Connecting Two Remote Local Networks With Transparent Bridging Technique

5 Apr2006
Sometimes we need to connect two or more geographically distrubuted ethernet networks to one broadcast domain. There can be two different office networks of some company which uses smb protocol partially based on broadcast network messages. Another example of such situation is computer cafes: a couple of computer cafes can provide to users more convinient environment forr playing multiplayer computer games without dedicated servers.

Both sample networks in this article need to have one *nix server for bridging. Our networks can be connected by any possible hardware that provides IP connection between them.

Short description: In described configuration we are connecting two remote LANs to make them appearing as one network with 192.168.1.0/24 address space (however physically, presense of bridges in network configuration is not affecting IP protocol and is fully transparent for it, so you can freely select any address space). Both of the bridging servers has two network interfaces: one (as eth0 in our example) connested to the LAN, and second (eth1) is being used as transport to connect networks. When ethernet tunnel between gateways in both networks will be bringed up we will connect tunnel interfaces with appropriate LAN interfaces with bridge interfaces. Schematically this configuration can be following:

          +-------+                       +-------+
          |  br0  |                       |  br0  |
          +-------+                       +-------+
           |     |                         |     |
Network 1  |     |                         |     |   Network 2
----------eth0  tap0---eth1........eth1---tap0  eth0---------------

Setting Up Bridging Servers

Notice: This article describes Debian GNU/Linux servers setup. If you are using another distribution, there can be some differences in network configuration and package management, but the main idea of described actions will be the same.

First of all, we need to check if tun and bridge modules is not included in current kernel. If they are not includen, we need to rebuild kernel with CONFIG_TUN and CONFIG_BRIDGE options.

Next, we need to create tunnel device file for our tunnel:

    # cd /dev
    # ./MAKEDEV tun
    # mkdir misc
    # ln -s /dev/net /dev/misc/net

Notice: Last command is needed to make vtun work, because authors build for debian is looking for tunnel device driver at /dev/misc/net/tun.

To create ethernet tunnel between bridging servers we will use vtun software. Debian package (and also source code and other OS packages) can be loaded from authors site.

When package file vtun_X.Y-Z_i386.deb will be downloaded, we will need to install all required packages:

    # apt-get install bridge-utils ebtables iptables libssl0.9.6
    ...
    # dpkg -i vtun_X.Y-Z_i386.deb

When vtun will be installed, we will need to select one of the bridging servers as master and second server will be slave and appropriately change vtund-start.conf and vtund.conf file in /etc/ on buth servers. Complete config files for master is following.

/etc/vtund-start.conf

----cut-here------------------------------------
--server-- 5000
----cut-here------------------------------------

/etc/vtund.conf

----cut-here------------------------------------
options {                                                                                      
    port 5000;            # Listen on this port.

    # Syslog facility
    syslog        daemon;

    # Path to various programs
    ifconfig      /sbin/ifconfig;
    route         /sbin/route;
    firewall      /sbin/iptables;
    ip            /sbin/ip;
}

default {
    compress no;
    encrypt no;
    speed 0;
}

rembridge {
    passwd Pa$$Wd;
    type ether;
    proto udp;
    keepalive yes;
    compress no;
    encrypt yes;
    
    up {
	# Connection is Up 
	ifconfig "%% up";
	program "brctl addif br0 %%";
    };
    
    down {
	# Connection is Down 
	ifconfig "%% down";
    };
}
----cut-here------------------------------------

Slave server config files is following:

/etc/vtund-start.conf

----cut-here------------------------------------
rembridge 10.1.1.1 -p
----cut-here------------------------------------

Notice: In this example 10.1.1.1 is transport address of master server.


/etc/vtund.conf

----cut-here------------------------------------
options {
  # Path to various programs
  ifconfig	/sbin/ifconfig;
  route		/sbin/route;
  firewall	/sbin/iptables;
}

korsar {
  pass  Pa$$Wd;		# Password
  type  ether;		# Ethernet tunnel
  up {
	# Connection is Up 
	ifconfig "%% up";
	program "brctl addif br0 %%"
  };
  down {
	# Connection is Down 
	ifconfig "%% down";
  };
}
----cut-here------------------------------------

To bring up bridge between LAN ethernet interface and our newly created tunnel interface we need to create bridge interface. To complete this task we will add br0 interface description to /etc/network/interfaces file:

auto br0
iface br0 inet static
    address 192.168.1.199
    netmask 255.255.255.0
    bridge_ports eth0

Notice: IP-addresses on both sides of our bridge must be unique in both networks. eth0 is LAN interface.

Now, we need to bring this interface up:

    # ifup br0

When br0 interface will be created, we will be able to start vtun.

    # /etc/init.d/vtund restart

If everything was done correctly, we will see following results on both sersers (br0 and tap0 interfaces):

    # ifconfig tap0
    tap0  Link encap:Ethernet  HWaddr 00:FF:B2:91:CA:DE
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:701818 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:405939 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:1000 
	  RX bytes:975889241 (930.6 MiB)  TX bytes:44704104 (42.6 MiB)

    # ifconfig br0
    br0   Link encap:Ethernet  HWaddr 00:02:44:2A:03:30  
          inet addr:192.168.1.199  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2660 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:239368 (233.7 KiB)  TX bytes:2338 (2.2 KiB)

    #

If we need to see current state of bridge interface, we can use brctl tool:

    # brctl show br0
    bridge name     bridge id               STP enabled     interfaces
    br0             8000.0002442a0330       no              eth0
	                                                    tap0
    #

When all of described steps will be completed, our computers in both networks will be able to communicate with each other. IP addresses on bridge interfaces can be used for troubleshooting network connection. And last, if you need, you can turn on compression or enrtyption of data within created tunnel.