Bernd Aufrecht: > >> Can i ask why you are bridging a openvpn interface ? why not route ? > > For security reasons. My wireless access point has only WEP and so i > have it connected to my second LAN Port on my home server. I then use > openvpn to connect from from my notebook and bridge into the my local > lan.
You could still achieve the same by routing. For the last few years I
had a similar setup, but with three address ranges:
- one for wired LAN
- one for wireless LAN (completely unencrypted, but firewalled on the
routing AP)
- one range for OpenVPN.
What's nice about this is that you can still separate trusted wifi users
from LAN users.
But my setup was a bit weird because the OpenVPN server ran in the LAN
and I had to DNAT on the AP. Almost every time I wanted to change
something, I ran into routing problems. That's why I dropped OpenVPN in
favor of WPA2. Now I still have two address ranges, but both of them are
"trusted". And since the AP is the default gateway for all clients, I
don't need to push static routes around anymore.
J.
--
Fashion is more important to me than war, famine, disease or art.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
