This is just a post so everyone call tell me what a stupid mistake this is... Image may be NSFW.
Clik here to view.
I am just setting this up on a home network for now, trying to learn the various ins and outs and pros and cons and such.
I read that putting an interface in a bridge would hurt performance because it couldn't be offloaded anymore and would have to be handled in just software. So I really didn't want to do that to my ethernet interface.
However, in playing with VPNs, no matter what I did (well, I only tried L2TP and OpenVPN) I could net get mDNS to work across the VPN. I tried the reflector and repeater settings, but could never get it to work. Reading more online it seems this is a dead-end street, I probably would never get Bonjour announcements over this kind of link.
So, I created a second OpenVPN TAP configuration, made a bridge, and put JUST that openvpn vtun device in that bridge. I did not put my ethernet interface in there. However, this time, the mDNS reflector allows Bonjour to work.
So, is this a workable configuration, and does it do anything to improve performance over actually putting the vtun and eth device in a bridge together?
It does seem, though, that this would allow me some better ability to firewalll some things from VPN to LAN, but maybe I could have done that anyway, I'm not sure.
Anyway, just sharing so the community can point out my foolishness. Image may be NSFW.
Clik here to view. And, in the rare event it isn't so foolish, it might be nice to have as a reference later.
