|
|
Hi, no, I don`t think that is correct. IMHO you have put tap0 in promisc mode, too. Then it schould work. Cheers Marc > Hi, > > yes, I built the following bridge: > ---- > firewall:~# brctl show > bridge name bridge id STP enabled interfaces br0 > 8000.00096ba37526 no eth0 > tap0 > tap1 > tap2 > tap3 > tap4 > tap5 > ---- > > eth0 is connected to the internal lan. The interfaces > eth1/eth2 are connected to the dmz/internet-router. > > Below you will find the output of "ifconfig br0|eth0|tap0". > Interface tap0 has an ip-address, is this correct ? > > Regards, > > Ralf Gerhard > > firewall:~# ifconfig br0 > br0 Link encap:Ethernet HWaddr 00:09:6B:A3:75:26 > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:7494576 errors:0 dropped:0 overruns:0 frame:0 TX > packets:9993616 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:795904466 (759.0 MiB) TX bytes:3921128308 (3.6 GiB) > > firewall:~# ifconfig eth0 > eth0 Link encap:Ethernet HWaddr 00:09:6B:A3:75:26 > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX > packets:7495001 errors:0 dropped:0 overruns:0 frame:0 TX > packets:9993974 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:930863471 (887.7 MiB) TX bytes:3983530966 (3.7 GiB) > Interrupt:24 Memory:faef0000-faf00000 > > firewall:~# ifconfig tap0 > tap0 Link encap:Ethernet HWaddr 00:FF:11:81:19:90 > inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX > packets:292 errors:0 dropped:0 overruns:0 frame:0 > TX packets:922701 errors:0 dropped:53075 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:34708 (33.8 KiB) TX bytes:74587540 (71.1 MiB) > >> Von: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx >> [mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] Im Auftrag >> von Marc Lentwojt >> Gesendet: Dienstag, 1. Juni 2004 10:45 >> An: openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> Betreff: Re: [Openvpn-users] Problem with openvpn and bridging >> >> >> Hi, >> >> did you install bridge-utils and build a bridge group ? >> >> Regards >> >> Marc >> >> > Hello, >> > >> > I'm trying to setup a vpn in bridging mode but without >> success up to >> > now. The remote client can't ping a server in the local net. >> > >> > The configuration is based upon the howto by Florin Andrei. >> > >> > VPN server is our firewall (debian woody, openvpn-1.6.0 from >> > backports.org), Client is a XP system. Internal net is >> 192.168.1.0/24, >> > dmz-net is 195.243.59.96/28 >> > >> > In a faq I read "WARNING: Actual Remote Options" could be a >> problem, >> > but the only difference is "ifconfig 192.168.1.0 255.255.255.0" vs. >> "ifconfig". >> > >> > Below you will find the servers log and the config of the client. >> > >> > Is this a openvpn config problem or does the firewall >> interfere ? Do >> > you have any hints? >> > >> > >> > Thanks in advance, >> > >> > Ralf Gerhard >> > >> > >> > Server log: >> > Tue Jun 1 09:21:26 2004 129[0]: select : Interrupted system call >> (code=4) >> > Tue Jun 1 09:21:26 2004 130[0]: SIGTERM received, exiting >> Tue Jun 1 >> > 09:21:26 2004 131[0]: Closing TCP/UDP socket Tue Jun 1 >> 09:21:26 2004 >> > 132[0]: Closing TUN/TAP device Tue Jun 1 09:21:27 2004 >> 0[0]: Current >> > Parameter Settings: >> > Tue Jun 1 09:21:27 2004 1[0]: config = >> '/etc/openvpn/sagaflor.conf' >> > Tue Jun 1 09:21:27 2004 2[0]: persist_config = DISABLED >> > Tue Jun 1 09:21:27 2004 3[0]: persist_mode = 1 >> > Tue Jun 1 09:21:27 2004 4[0]: show_ciphers = DISABLED >> > Tue Jun 1 09:21:27 2004 5[0]: show_digests = DISABLED >> > Tue Jun 1 09:21:27 2004 6[0]: genkey = DISABLED >> > Tue Jun 1 09:21:27 2004 7[0]: askpass = DISABLED >> > Tue Jun 1 09:21:27 2004 8[0]: show_tls_ciphers = DISABLED >> > Tue Jun 1 09:21:27 2004 9[0]: proto = 