設定 VPN hub 橋接器

1. 持續之前的 vpncmd 命令設定，使用 hub 指令不加參數回到 vpn server 管理模式。
   

   VPN Server/VPN>hub
   Hub command - Select Virtual Hub to Manage
   The Virtual Hub selection has been unselected.
   The command completed successfully.
   

2. 查看可用的橋接裝置。
   

   VPN Server>bridgedevicelist
   BridgeDeviceList command - Get List of Network Adapters Usable as Local Bridge
   eth0
   eth1
   virbr0
   vnet0
   vnet1
   vnet3
   vnet4
   vnet5
   vnet6
   The command completed successfully.
   

3. 查看 bridgecreate 命令手冊。
   

   VPN Server>bridgecreate /?
   BridgeCreate command - Create Local Bridge Connection
   Help for command "BridgeCreate"
   
   Purpose:
     Create Local Bridge Connection
   
   Description:
     Use this to create a new Local Bridge connection on the VPN Server.
     By using a Local Bridge, you can configure a Layer 2 bridge connection 
     between a Virtual Hub operating on this VPN server and a physical Ethernet 
     Device (Network Adapter). 
     You can create a tap device (virtual network interface) on the system and 
     connect a bridge between Virtual Hubs (the tap device is only supported by 
     Linux versions). 
     It is possible to establish a bridge to an operating network adapter of your
     choice for the bridge destination Ethernet device (network adapter), but in
     high load environments, we recommend you prepare a network adapter 
     dedicated to serve as a bridge. 
     To execute this command, you must have VPN Server administrator privileges.
   
   Usage:
     BridgeCreate [hubname] [/DEVICE:device_name] [/TAP:yes|no]
   
   Parameters:
     hubname - Specify the Virtual Hub to create bridge. To get a list of Virtual
               Hubs, you can use the HubList command. It is not essential that 
               you specify a Virtual Hub that is currently operating. If you 
               specify a Virtual Hub name that is not currently operating or that
               does not exist, the Local Bridge connection will become enabled 
               when the actual operation of that Virtual Hub begins.
     /DEVICE - Specify the bridge destination Ethernet device (network adapter) 
               or tap device name. You can get the list of Ethernet device names 
               by using the BridgeDeviceList command.
     /TAP    - Specify yes if you are using a tap device rather than a network 
               adapter for the bridge destination (only supported for Linux 
               versions). When this is omitted, it will be treated the same as 
               when no is specified.
   

4. 增加 hub vpn 橋接到 eth0 並採用 TAP，如此 ifconfig 可以看到一張網卡 tap_eth0。
   

   VPN Server>bridgecreate vpn /device:br0 /tap:yes
   BridgeCreate command - Create Local Bridge Connection
   While in the condition that occurs immediately after a new bridge connection is 
   made when bridging to a physical network adapter, depending on the type of 
   network adapter, there are cases where it will not be possible to communicate 
   using TCP/IP to the network adapter using a bridge connection from a computer 
   on the virtual network. 
   (This phenomenon is known to occur for Intel and Broadcom network adapters.) 
   
   If this issue arises, remedy the situation by restarting the computer on which 
   VPN Server / Bridge is running. Normal communication will be possible after 
   the computer has restarted. 
   
   Also many wireless network adapters will not respond to the sending of packets 
   in promiscuous mode and when this occurs you will be unable to use the Local 
   Bridge. If this issue arises, try using a regular wired network adapter 
   instead of the wireless network adapter.
   
   Instructions for Local Bridge on VM
   It has been detected that the VPN Server might be running on a VM (Virtual Machine) 
   suchlike VMware or Hyper-V. Read the following instructions carefully. 
   If you are not using a VM, please ignore this message.
   Some VMs prohibit the "Promiscuous Mode" (MAC Address Spoofing) on the network 
   adapters by default.
   
   If the Promiscuous Mode (MAC Address Spoofing) is administratively disabled, 
   the Local Bridge function between a Virtual Hub on the VPN Server and a physical 
   network adapter on the physical computer does not work well. You should allow 
   the Promiscuous Mode (MAC Address Spoofing) by using the configuration tool of the VM.
   
   For details please refer the documents of your VM. If it is a shared-VM and 
   administrated by other person, please request the administrator to permit the 
   use of the Promiscuous (MAC Address Spoofing) Mode to your VM.
   
   The command completed successfully.
   

5. 使用 hub VPN 命令回到 hub vpn 的管理模式。
   

   VPN Server>hub vpn
   Hub command - Select Virtual Hub to Manage
   The Virtual Hub "VPN" has been selected.
   The command completed successfully.
   

6. 查看 hub VPN 的 IP 除了 192.168.30.1，還多了一個橋接 session，但沒有 ipv4 的 IP。
   

   VPN Server/VPN>iptable
   IpTable command - Get the IP Address Table Database
   Item        |Value
   ------------+------------------------
   ID          |804511970
   Session Name|SID-SECURENAT-1
   IP Address  |192.168.30.1
   Created at  |2016-05-17 07:30:31
   Updated at  |2016-05-17 08:02:05
   Location    |On 'dyw219'
   ------------+------------------------
   ID          |3996354065
   Session Name|SID-LOCALBRIDGE-3
   IP Address  |fe80::2ac:3dff:fea0:1692
   Created at  |2016-05-17 08:01:49
   Updated at  |2016-05-17 08:02:07
   Location    |On 'dyw219'
   The command completed successfully.