[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problems with Bridging


  • Subject: Re: [Openvpn-users] Problems with Bridging
  • From: Rupert Heesom <rupert@xxxxxxxxxxxxx>
  • Date: Wed, 23 Feb 2005 20:39:13 +0000

On Wed, 2005-02-23 at 19:56, Mathias Sundman wrote:
> On Wed, 23 Feb 2005, Rupert Heesom wrote:
> 
> > I'm trying to setup up OpenVPN to do bridging so that my Road Warriors
> > connecting in can be on the same subnet and do windows browsing more
> > easily.
> >
> > So far I've managed to configure Openvpn correctly I think.  My test
> > road warrior laptop connects fine to the VPN, fine enough to get its IP
> > address/WINS server IP etc.
> >
> > However neither the VPN server or the laptop can ping each other (or
> > connect via VNC).
> >
> > /etc/openvpn/server.conf
> > local 10.0.0.110
> > port 1194
> > proto udp
> > dev tap
> > ...
> 
> You should use "dev tap0" as you have already created a tap device. I'm 
> not sure, but I think OpenVPN will create a new tap interface (tap1) 
> dynamically for you otherwise and use that instead.

Thanks for the pointer; I'll try that shortly.

> > I'm finding that in the openvpn-status.log file, when using tun mode,
> > the allocated IP to incoming connections is shown, when using tap mode
> > only the MAC address of incoming vpn connections is given.  Is this a
> > feature or indication of a problem?
> 
> That's a feature! If you use --status-version 2 you will get the IP 
> address in the status file in tap mode as well.
> 
> If the "dev tap0" change is not enough, use tcpdump to see if you can see 
> the packets on tap0 and eth0. Try to temporarly disable all iptables rules 
> to make sure it's not a firewall problem.

My iptable rules are just there to try and ENABLE comms.  I don't NEED
any rules there otherwise.  I'm not using this bridge as a filter but as
an "open" bridge between my local subnet and any VPN visitors to my
subnet.

Should the bridge be able to work WITHOUT any iptable "firewall" rules?

I'll TRY to use dcpdump - never used it before; but there's always a
first time!  :-)
-- 
Rupert Heesom <rupert@xxxxxxxxxxxxx>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users