Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
OpenVPN Layer 2 problems [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dinominant
Tux's lil' helper
Tux's lil' helper


Joined: 27 Oct 2006
Posts: 79

PostPosted: Thu Jan 02, 2014 4:36 pm    Post subject: OpenVPN Layer 2 problems [solved] Reply with quote

I've setup a layer-2 tunnel between two sites. On each end is the router/VPN end-point. Each router will perform NAT so the systems behind it can access the internet, and will bridge the two remote sites. I would prefer a layer 3 tunnel with a different subnet at each site, but this project requires a layer 2 tunnel.

I've setup OpenVPN as a point-to-point tunnel with a tap0 device on each box. The eth0 device on each box goes to the internet, and the eth1 device is promiscuous and bridged with the tap0 device. The br0 device has the internal IP:

br0(eth1,tap0)--[SITE-A]--eth0----internet----eth0--[SITE-B]--br0(eth1,tap0)


The tunnel works, I can ping and access systems on both sides from both sides. BUT I get ~50% packet loss. It seems that the two bridges are learning the MAC addresses wrong and it's causing packet loss until the MAC's are re-learnt on the correct side of the bridge. For example, a physical computer at SITE-A is learnt by br0 on the eth1 port (which is great because that works). But then later on it re-learns that same MAC on tap0 which causes packet loss until it relearns it again later on.

I have tried disabling STP on one and both bridges at both sites and I am very confident I don't have any network loops because SITE-B is running on VMware while SITE-A a remote office. The VMware site has only 1 layer-2 path to SITE-B: via the OpenVPN tunnel. I am out of ideas on how to solve this problem Any suggestions wold be welcome!
_________________
BTC: 18wdrw8sLtruvdwr5kB3RxbbxzjDeXUpRh
LTC: LYynwaSeBLb4gHaMnkB7NQ27H6wF3Fjyxo


Last edited by dinominant on Thu Jan 02, 2014 5:05 pm; edited 1 time in total
Back to top
View user's profile Send private message
dinominant
Tux's lil' helper
Tux's lil' helper


Joined: 27 Oct 2006
Posts: 79

PostPosted: Thu Jan 02, 2014 5:04 pm    Post subject: Reply with quote

I've moved the VMware side of the tunnel to a physical box instead of running it in a VM and that fixed the problem. VMware is doing something funny and causing the MAC addresses to be learnt on the wrong side of the bridge.
_________________
BTC: 18wdrw8sLtruvdwr5kB3RxbbxzjDeXUpRh
LTC: LYynwaSeBLb4gHaMnkB7NQ27H6wF3Fjyxo
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum