Bridging network interfaces on Windows 2000 Prof.

[.]

How can i bridge two interfaces together on W2k Prof.?
I know it's possible under XP, but W2K lacks this option.

There are any external or hiddent tools to enable bridging?

Thanks

 

[Nimit Mehta]

Registry Settings
System Key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
\Parameters]
Value Name: IPEnableRouter
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
Change from 0 (default) to 1. Its not same as bridge, but
your purpose will be solved.
Regards
-Nimit

 

[.]

Nimit Mehta dijo el 06/07/2004 1:45:

Registry Settings
System Key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
\Parameters]
Value Name: IPEnableRouter
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
Change from 0 (default) to 1. Its not same as bridge, but
your purpose will be solved.
Regards
-Nimit

-----Original Message-----
How can i bridge two interfaces together on W2k Prof.?
I know it's possible under XP, but W2K lacks this option.

There are any external or hiddent tools to enable
bridging?

Thanks
.

Well.. routing its not what i've asked, since i need bridging.
Anyway, thanks for answering.

I need to bridge two interfaces together, in orden to make them work
with OpenVPN.

Routing won't do the trick, because the two interfaces will be under the
same subnet.

I've tried etherbrigde (
http://www.ntkernel.com/utilities/etherbridge.shtml ) with no success.

Any clues?

 

[Phillip Windell]

Could you describe OpenVPN and why it needs this bridging? If it needs such
a thing then that means it can only be used with XP of Server2003 which
doesn't sound right to me. I am not familiar with OpenVPN, but if you can
describe it well enough, may I can suggest something.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Nimit Mehta dijo el 06/07/2004 1:45:

Registry Settings
System Key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
\Parameters]
Value Name: IPEnableRouter
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
Change from 0 (default) to 1. Its not same as bridge, but
your purpose will be solved.
Regards
-Nimit

-----Original Message-----
How can i bridge two interfaces together on W2k Prof.?
I know it's possible under XP, but W2K lacks this option.

There are any external or hiddent tools to enable
bridging?

Thanks
.

Well.. routing its not what i've asked, since i need bridging.
Anyway, thanks for answering.

I need to bridge two interfaces together, in orden to make them work
with OpenVPN.

Routing won't do the trick, because the two interfaces will be under the
same subnet.

I've tried etherbrigde (
http://www.ntkernel.com/utilities/etherbridge.shtml ) with no success.

Any clues?

 

[.]

Phillip Windell dijo el 06/07/2004 16:31:

Could you describe OpenVPN and why it needs this bridging? If it needs such
a thing then that means it can only be used with XP of Server2003 which
doesn't sound right to me. I am not familiar with OpenVPN, but if you can
describe it well enough, may I can suggest something.

From OpenVPN's homepage ( http://openvpn.sourceforge.net/ ):

OpenVPN is an easy-to-use, robust, and highly configurable SSL VPN
(Virtual Private Network) daemon which can be used to securely link two
or more private networks using an encrypted tunnel over the internet
(examples) (quotes from users) (articles).

....

OpenVPN is an Open Source project and is licensed under the GPL.
With OpenVPN, you can:

* tunnel any IP subnetwork or virtual ethernet adapter over a
single UDP or TCP port,
* create cross-platform tunnels between any of the operating
systems supported by OpenVPN including Linux, Solaris, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Windows 2000/XP,
* configure a scalable, load-balanced VPN server farm using one or
more machines which can handle thousands of dynamic connections from
incoming VPN clients (OpenVPN 2.0),
* use all of the encryption, authentication, and certification
features of the OpenSSL library to protect your private network traffic
as it transits the internet,
* use any cipher, key size, or HMAC digest (for datagram
authentication) supported by the OpenSSL library,
* choose between static-key based conventional encryption or
certificate-based public key encryption,
* use static, pre-shared keys or TLS-based dynamic key exchange,
* use real-time adaptive link compression and traffic-shaping to
manage link bandwidth utilization,
* tunnel networks whose public endpoints are dynamic such as DHCP
or dial-in clients,
* tunnel networks through connection-oriented stateful firewalls
without having to use explicit firewall rules,
* tunnel networks over NAT, and
* create secure ethernet bridges using virtual tap devices.

