Bridging network interfaces on Windows 2000 Prof.
.
I know it's possible under XP, but W2K lacks this option.
There are any external or hiddent tools to enable bridging?
Thanks
Nimit Mehta
System Key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
\Parameters]
Value Name: IPEnableRouter
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
Change from 0 (default) to 1. Its not same as bridge, but
your purpose will be solved.
Regards
-Nimit
>.
>
.
Anyway, thanks for answering.
I need to bridge two interfaces together, in orden to make them work
with OpenVPN.
Routing won't do the trick, because the two interfaces will be under the
same subnet.
I've tried etherbrigde (
http://www.ntkernel.com/utilities/etherbridge.shtml ) with no success.
Any clues?
.
> Could you describe OpenVPN and why it needs this bridging? If it needs such
> a thing then that means it can only be used with XP of Server2003 which
> doesn't sound right to me. I am not familiar with OpenVPN, but if you can
> describe it well enough, may I can suggest something.
>
From OpenVPN's homepage ( http://openvpn.sourceforge.net/ ):
OpenVPN is an easy-to-use, robust, and highly configurable SSL VPN
(Virtual Private Network) daemon which can be used to securely link two
or more private networks using an encrypted tunnel over the internet
(examples) (quotes from users) (articles).
...
OpenVPN is an Open Source project and is licensed under the GPL.
With OpenVPN, you can:
* tunnel any IP subnetwork or virtual ethernet adapter over a
single UDP or TCP port,
* create cross-platform tunnels between any of the operating
systems supported by OpenVPN including Linux, Solaris, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Windows 2000/XP,
* configure a scalable, load-balanced VPN server farm using one or
more machines which can handle thousands of dynamic connections from
incoming VPN clients (OpenVPN 2.0),
* use all of the encryption, authentication, and certification
features of the OpenSSL library to protect your private network traffic
as it transits the internet,
* use any cipher, key size, or HMAC digest (for datagram
authentication) supported by the OpenSSL library,
* choose between static-key based conventional encryption or
certificate-based public key encryption,
* use static, pre-shared keys or TLS-based dynamic key exchange,
* use real-time adaptive link compression and traffic-shaping to
manage link bandwidth utilization,
* tunnel networks whose public endpoints are dynamic such as DHCP
or dial-in clients,
* tunnel networks through connection-oriented stateful firewalls
without having to use explicit firewall rules,
* tunnel networks over NAT, and
* create secure ethernet bridges using virtual tap devices.
.......
I'd like to create this kind of setup:
http://openvpn.sourceforge.net/INSTALL-win32.html , sections "Notes --
Ethernet bridging, Windows client, Linux Server" and "Notes -- Ethernet
bridging, with the bridge occurring on the Windows side."
.
> Well, I still don't see why it would need bridging. VPN actually joins two
> different subnets together so it would really be a routing issue, not
> bridging. Since this sounds like they have designed some type of
> proprietary product you probably have to contact the OpenVPN people to find
> out how they expect you to create an environment for it to function.
>
>
Thanks, Phillip and Nimit.
The main reason why i need bridging is that i want to join two remote
networks that are numbered in the very same way. Although there's no
dupe IPs.
By bridging those interfaces i can have the same IP address on the
virtual link and the ethernet card, which is very convenient in this
case, as i want to support eventual road-warriors which are normally
physically plugged on the remote network.
The server endpoint is running linux, and it just plays its role
perfectly. XP and Linux clients work fine, i had no problem setting up
OpenVPN on them by bridging virtual and physical interfaces. But... W2K
doesn't even have an option to bridge, and most of the clients have this
OS... thus my question.
Anyway, i've researched far enough, and i can state W2K simply won't
bridge. I'm looking for a workaround.
If anyone proves me wrong, i'll be happy to retract and pay all my
attention on his/her tips.
.
>
> Ok, I see. But remeber that VPN by nature has two subnets at a minimum and
> usually three or more. Remeber that the "Tunnel" itself represents one
> subnet in addition to the traffic that actually runs inside the tunnel.
> Normally it has 3 subnets because there is one subnet (typically Public) to
> create the Tunnel and then there are two (or more) Private subnets that
> communicate together through the tunnel.
>
>
I'm aware of that.
> With Server 2000 I don't know of a way to do it since the VPN interface is
> "virutal" and not physical. With Win2000 and older bridging had to be done
> with special physical NICs designed for this using software from the NIC
> Vendor to perform that task.
>
Hum... interesting. But i do not want to stick with a particular
hardware vendor, nor replace existing NICs, which for laptops is even
difficult/expensive.
> We have the same situation here where our main building (the TV Station) is
> joined to the State Capitol Building with a 56k Line that is bridged rather
> than routed because it is the same subnet on each side. It is done buy a
> couple of small appliances that are essentially a light-weight router setup
> to run as a "bridge". They are Ascend Pipeline-130's,... eventually "bought
> out" by Lucent Technologies. I don't know if they are even available
> anymore. There is no VPN involved at all in what we are doing with it.
>
> Perhaps you could do this with a pair of "low-end" routers set to function
> as "bridges". Maybe a pair of old Cisco 2501's you could pickup cheap on
> E-Bay?
>
It's quite unusual for a road-warrior to carry a full 19" 1U Cisco
router with him. I was looking for a software solution to the Windows
2000 lack of ethernet bridging capabilities.
Thanks for your time, anyway.
serverguy
"Phillip Windell" <@.> wrote in message
news:uAGftmTZ...@TK2MSFTNGP09.phx.gbl...
SNIP
> With Server 2000 I don't know of a way to do it since the VPN interface is
> "virutal" and not physical. With Win2000 and older bridging had to be done
> with special physical NICs designed for this using software from the NIC
> Vendor to perform that task.
Actually, Phillip, perhaps you are referring to "teaming" in which you
create a virtual "team" of nics using vendor specific drivers which allows
for fault tolerance, failover, network load-balancing. We generally
describe them as server nics as opposed to desktop or laptop nics. Teaming
has nothing to do with bridging or routing. Windows 2000 simply doesn't
support bridging; however, 2000 Server can do routing, which BTW does the
same thing as bridging, it's just more advanced. Best advice to the OP is
upgrade all the clients to XP Pro.