locked
OpenVPN TAP and multiple subnets RRS feed

  • Question

  • Hello,

    I have installed tap-9.9.2 driver (provided by OpenVPN), and using windows 7 ultimate. Previously I have setup network profile using TAP and ICS feature, to access internet in the subnet. While using ICS it assigns 192.168.137.1 IP address to TAP adapter.

    Now, the same approach I want to use for multiple subnets,

    i.e. for 192.168.137.1/24 and 10.0.0.1/24 (or something else).

    Can anyone anyone please suggest how to setup ICS for multiple TAP adapter present over a single host ? I could not find any options related to my requirement adapter properties menu.

    I also tried to use bridge setup (real LAN and TAP in a bridge), But this wasn't worked and I wasn't able to assign IP using DHCP to guest operating system which uses host tap device to access internet.


    • Edited by Ronex Sunday, January 25, 2015 7:32 PM
    Sunday, January 25, 2015 4:49 PM

Answers

All replies

  • Hi,

    This is not support based on your current settings. You need add a router and sign the corresponding DHCP address range to its one port to achieve it.


    Karen Hu
    TechNet Community Support

    Tuesday, January 27, 2015 7:57 AM
  • Can you please suggest steps for router setup ?

    Requirement:

    TAP-Adapter-1 : 192.168.137.1/24

    TAP-Adapter-2: 10.0.0.1/24

    Local Area Connection (real ethernet) : 10.10.x.x

    I want to route traffic initiated by Tap-Adapter-1 and TAP-Adapter-2 via real ethernet. IP addresses of TAP are arbitrary.

    Consider TAp-1 has initiated ICMP echo request for Google IP, then while leaving windows IP address in the frame should be overwritten by IP address of real ethernet, and if response returned then it should return back to TAP-1. This is basic test for my setup. It works for single adapter using ICS. But I want this setup for both adapters.

    Tuesday, January 27, 2015 9:38 AM
  • If you have different subnets, you shouldn't use TAP.  The only benefit of TAP over TUN is that it allows you to use the same subnet.

    Follow this:

    http://www.linksysinfo.org/index.php?threads/openvpn-tap-site-to-site-configuration-problems.33031/

    Thursday, January 29, 2015 1:41 AM
  • @fupin, Thanks for the comments. As far as I understand TAP works with ethernet frames(layer-2), where as TUN uses IP packets(layer-3). 

    Here the question is more related to windows routing/NAT/bridge setup.

    As per my configuration there are two TAP adapters, one of them I want to use as 192.168.137.1/24 and other with 10.0.0.1/24. Now I want to enable ICS for both of them.

    In linux, we can add iptable rules to allow traffic back and forth on TAP inetrface, and we can also use rule to set IP MASQUERADE - to rewrite IP address in the ethernet frames leavings the host ethernet(real LAN).

    Now, how can we achieve some thing similar in windows.

    Apart of the one mentioned in previous reply, I have tried to do following setup:

    TAP adapter -1: IP = 192.168.137.1 (assigned via ICS)

    TAP adapter -2 : IP = 192.168.137.3 (assigned manually)

                             Gateway - 192.168.137.1 

    But it didn't worked. 

    Friday, January 30, 2015 11:23 AM
  • follow this to check your configuration

    https://openvpn.net/index.php/open-source/documentation/miscellaneous/ethernet-bridging.html

    Also maybe you need contact OpenVPN support.

    • Proposed as answer by Karen Hu Monday, February 9, 2015 2:37 AM
    • Marked as answer by FangZhou Chen Wednesday, February 11, 2015 9:14 AM
    Wednesday, February 4, 2015 10:02 AM