........

I'd like to create this kind of setup:
http://openvpn.sourceforge.net/INSTALL-win32.html , sections "Notes --
Ethernet bridging, Windows client, Linux Server" and "Notes -- Ethernet
bridging, with the bridge occurring on the Windows side."

 

[Phillip Windell]

Well, I still don't see why it would need bridging. VPN actually joins two
different subnets together so it would really be a routing issue, not
bridging. Since this sounds like they have designed some type of
proprietary product you probably have to contact the OpenVPN people to find
out how they expect you to create an environment for it to function.

 

[.]

Phillip Windell dijo el 08/07/2004 15:18:

Well, I still don't see why it would need bridging. VPN actually joins two
different subnets together so it would really be a routing issue, not
bridging. Since this sounds like they have designed some type of
proprietary product you probably have to contact the OpenVPN people to find
out how they expect you to create an environment for it to function.

Thanks, Phillip and Nimit.

The main reason why i need bridging is that i want to join two remote
networks that are numbered in the very same way. Although there's no
dupe IPs.

By bridging those interfaces i can have the same IP address on the
virtual link and the ethernet card, which is very convenient in this
case, as i want to support eventual road-warriors which are normally
physically plugged on the remote network.

The server endpoint is running linux, and it just plays its role
perfectly. XP and Linux clients work fine, i had no problem setting up
OpenVPN on them by bridging virtual and physical interfaces. But... W2K
doesn't even have an option to bridge, and most of the clients have this
OS... thus my question.

Anyway, i've researched far enough, and i can state W2K simply won't
bridge. I'm looking for a workaround.
If anyone proves me wrong, i'll be happy to retract and pay all my
attention on his/her tips.

 

[Phillip Windell]

The main reason why i need bridging is that i want to join two remote
networks that are numbered in the very same way. Although there's no
dupe IPs.

Ok, I see. But remeber that VPN by nature has two subnets at a minimum and
usually three or more. Remeber that the "Tunnel" itself represents one
subnet in addition to the traffic that actually runs inside the tunnel.
Normally it has 3 subnets because there is one subnet (typically Public) to
create the Tunnel and then there are two (or more) Private subnets that
communicate together through the tunnel.

By bridging those interfaces i can have the same IP address on the
virtual link and the ethernet card, which is very convenient in this
case, as i want to support eventual road-warriors which are normally
physically plugged on the remote network.
Ok.

Anyway, i've researched far enough, and i can state W2K simply won't
bridge.

XP and Server2003 have "bridging" features but I don't know what kind of
hardware it really takes to run it properly. Personally all I ever see are
questions asked in these groups where people either can't get it to work or
are misusing it because they don't understand how networking even works.

With Server 2000 I don't know of a way to do it since the VPN interface is
"virutal" and not physical. With Win2000 and older bridging had to be done
with special physical NICs designed for this using software from the NIC
Vendor to perform that task.

We have the same situation here where our main building (the TV Station) is
joined to the State Capitol Building with a 56k Line that is bridged rather
than routed because it is the same subnet on each side. It is done buy a
couple of small appliances that are essentially a light-weight router setup
to run as a "bridge". They are Ascend Pipeline-130's,... eventually "bought
out" by Lucent Technologies. I don't know if they are even available
anymore. There is no VPN involved at all in what we are doing with it.

Perhaps you could do this with a pair of "low-end" routers set to function
as "bridges". Maybe a pair of old Cisco 2501's you could pickup cheap on
E-Bay?

 

[Phillip Windell]

The main reason why i need bridging is that i want to join two remote
networks that are numbered in the very same way. Although there's no
dupe IPs.

Ok, I see. But remeber that VPN by nature has two subnets at a minimum and
usually three or more. Remeber that the "Tunnel" itself represents one
subnet in addition to the traffic that actually runs inside the tunnel.
Normally it has 3 subnets because there is one subnet (typically Public) to
create the Tunnel and then there are two (or more) Private subnets that
communicate together through the tunnel.

