[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2 bridged connections

  • Subject: Re: [Openvpn-users] 2 bridged connections
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Wed, 7 Dec 2005 08:04:13 +0100 (CET)
On Wed, 7 Dec 2005, Rene Cunningham wrote:

Gday,

Im having a problem getting 2 bridged OpenVPN connections speaking with
each other. From what i can see, once they both connect they are both bound
to tap0.

o Below is my server.conf file

ca /etc/openvpn/keys/ca-server.crt
cert /etc/openvpn/keys/server.crt
comp-lzo
dev tap
dh /etc/openvpn/keys/dh1024.pem
group nogroup
ifconfig-pool-persist ipp.txt
keepalive 10 120
key /etc/openvpn/keys/server.key  # This file should be kept secret
persist-key
persist-tun
port 1194
proto udp
server-bridge 192.168.50.1 255.255.255.0 192.168.50.100 192.168.50.150
status /var/log/openvpn-status.log
tls-auth /etc/openvpn/keys/ta-server.key 0 # This file is secret
up /etc/openvpn/scripts/bridge-eth0
user nobody
verb 4

o Below is what my bridge looks like

# brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.000024c47b28       no              eth0
                                                       tap0
                                                       tap1

As you can see there are no RX or TX packets for tap1. Ive tried adding
the tap1 interface before OpenVPN starts using the following command

# openvpn --mktun --dev tap1

I can get 2 bridged connections speaking with each other if i create a
2nd server.conf file that listens on another port and instead of using
'dev tap' use 'dev tap0' and 'dev tap1'.

Both bridged connections can communicate with local workstations on the
bridge.

My question is, does OpenVPN support communication between 2 bridged
clients using the same server.conf?

Sure. You only need one server.conf and one tap interface. Create tap0 in advance with --mktun --dev tap0, then use --dev tap0 in your server config.

Then just issue certs for all the clients you want and rock on ;-) If you still have problems getting a second client to connect, give us the details about that problem, like server/client logs, tcpdump showing what happends etc.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
OpenVPN GUI for Windows           X    NO HTML/RTF in e-mail
http://openvpn.se/               / \   NO Word docs in e-mail

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users