Help with 'switch' mode

Guus Sliepen guus at sliepen.eu.org
Mon Aug 25 09:28:51 CEST 2003 

On Sun, Aug 24, 2003 at 03:40:07PM -0700, Brian Costello wrote:

> I checked the documentation on
> http://tinc.nl.linux.org/examples/bridging and from that example, it
> appears to be a Linux system using 802.1d bridging.  However, I don't
> see any place in the documentation that tells you how to set that up
> under Linux (or any other OS for that matter) - there appears to be just
> that one page that gives any information about the switch setup.  If I
> ignored a document, could you please point it out to me?  Otherwise, I
> have a few questions:

There are no ignored documents.

> 1) Is the bridge device necessary - it was my understanding that the tap
> device was able to "see" frames like a pcap device, so I'd THINK it
> would be possible to perform the actions of a switch without the bridge
> device - that is, grab & forward ARP reqests & replies between networks,
> use that information to build a MAC table & use the MAC table to
> determine when to transmit traffic over the VPN.

The tap device doesn't work like a pcap device. It doesn't capture
packets from other network devices, it is a network device in itself.
You can think of it as an extra Ethernet card in your computer, except
that there is no UTP cable sticking out but tinc will handle all the
packets it sends/receives.

You don't have to use a bridge device, but then only traffic originating
from the computers running tinc will go via the VPN. If you have a real
Ethernet card in your computer and you want the LAN attached to it be
able to access the VPN, then you have to use the bridge to make a
"connection" between the real Ethernet interface and the virtual Ethernet
interface.

> 2) If the bridge device IS necessary, is an extra interface with no IP
> address assigned to it necessary?  By extra I mean do you need more than
> one interface on both bridge endpoints, and do both the interface This
> appears to be the case in the bridging example.

If you need to bridge, you always have two or more interfaces, all of
which should have their IP addresses removed. Only the bridge interface
will have an IP address.

> 3) Of course this whole project relies on whether or not tinc's switch
> mode can even do what I require - I assume it can properly pass packets
> from one network to another with their MAC addresses intact (like a
> switch) :)

Yes :)

> Here's the information on the two current networks:
[...]

Looks ok.


> From what the bridging doc says, it would seem like I should set eth0 on
> both tinc boxes to 0.0.0.0 and set the bridge running on each to the
> 10.3.x.1 IPs.  Would I also set the tinc-created tun/tap virtual
> interface to 0.0.0.0 as well?

Yes.

> Any hints, pointers to more in-depth resources (if the bridging document
> isn't the most representitive of all of the available options).

If it doesn't work the first time, just try out different things to get
a feeling for it.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20030825/566553d9/attachment.pgp

More information about the Tinc mailing list