The virtual machines are connected with different networks running on separated VLANs using VMware vSphere port groups.
In order to use the services from my home network, I had the idea to set-up a tinc vpn bridge connection (Mode=Switch) between a VM (exposed to a port group that has access to all VLANs (4095)) and my home router.
That way, I could simply transport the VLANs over the TAP tunnel, bridge them to my ethernet adapter, attach it to my managed switch and then use the GUI of my switch to choose which VLAN to use for which port.
This process is completely transparent to the clients in the network.
I stumbled accros this thread from 2010 which confirmed to me that it was indeed possible to build a setup like this.
https://www.tinc-vpn.org/pipermail/tinc/2010-March/002263.html <https://www.tinc-vpn.org/pipermail/tinc/2010-March/002263.html>

                              (TINC VPN / OpenVPN)
 -------- SITE 1 -------                                -------- SITE 2 -------
 eth1.100 <-> trunk0.100 <--\   ################   /--> trunk0.100 <-> eth1.100
 eth1.105 <-> trunk0.105 <--->> ---TAP-TUNNEL--- <<---> trunk0.105 <-> eth1.105
 eth1.110 <-> trunk0.110 <--/   ################   \--> trunk0.110 <-> eth1.110

In order to not end up with a messy, hard-to-maintain configuration, I wrote a simple Python script for Linux (invokes iproute2 commands) to create all necessary interfaces and bridge them.
It seamlessly integrates with tinc's tinc-up, tinc-down scripts and worked reliably for me.
This might not be the most professional approach to this, but it certainly is one that "gets the job done".

I thought the script might be useful to someone in the community. Hence I decided to share it here. That way, it might be found by someone who is interested in this kind of setup.


https://github.com/schreiberstein/trunk-tap.py <https://github.com/schreiberstein/trunk-tap.py>


Best regards
Alexander Schreiber



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171022/c9b3b4e8/attachment.html>

More information about the tinc mailing list