Re: [Govpn-devel] build from last tarball

public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed

From: stargrave@stargrave•org
To: berber.it@gmail•com
Cc: jackalsh@gmail•com, govpn-devel@lists.cypherpunks.ru
Subject: Re: [Govpn-devel] build from last tarball
Date: Thu, 28 Jan 2016 17:20:46 +0300	[thread overview]
Message-ID: <20160128142046.XZEWulyOa%stargrave@stargrave.org> (raw)
In-Reply-To: <CAKw30nqA_NZiBR3=vxRE6C_1Js=MEaXpYmZ9B+PYYn9BGMfyAw@mail.gmail.com>

Greetings!

*** Alan Holt <berber.it@gmail•com> [Thu, 28 Jan 2016 15:39:57 +0200]:
>Where br0 should be bridge.
>tap_alan for user alan.
>tap_jack for user jack.

The main mistake that bridge is layer 2 thing, so it is not related to
routing. Bridge is like Ethernet switch, like Ethernet hub. Adding
interface to bridge is lake a plugging another Ethernet cable to the
switch. So, if you just want to make two clients "see" each other: then
you just add their TAP interfaces to the bridge and that is all -- no
routing or IPv4/IPv6 address adding is needed.

When I used GNU/Linux for the last time, I did not know about "ip link
set mode" and "ip link set master" commands. That is why I just not sure
about them. I have get some RedHat GNU/Linux and creating tap interfaces
and adding them to the bridge goes like this:

[root@android-55c141cf9c0088ac ~]# brctl addbr br0
[root@android-55c141cf9c0088ac ~]# tunctl
Set 'tap0' persistent and owned by uid 0
[root@android-55c141cf9c0088ac ~]# tunctl
Set 'tap1' persistent and owned by uid 0
[root@android-55c141cf9c0088ac ~]# brctl addif br0 tap0
[root@android-55c141cf9c0088ac ~]# brctl addif br0 tap1
[root@android-55c141cf9c0088ac ~]# brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.5295922bc262       no              tap0
                                                        tap1
[root@android-55c141cf9c0088ac ~]# ifconfig br0
br0       Link encap:Ethernet  HWaddr 52:95:92:2B:C2:62
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
[root@android-55c141cf9c0088ac ~]# ip link
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
    link/ether 52:95:92:2b:c2:62 brd ff:ff:ff:ff:ff:ff
4: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 500
    link/ether 52:95:92:2b:c2:62 brd ff:ff:ff:ff:ff:ff
5: tap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 500
    link/ether 8a:65:bf:0c:f6:7f brd ff:ff:ff:ff:ff:ff

Pay attention that neither ifconfig, nor ip link shows that br0 has
tap0/tap1. Maybe I have got an outdated versions, but brctl was the
native tool. I mean that I am not sure that "ip link set master" works
like brctl addif.

So, in your case I would check "brctl show br0" output and be sure that
tap interfaces are bridged. If user_alex set 172.16.0.1 on one side, and
user_jack set 172.16.0.2 on his side, then they should be able to ping
themselves through the server -- and no IP-configuration on it is
needed neither on br0, nor on tap interfaces. This is Layer2, not
Layer3!

If you want to interact with the server too, then you must set an IP
address (ifconfig br0 inet 172.16.0.5/24) only on br0 interface, without
touching tap-interfaces.

Sorry for repeating again :-), but: bridge interfaces are like Ethernet
switches: you just plug interfaces to it, like with physical Internet.
Switch does not know anything about routing, addresses, IP, IPX or
whatever packets, but all plugged cables/interfaces can work and
communicate transparently together.

And I am not sure how routing in that case:

*br0*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.5*  netmask 255.255.255.255  broadcast 0.0.0.0
*tap_alan*:
        inet *172.16.0.2*  netmask 255.255.255.0  broadcast 0.0.0.0
*tap_jack*: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1432
        inet *172.16.0.1*  netmask 255.255.255.0  broadcast 0.0.0.0

should work. There are three interfaces with the same 172.16.0.0/24
subnet. On what interface should the host send the packet? Any routing
related (addresses) configuration should be done on bridge interface
only.

-- 
Happy hacking, Sergey Matveev

next prev parent reply	other threads:[~2016-01-28 14:21 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-13  7:59 [Govpn-devel] build from last tarball Alan Holt
2015-05-13  8:47 ` stargrave
2015-05-13  9:00   ` Alan Holt
2015-05-13  9:36     ` stargrave
2015-05-13 10:01       ` Alan Holt
2015-05-13 10:14         ` stargrave
2015-05-13 10:52           ` Alan Holt
2015-05-13 11:41             ` stargrave
2015-05-13 13:31               ` Alan Holt
2015-05-13 13:47                 ` Alan Holt
2015-05-13 14:09                   ` stargrave
2015-05-13 14:55                     ` Alan Holt
2015-05-13 16:52                       ` stargrave
2015-05-14  8:30                         ` Alan Holt
2015-05-14  9:22                           ` Alan Holt
2015-05-14 12:34                             ` stargrave
2015-05-14 13:25                           ` stargrave
2015-05-14 13:32                             ` Alan Holt
2015-05-14 14:11                               ` stargrave
2016-01-19 19:04                                 ` Alan Holt
2016-01-19 22:08                                   ` stargrave
2016-01-19 22:58                                     ` Alan Holt
2016-01-20  7:53                                       ` stargrave
2016-01-21  9:43                                       ` stargrave
2016-01-28 10:26                                         ` Alan Holt
2016-01-28 10:46                                           ` stargrave
2016-01-28 13:39                                             ` Alan Holt
2016-01-28 14:20                                               ` stargrave [this message]
2015-05-13 14:06                 ` stargrave