0 >> > Tue Jun 1 09:21:27 2004 10[0]: local = '195.243.59.97' >> > Tue Jun 1 09:21:27 2004 11[0]: remote = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 12[0]: local_port = 5000 >> > Tue Jun 1 09:21:27 2004 13[0]: remote_port = 5000 >> > Tue Jun 1 09:21:27 2004 14[0]: remote_float = DISABLED >> > Tue Jun 1 09:21:27 2004 15[0]: ipchange = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 16[0]: bind_local = ENABLED >> > Tue Jun 1 09:21:27 2004 17[0]: dev = 'tap0' >> > Tue Jun 1 09:21:27 2004 18[0]: dev_type = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 19[0]: dev_node = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 20[0]: tun_ipv6 = DISABLED >> > Tue Jun 1 09:21:27 2004 21[0]: ifconfig_local = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 22[0]: ifconfig_remote_netmask = >> '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 23[0]: ifconfig_noexec = DISABLED >> > Tue Jun 1 09:21:27 2004 24[0]: ifconfig_nowarn = DISABLED >> > Tue Jun 1 09:21:27 2004 25[0]: shaper = 0 >> > Tue Jun 1 09:21:27 2004 26[0]: tun_mtu = 1500 >> > Tue Jun 1 09:21:27 2004 27[0]: tun_mtu_defined = ENABLED >> > Tue Jun 1 09:21:27 2004 28[0]: link_mtu = 1300 >> > Tue Jun 1 09:21:27 2004 29[0]: link_mtu_defined = DISABLED >> > Tue Jun 1 09:21:27 2004 30[0]: tun_mtu_extra = 32 >> > Tue Jun 1 09:21:27 2004 31[0]: tun_mtu_extra_defined = ENABLED >> Tue Jun 1 09:21:27 2004 32[0]: fragment = 1400 >> > Tue Jun 1 09:21:27 2004 33[0]: mtu_discover_type = -1 >> > Tue Jun 1 09:21:27 2004 34[0]: mtu_test = 0 >> > Tue Jun 1 09:21:27 2004 35[0]: mlock = DISABLED >> > Tue Jun 1 09:21:27 2004 36[0]: inactivity_timeout = 0 >> > Tue Jun 1 09:21:27 2004 37[0]: ping_send_timeout = 10 >> > Tue Jun 1 09:21:27 2004 38[0]: ping_rec_timeout = 45 >> > Tue Jun 1 09:21:27 2004 39[0]: ping_rec_timeout_action = 2 >> > Tue Jun 1 09:21:27 2004 40[0]: ping_timer_remote = ENABLED >> > Tue Jun 1 09:21:27 2004 41[0]: persist_tun = ENABLED >> > Tue Jun 1 09:21:27 2004 42[0]: persist_local_ip = ENABLED >> > Tue Jun 1 09:21:27 2004 43[0]: persist_remote_ip = DISABLED Tue >> Jun 1 09:21:27 2004 44[0]: persist_key = ENABLED >> > Tue Jun 1 09:21:27 2004 45[0]: mssfix_defined = ENABLED >> > Tue Jun 1 09:21:27 2004 46[0]: mssfix = 0 >> > Tue Jun 1 09:21:27 2004 47[0]: passtos = DISABLED >> > Tue Jun 1 09:21:27 2004 48[0]: resolve_retry_seconds = 0 >> > Tue Jun 1 09:21:27 2004 49[0]: connect_retry_seconds = 5 >> > Tue Jun 1 09:21:27 2004 50[0]: username = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 51[0]: groupname = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 52[0]: chroot_dir = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 53[0]: cd_dir = '/etc/openvpn' >> > Tue Jun 1 09:21:27 2004 54[0]: writepid >> > '/var/run/openvpn.sagaflor.pid' Tue Jun 1 09:21:27 2004 55[0]: >> up_script = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 56[0]: down_script = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 57[0]: up_restart = DISABLED >> > Tue Jun 1 09:21:27 2004 58[0]: daemon = ENABLED >> > Tue Jun 1 09:21:27 2004 59[0]: inetd = 0 >> > Tue Jun 1 09:21:27 2004 60[0]: log = ENABLED >> > Tue Jun 1 09:21:27 2004 61[0]: nice = 0 >> > Tue Jun 1 09:21:27 2004 62[0]: verbosity = 4 >> > Tue Jun 1 09:21:27 2004 63[0]: mute = 0 >> > Tue Jun 1 09:21:27 2004 64[0]: gremlin = DISABLED >> > Tue Jun 1 09:21:27 2004 65[0]: occ = ENABLED >> > Tue Jun 1 09:21:27 2004 66[0]: http_proxy_server = '[UNDEF]' Tue >> Jun 1 09:21:27 2004 67[0]: http_proxy_port = 0 >> > Tue Jun 1 09:21:27 2004 68[0]: http_proxy_auth_method = >> '[UNDEF]' Tue >> > Jun 1 09:21:27 2004 69[0]: http_proxy_auth_file = >> '[UNDEF]' Tue Jun >> > 1 09:21:27 2004 70[0]: http_proxy_retry = DISABLED >> > Tue Jun 1 09:21:27 2004 71[0]: