Two NICs on same subnet, one for VPN one for LAN traffic

singemagique

Distinguished
Feb 13, 2009
200
2
18,715
So I recently set up a bridged OpenVPN server on my NAS and noticed that the bridging of the virtual TAP device with my physical NIC resulted in slow performance of LAN traffic to and from the NAS (ie. went from near gigabit speed to ~200mbps). Breaking the bridge returns LAN speed to normal.

One possible solution to keep both the VPN capability and gigabit LAN speed is installing a second NIC with a different IP address on the same subnet.

My setup would be as follows with both adapters connected to my router:

eth0 would be bridged with VPN TAP to allow VPN clients access to the network.
eth1 would be just for LAN traffic to and from the NAS (ie. for file sharing, media streaming).


Now I have read in several places that it is not a good idea as having two NICs in one computer on the same subnet often results in connectivity problems. However, I don't try to access any resources from the NAS except when logged in remotely through the VPN (which should be forced to connect through the bridged adapter eth0). All other traffic to the NAS is initiated from LAN computers via drive mapping (with IP address) which theoretically should force the connection through eth1.

Is there any fundamental networking principal that I am missing here? Has anyone tried this? Is there a better way to solve this problem?

I should have the adapter in a couple days and will attempt to set it up.
 

singemagique

Distinguished
Feb 13, 2009
200
2
18,715


Thanks for the reminder. I have read this in several places over the last few days.

Any other obvious conflicts to watch out for? Does this even sound like a viable setup?
 

singemagique

Distinguished
Feb 13, 2009
200
2
18,715


I don't think this is the case because the problem is with local traffic on my LAN, so none of it is being sent through the VPN.

In any case, I did install the second network adapter (eth1), assigned it a static IP address, left the gateway entry blank, and bridged it with the OVPN TAP adapter. I left the original adapter (eth0) with its current configuration (including assigning it a gateway) and unbridged it. I rebooted the NAS and VOILÀ it works! VPN traffic is routed over eth1 and all my local traffic to my NAS is routed over eth0. My local transfers to my NAS are back to 80-100MB/s.