Hello folks!

This is my first post here, so my excuses if this topic is not at his place here.. I've already done some research at google and other fora, but I couldn't find anything that helped me any further...

This is the case: I've got two linux servers (both Debian) on which OpenVPN is already installed. One is here next to me and the other one is at my father's place. Both servers are running in a small network of about five computers each, and at my father's place computers come and go like the wind..

I would like and try to connect those servers using OpenVPN's bridging capabilities to create one 'large' network (I never liked routing, dunno why ).

Both servers contain two networkcards, of which one 'goes' into the bridge and the other one is used to remain contact with the box (it also runs Samba and other services). The schematic situation thus is as follows:


eth0________________________________________eth0 68.0.101

Just think away the underscores and sorry for the lay-out. There is a bridge (br0) on both sides between tap0 and eth1. OpenVPN takes care of the connection of the tap devices. I hope the idea is clear, but do you guys think it is going to work like this? In the OpenVPN-howto's they are assigning an IP to the bridge itself. But I prefer this way, if it works however..

Another point of consideration is that both servers run a DHCP server. This is necessary and for the following reasons: I want that the network 'segments' are able to run on their own, ie. without the bridge. And the second one is that every computer needs his 'local' server (so not the one on the other side of the bridge) as his default gateway. Otherwise things get very complicated.

A bad thing, in my eyes, is that the dhcp server broadcasts over eth0 and that that 'broadcast' comes back via eth1 (eth0 and eth1 are in the same hub) and is thrown to the other side of the bridge. And at the other side of the brigde is also a dhcp server! I think this will confuse my network, although both dhcp servers have a different range ( - vs. -

I've researched google and other fora and I came to the conclusion that I couldn't block port 67 en 68 on the br0 interface to prevent the dhcp broadcasts to go over te bridge, because the standard dhcpserver from isc.org uses RAW writing or someting (that means it 'escapes' to the eye of iptables). I tried myself to block port 67 and 68 on my eth0 interface and they were right.

Does someone know IF the broadcast of the DHCP will be sent over the bridge at all (I think it is, because the bridge behaves like a switch)? And if that is the case, does someone know how to stop the broadcast over the br0 interface or prevent the reentry of the broadcast through eth1 (ie. preventing the broadcast to arrive at eth1 or something)?

And at least, does someone know if there is a third party DHCP-server available which is being seen by iptables?

Thanks for reading!