Home stretch on new network - if_bridge looking better

[Chris Turner]

On 02/24/11 11:50, Matthew Dillon wrote:

	http://apollo-vc.backplane.com/DFlyMisc/bridge1.txt
	http://apollo-vc.backplane.com/DFlyMisc/bridge2.txt
So - reading over this - is it correct that the setup is roughly like:

- assign a local interface (lan0) to a network
- add this network to the bridge
- create openvpn 'bridged' mode tunnels
- add these to the bridge
so the L2 bridge / STP will 'map' according to the state of
the ethernet bridging, which in turn relates to the openvpn tunnel
state?
Without diverging any security sensitive whatnot,
Is the VPN tunnel created to the ISP or to say, the colo space?
(I'd assume the latter)
Have been working on my own openvpn (routing mode) fun to a pair
of VPS's as well over the last few days so this is of interest :D
also - I note in the "bridge2.txt" file you 'cd /usr/pkg/etc/openvpn'
before running - is this so openvpn can find the config files?
if so - to note, you can add a 'cd /path/to/configdir' within the
config files..
also - assuming you have statics on both end of the tunnels -
why did you choose openvpn ethernet bridging over say IP layer + ipsec?
(or even openvpn 'routing' mode) with something like OSPF or similar
and - do you have hw crypto cards on either endpoint?

(my soekris 486 gets a little bogged down by the crypto, which is why I ask)

ok enough questions ;)

its definitely fun trying to convert consumer internet into a 'real 
connection' :D

- Chris

(from a gigabit LAN piggybacked on a sometimes 56k wifi link)