Sean Davis <dive-nb@endersgame.net> writes:

> I've got a server hosted in the datacenter at which I work, and I would like
> to bridge it (over an encrypted vpn, of course), into my home LAN. At the
> moment, my main thought is to use OpenVPN, bridge(4) and tap(4), but I've
> never done this before, so I'm looking for suggestions. The server at home
> that will be running the home side of the bridge is running NetBSD 3.99.7,
> and the server at work is running Debian 3.1.

I like to use an OpenVPN tunnel for this sort of thing, using proxy
arp to place the remote system on the local network.  Here's what I
do (my home net is 193.71.27.0/27, the OpenVPN server is at .5, and
the client is given .9):

On my home network, I run an OpenVPN with this configuration (well, a
more complicated one, actually, but this is the basic stuff you need):

    daemon
    dev tun
    proto udp
    local 193.71.27.5
    ifconfig 172.27.101.1 193.71.27.9
    up /usr/local/etc/openvpn.up

The script "openvpn.up" sets up the proxy arp for the client:

    #!/bin/sh
    case $6 in
    init)
            /usr/sbin/arp -s 193.71.27.9 00:a0:c9:b6:e1:9d pub
            ;;
    esac
    exit 0

The MAC level address shown is the one actually on the host system.

On the client, the configuration looks like this:

    daemon
    dev tun
    proto udp
    remote 193.71.27.5
    ifconfig 193.71.27.9 172.27.101.1
    up /usr/pkg/etc/openvpn.up

...and openvpn.up sets up the network route for the client -- a host
route for the OpenVPN gateway through the real, local, gateway, and a
network route for the rest of my home network through the tunnel:

    #!/bin/sh
    case $6 in
    init)
            /sbin/route add 193.71.27.5/32 193.71.2.1
            /sbin/route add 193.71.27.0/27 172.27.101.1
            ;;
    esac
    exit 0

Works for me.  :-)

-tih
-- 
Don't ascribe to stupidity what can be adequately explained by ignorance.