[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Help tunneling internet connection over VPN TAP connection.


  • Subject: Re: [Openvpn-users] Re: Help tunneling internet connection over VPN TAP connection.
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 19 Jan 2005 02:39:25 -0700 (MST)


On Wed, 19 Jan 2005, Mathias Sundman wrote:

> On Wed, 19 Jan 2005, Mathias Sundman wrote:
> 
> > On Tue, 18 Jan 2005, Christopher Omega wrote:
> >
> >> Its definately enabled. Disabling and reenabling didn't really have an
> >> effect on it.
> >
> > Yes, my mistake. It's a very similar error msg you get when the TAP device is 
> > disabled, that several people has posted about...
> >
> >> Im also having lots of problems when the client's TAP device is
> >> bridged with its normal ethernet device. When they're unbridged, the
> >> log file shows "Initilization sequence completed" and Im able to ping
> >> my home network and access my home network's windows shares, connect
> >> to my home computer using remote desktop, etc. Im also able to browse
> >> the internet, though I can see its not through the tunnel, since using
> >> applications that require alternative ports still dont work.
> >> 
> >> Here's the log file for when its not bridged (the bridged log is below):
> >> 
> >> Tue Jan 18 21:51:22 2005 us=173504 TAP-WIN32 device [OpenVPN] opened:
> >> \\.\Global\{ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC}.tap
> >> Tue Jan 18 21:51:22 2005 us=173585 TAP-Win32 Driver Version 8.1
> >> Tue Jan 18 21:51:22 2005 us=173612 TAP-Win32 MTU=1500
> >> Tue Jan 18 21:51:22 2005 us=173647 Notified TAP-Win32 driver to set a
> >> DHCP IP/netmask of 192.168.1.51/255.255.255.0 on interface
> >> {ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC} [DHCP-serv: 192.168.1.0,
> >> lease-time: 31536000]
> >> Tue Jan 18 21:51:22 2005 us=173686 DHCP option string: 0608ce8d c03cce8d 
> >> c137
> >> Tue Jan 18 21:51:22 2005 us=175657 Successful ARP Flush on interface
> >> [393218] {ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC}
> >> Tue Jan 18 21:51:22 2005 us=209979 TEST ROUTES: 0/0 succeeded len=0
> >> ret=0 a=0 u/d=down
> >> Tue Jan 18 21:51:22 2005 us=210041 Route: Waiting for TUN/TAP
> >> interface to come up...
> >> <snip, above two messages repeated>
> >> Tue Jan 18 21:51:27 2005 us=940075 route ADD 68.75.177.14 MASK
> >> 255.255.255.255 10.10.1.1
> >> Tue Jan 18 21:51:27 2005 us=941860 Route addition via IPAPI succeeded
> >> Tue Jan 18 21:51:27 2005 us=941934 route DELETE 0.0.0.0
> >> Tue Jan 18 21:51:27 2005 us=971424 Route deletion via IPAPI succeeded
> >> Tue Jan 18 21:51:27 2005 us=971512 route ADD 0.0.0.0 MASK 0.0.0.0 
> >> 192.168.1.2
> >> Tue Jan 18 21:51:27 2005 us=984366 Route addition via IPAPI succeeded
> >> Tue Jan 18 21:51:27 2005 us=984434 Initialization Sequence Completed
> >> 
> >> Now, with the network bridged, I cant access the internet and I cant
> >> access my home network (even after disabling and reenabling). The log
> >> file looks like this:
> >> 
> >> Tue Jan 18 21:56:04 2005 us=277606 TAP-WIN32 device [OpenVPN] opened:
> >> \\.\Global\{ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC}.tap
> >> Tue Jan 18 21:56:04 2005 us=277687 TAP-Win32 Driver Version 8.1
> >> Tue Jan 18 21:56:04 2005 us=277714 TAP-Win32 MTU=1500
> >> Tue Jan 18 21:56:04 2005 us=277749 Notified TAP-Win32 driver to set a
> >> DHCP IP/netmask of 192.168.1.51/255.255.255.0 on interface
> >> {ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC} [DHCP-serv: 192.168.1.0,
> >> lease-time: 31536000]
> >> Tue Jan 18 21:56:04 2005 us=277787 DHCP option string: 0608ce8d c03cce8d 
> >> c137
> >> Tue Jan 18 21:56:04 2005 us=279961 NOTE: could not get adapter index
> >> for \DEVICE\TCPIP_{ADE5A39E-8B33-4E6A-B7A8-9A364B1185CC}, status=55 :
> >> The specified network resource or device is no longer available.
> >> Tue Jan 18 21:56:04 2005 us=287107 TEST ROUTES: 0/1 succeeded len=0
> >> ret=0 a=0 u/d=up
> >> Tue Jan 18 21:56:04 2005 us=287180 Route: Waiting for TUN/TAP
> >> interface to come up...
> >> <snip, above two messages repeated>
> >> Tue Jan 18 21:56:34 2005 us=116340 TEST ROUTES: 0/1 succeeded len=0
> >> ret=0 a=0 u/d=up
> >> Tue Jan 18 21:56:34 2005 us=116424 route ADD 68.75.177.14 MASK
> >> 255.255.255.255 10.10.1.1
> >> Tue Jan 18 21:56:34 2005 us=117975 Route addition via IPAPI succeeded
> >> Tue Jan 18 21:56:34 2005 us=118046 route DELETE 0.0.0.0
> >> Tue Jan 18 21:56:34 2005 us=119638 Route deletion via IPAPI succeeded
> >> Tue Jan 18 21:56:34 2005 us=119707 route ADD 0.0.0.0 MASK 0.0.0.0 
> >> 192.168.1.2
> >> Tue Jan 18 21:56:34 2005 us=120487 Warning: route gateway is not
> >> reachable on any active network adapters: 192.168.1.2
> >> Tue Jan 18 21:56:34 2005 us=120533 Route addition via IPAPI failed
> >> Tue Jan 18 21:56:34 2005 us=120561 Initialization Sequence Completed With 
> >> Errors
> >
> > That's interesting that it works when the TAP interface in not bridged.
> >
> > Try setting the IP address manually on the bridge interface on the client, 
> > and use "ip-win32 manual" in the client config to tell OpenVPN not to set the 
> > IP address.
> 
> I've done some testing, and I can reproduce the problem here to. If I add 
> my TAP device to a bridge I get the above problem. Setting the IP address 
> directly on the bridge interface still gives the above log message (device 
> no longer available), but as the IP address is already set, TEST ROUTES 
> succeeds after a while and everything works.
> 
> Could it be because when you have a bridge, you cannot set an IP address 
> on one of interfaces that below to the bridge?
> 
> James, any ideas how to solve this?

When you set up a bridge, generally the adapters which are components of
the bridge adapter lose their individual configurations -- only the
settings on the bridge adapter itself are relevant.

When you run OpenVPN on a bridge adapter, you should manually set the IP
address and netmask of the bridge adapter, then run OpenVPN with
--server-bridge or if running in point-to-point mode, omit --ifconfig.

James



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users