By bridging those interfaces i can have the same IP address on the
virtual link and the ethernet card, which is very convenient in this
case, as i want to support eventual road-warriors which are normally
physically plugged on the remote network.
Ok.

Anyway, i've researched far enough, and i can state W2K simply won't
bridge.

XP and Server2003 have "bridging" features but I don't know what kind of
hardware it really takes to run it properly. Personally all I ever see are
questions asked in these groups where people either can't get it to work or
are misusing it because they don't understand how networking even works.

With Server 2000 I don't know of a way to do it since the VPN interface is
"virutal" and not physical. With Win2000 and older bridging had to be done
with special physical NICs designed for this using software from the NIC
Vendor to perform that task.

We have the same situation here where our main building (the TV Station) is
joined to the State Capitol Building with a 56k Line that is bridged rather
than routed because it is the same subnet on each side. It is done buy a
couple of small appliances that are essentially a light-weight router setup
to run as a "bridge". They are Ascend Pipeline-130's,... eventually "bought
out" by Lucent Technologies. I don't know if they are even available
anymore. There is no VPN involved at all in what we are doing with it.

Perhaps you could do this with a pair of "low-end" routers set to function
as "bridges". Maybe a pair of old Cisco 2501's you could pickup cheap on
E-Bay?

 

[.]

Phillip Windell dijo el 09/07/2004 0:14:

Ok, I see. But remeber that VPN by nature has two subnets at a minimum and
usually three or more. Remeber that the "Tunnel" itself represents one
subnet in addition to the traffic that actually runs inside the tunnel.
Normally it has 3 subnets because there is one subnet (typically Public) to
create the Tunnel and then there are two (or more) Private subnets that
communicate together through the tunnel.

I'm aware of that.

With Server 2000 I don't know of a way to do it since the VPN interface is
"virutal" and not physical. With Win2000 and older bridging had to be done
with special physical NICs designed for this using software from the NIC
Vendor to perform that task.

Hum... interesting. But i do not want to stick with a particular
hardware vendor, nor replace existing NICs, which for laptops is even
difficult/expensive.

We have the same situation here where our main building (the TV Station) is
joined to the State Capitol Building with a 56k Line that is bridged rather
than routed because it is the same subnet on each side. It is done buy a
couple of small appliances that are essentially a light-weight router setup
to run as a "bridge". They are Ascend Pipeline-130's,... eventually "bought
out" by Lucent Technologies. I don't know if they are even available
anymore. There is no VPN involved at all in what we are doing with it.

Perhaps you could do this with a pair of "low-end" routers set to function
as "bridges". Maybe a pair of old Cisco 2501's you could pickup cheap on
E-Bay?

It's quite unusual for a road-warrior to carry a full 19" 1U Cisco
router with him. I was looking for a software solution to the Windows
2000 lack of ethernet bridging capabilities.

Thanks for your time, anyway.

 

[serverguy]

SNIP

With Server 2000 I don't know of a way to do it since the VPN interface is
"virutal" and not physical. With Win2000 and older bridging had to be done
with special physical NICs designed for this using software from the NIC
Vendor to perform that task.

Actually, Phillip, perhaps you are referring to "teaming" in which you
create a virtual "team" of nics using vendor specific drivers which allows
for fault tolerance, failover, network load-balancing. We generally
describe them as server nics as opposed to desktop or laptop nics. Teaming
has nothing to do with bridging or routing. Windows 2000 simply doesn't
support bridging; however, 2000 Server can do routing, which BTW does the
same thing as bridging, it's just more advanced. Best advice to the OP is
upgrade all the clients to XP Pro.

 

[Phillip Windell]

Actually, Phillip, perhaps you are referring to "teaming" in which you
create a virtual "team" of nics using vendor specific drivers which allows
for fault tolerance, failover, network load-balancing. We generally
describe them as server nics as opposed to desktop or laptop nics. Teaming
has nothing to do with bridging or routing.

Yea, I guess I have been confusing the two.