On 27/06/18 12:40, Jan Just Keijser wrote: > > On 27/06/18 09:30, free...@tango.lu wrote: >> Hello List, >> >> There is this issue bugging me since a long time and try to put a stop to it: >> >> [22444423.820856] br0: received packet on tap0 with own address as source >> address [...snip...] > > ouch, bridging on both sides is asking for trouble ...
Just echoing what JJK says. Do you _really_ need bridging? Bridging is mostly reasonable if you're doing non-IP based traffic. But otherwise, normal bridging (only one bridge on one side) is the recipe for a non-scaling setup once you start adding more clients to a bridged server. You're doing a far more complex bridging, which can kill the network performance on the VPN much easier. If not now, once the broadcast storms comes, you're doomed - unless you filter out broadcasts before it hits the TAP interfaces. Which them even makes TUN a more reasonable alternative regardless, as TAP is commonly used due to the layer 2 requirements where broadcasts appears as a side effect of the TCP/IPv4 protocols. So do you really need layer 2 and bridging, or can the same goal be achieved by standard IP based routing over TUN? I don't think I exaggerate too much with saying that bridging is commonly useful in 1 out of 1000 setups (and this estimate is probably even too high), as this is based on my own over 10 years of OpenVPN community involvement - where I've been on/off at times due to my own workload. Also ... iOS and Android devices does _not_ support TAP (that is a limitation in the VPN API on those OSes). The same will be true for the VPN API found in the Microsoft Universal Windows Platform (UWP). And the OpenVPN 3 code base does not support TAP, there are even no plans implementing this. We consider TUN + routing to be the future and to cover by far most of the needs of today's networking requirements. For those 1 of 1000 setups really needing TAP, OpenVPN 2.x will still be around for the foreseeable future anyhow. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
