From owner-freebsd-net Wed Feb 5 14:52:45 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0429C37B407 for ; Wed, 5 Feb 2003 14:52:44 -0800 (PST) Received: from smtp020.tiscali.dk (smtp020.tiscali.dk [212.54.64.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2A8243F85 for ; Wed, 5 Feb 2003 14:52:37 -0800 (PST) (envelope-from thomas@gielfeldt.dk) Received: from undercover (213.237.34.52.adsl.suoe.worldonline.dk [213.237.34.52]) by smtp020.tiscali.dk (8.12.5/8.12.5) with SMTP id h15MqVR7011720; Wed, 5 Feb 2003 23:52:31 +0100 (MET) Message-ID: <001c01c2cd69$4ff10190$7f01000a@undercover> From: "Thomas Gielfeldt" To: "Archie Cobbs" Cc: References: <200302051832.h15IWLCW058446@arch20m.dellroad.org> Subject: Re: MPD + NETGRAPH and BRIDGING Date: Wed, 5 Feb 2003 23:52:51 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > >Instead of using MPD, it might be simpler to bridge via UDP packets. > > >E.g. combine ng_bridge with ng_ksocket. You could secure this via IPSec. > > > > Okay, thanks. But won't I still have to use MPD? You see the reason I'm > > using MPD in the first place is to connect a windows client. I can see that > > W2K and WXP can use IPSec, but it still uses PPP as far as I remember. > > But does Windows PPP support PPP bridging? I didn't think so. > I believe that is irrelevant. The tun-device simulates two nics connected as far as I understand. Only the endpoint on the freebsd machine needs to be bridged, not the one on the client side. At least I can see all traffic on a tcpdump on the tun-device, even broadcasts. I would want mpd to handle the tunneling traffic for me, and then instead of sending the data to/from the tun-device (ng0), it could send it to an ethernet device (eg. tap0). That way I could not assign an ip-address to the tap-device, but use it for bridging instead. But perhaps what I'm suggesting is a hack? /Thomas > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message