socks_proxy_server = '[UNDEF]' Tue >> Jun 1 09:21:27 2004 72[0]: socks_proxy_port = 0 >> > Tue Jun 1 09:21:27 2004 73[0]: socks_proxy_retry = DISABLED Tue >> Jun 1 09:21:27 2004 74[0]: comp_lzo = ENABLED >> > Tue Jun 1 09:21:27 2004 75[0]: comp_lzo_adaptive = ENABLED >> > Tue Jun 1 09:21:27 2004 76[0]: route_script = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 77[0]: route_default_gateway = >> '[UNDEF]' Tue >> > Jun 1 09:21:27 2004 78[0]: route_noexec = DISABLED >> > Tue Jun 1 09:21:27 2004 79[0]: route_delay = 0 >> > Tue Jun 1 09:21:27 2004 80[0]: route_delay_defined = DISABLED Tue >> Jun 1 09:21:27 2004 81[0]: shared_secret_file = >> 'static.key' Tue >> > Jun 1 09:21:27 2004 82[0]: key_direction = 0 >> > Tue Jun 1 09:21:27 2004 83[0]: ciphername_defined = ENABLED Tue >> Jun 1 09:21:27 2004 84[0]: ciphername = 'BF-CBC' >> > Tue Jun 1 09:21:27 2004 85[0]: authname_defined = ENABLED >> > Tue Jun 1 09:21:27 2004 86[0]: authname = 'SHA1' >> > Tue Jun 1 09:21:27 2004 87[0]: keysize = 0 >> > Tue Jun 1 09:21:27 2004 88[0]: replay = ENABLED >> > Tue Jun 1 09:21:27 2004 89[0]: replay_window = 64 >> > Tue Jun 1 09:21:27 2004 90[0]: replay_time = 15 >> > Tue Jun 1 09:21:27 2004 91[0]: packet_id_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 92[0]: use_iv = ENABLED >> > Tue Jun 1 09:21:27 2004 93[0]: test_crypto = DISABLED >> > Tue Jun 1 09:21:27 2004 94[0]: tls_server = DISABLED >> > Tue Jun 1 09:21:27 2004 95[0]: tls_client = DISABLED >> > Tue Jun 1 09:21:27 2004 96[0]: key_method = 1 >> > Tue Jun 1 09:21:27 2004 97[0]: ca_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 98[0]: dh_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 99[0]: cert_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 100[0]: priv_key_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 101[0]: cipher_list = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 102[0]: tls_verify = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 103[0]: tls_remote = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 104[0]: crl_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 105[0]: tls_timeout = 2 >> > Tue Jun 1 09:21:27 2004 106[0]: renegotiate_bytes = 0 >> > Tue Jun 1 09:21:27 2004 107[0]: renegotiate_packets = 0 >> > Tue Jun 1 09:21:27 2004 108[0]: renegotiate_seconds = 3600 >> > Tue Jun 1 09:21:27 2004 109[0]: handshake_window = 60 >> > Tue Jun 1 09:21:27 2004 110[0]: transition_window = 3600 >> > Tue Jun 1 09:21:27 2004 111[0]: single_session = DISABLED >> > Tue Jun 1 09:21:27 2004 112[0]: tls_auth_file = '[UNDEF]' >> > Tue Jun 1 09:21:27 2004 113[0]: OpenVPN 1.6.0 >> i386-pc-linux-gnu [SSL] >> > [LZO] [PTHREAD] built on May 10 2004 Tue Jun 1 09:21:27 >> 2004 114[0]: >> > Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Jun >> 1 09:21:27 2004 115[0]: Static Encrypt: Using 160 >> bit message >> > hash 'SHA1' for HMAC authentication >> > Tue Jun 1 09:21:27 2004 116[0]: Static Decrypt: Cipher 'BF-CBC' >> initialized with 128 bit key Tue Jun 1 09:21:27 2004 117[0]: Static >> Decrypt: Using 160 >> bit message >> > hash 'SHA1' for HMAC authentication >> > Tue Jun 1 09:21:27 2004 118[0]: LZO compression initialized Tue Jun >> 1 09:21:27 2004 119[0]: TUN/TAP device tap0 opened Tue Jun 1 >> 09:21:27 2004 120[0]: Data Channel MTU parms [ >> L:1581 D:1400 >> > EF:49 EB:19 ET:32 EL:0 ] >> > Tue Jun 1 09:21:27 2004 121[0]: Fragmentation MTU parms [ >> L:1581 D:1400 >> > EF:48 EB:19 ET:33 EL:0 ] >> > Tue Jun 1 09:21:27 2004 122[0]: Local Options String: 'V3,dev-type >> tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> > ,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,secret' >> Tue Jun 1 09:21:27 2004 123[0]: Expected Remote Options String: >> 'V3,dev-type tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> ,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,secret' >> Tue Jun 1 09:21:27 2004 124[0]: Local Options hash >> (VER=V3): '11529904' >> > Tue Jun 1 09:21:27 2004 125[0]: Expected Remote Options >> hash (VER=V3): >> > '11529904' >> > Tue Jun 1 09:21:27 2004 126[0]: PTHREAD support initialized Tue Jun >> 1 09:21:27 2004 127[0]: UDPv4 link local (bound): >> 195.243.59.97:5000 Tue Jun 1 09:21:27 2004 128[0]: UDPv4 link >> remote: [undef] >> > Tue Jun 1 09:22:44 2004 129[0]: Peer Connection Initiated with >> 213.7.100.82:5000 >> > Tue Jun 1 09:22:47 2004 130[0]: WARNING: Actual Remote Options >> ('V3,dev-type tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> 192.168.1.0 255.255.255.0,comp-lzo,mtu-dynamic,cipher BF-CBC,auth >> SHA1,keysize 128,secret') are inconsistent with Expected >> Remote Options >> > ('V3,dev-type tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> ,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize >> 128,secret') Tue >> > Jun 1 09:23:37 2004 131[0]: Inactivity timeout (--ping-restart), >> restarting Tue Jun 1 09:23:37 2004 132[0]: Closing TCP/UDP socket >> Tue Jun 1 09:23:37 2004 133[0]: Re-using pre-shared static key Tue >> Jun 1 09:23:37 2004 134[0]: LZO compression initialized >> > Tue Jun 1 09:23:37 2004 135[0]: Preserving previous >> TUN/TAP instance: >> > tap0 >> > Tue Jun 1 09:23:37 2004 136[0]: Data Channel MTU parms [ >> L:1581 D:1400 >> > EF:49 EB:19 ET:32 EL:0 ] >> > Tue Jun 1 09:23:37 2004 137[0]: Fragmentation MTU parms [ >> L:1581 D:1400 >> > EF:48 EB:19 ET:33 EL:0 ] >> > Tue Jun 1 09:23:37 2004 138[0]: Local Options String: 'V3,dev-type >> tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> > ,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,secret' >> Tue Jun 1 09:23:37 2004 139[0]: Expected Remote Options String: >> 'V3,dev-type tap,link-mtu 1581,tun-mtu 1532,proto UDPv4,ifconfig >> ,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,secret' >> Tue Jun 1 09:23:37 2004 140[0]: Local Options hash >> (VER=V3): '11529904' >> > Tue Jun 1 09:23:37 2004 141[0]: Expected Remote Options >> hash (VER=V3): >> > '11529904' >> > Tue Jun 1 09:23:37 2004 142[0]: UDPv4 link local (bound): >> > 195.243.59.97:5000 Tue Jun 1 09:23:37 2004 143[0]: UDPv4 link >> remote: [undef] >> > >> > >> > >> > Client Config: >> > >> > remote 195.243.59.97 >> > port 5000 >> > dev tap >> > ifconfig 192.168.1.6 255.255.255.0 >> > >> > fragment 1400 >> > mssfix >> > secret static.key >> > ping 10 >> > comp-lzo >> > verb 4 >> > route 195.243.59.96 255.255.255.240 192.168.1.2 >> > route-delay 4 >> > tap-sleep 1 >> > >> > >> > ------------------------------------------------------- >> > This SF.Net email is sponsored by: Oracle 10g >> > Get certified on the hottest thing ever to hit the market... Oracle >> 10g. Take an Oracle 10g class now, and we'll give you the >> exam FREE. >> > http://ads.osdn.com/?ad_id149&alloc_id?66&op=click >> > _______________________________________________ >> > Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> >> >> >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by: Oracle 10g >> Get certified on the hottest thing ever to hit the market... >> Oracle 10g. >> Take an Oracle 10g class now, and we'll give you the exam >> FREE. http://ads.osdn.com/?ad_id149&alloc_id?66&op=ick >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx >> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle 10g. > Take an Oracle 10g class now, and we'll give you the exam FREE. > http://ads.osdn.com/?ad_id149&alloc_id?66&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00025.html on line 544 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00025.html on line 544 |