[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN on Debian / br0 stops interface eth0 (NEWBE)

  • Subject: Re: [Openvpn-users] OpenVPN on Debian / br0 stops interface eth0 (NEWBE)
  • From: Martin Müller - Rudolf Hausstein OHG <m.mueller@xxxxxxxxxxxx>
  • Date: Sun, 05 Feb 2006 15:17:59 +0100
Hi!

Thank you for quick answer! Unfortunally I hadnt enough time to check your tipps.

Now I can report the following:

I cant ping eth0 from the LAN and the masquerading-functionality doesnt work properly. I cant access sites which are running with https.

Furthermore clients, which want to access windowsupdate.microsoft.com, are getting a "cant reach the site".

And the SAMBA-Server which is also running on eth0 is also not avialable.

BTW: I havnt tested the connection from WAN.

Thank you for your help!

Martin



Etienne Pretorius schrieb: 
Hello,

You seem to have gone a bit overboard. This is what I use:

auto eth0
iface eth0 inet static
       address 192.168.10.255
       netmask 255.255.255.0

# Virtual device for VPN implementation
auto tap0
iface tap0 inet static
  address 10.8.0.1
  netmask 255.255.255.0
  pre-up   tunctl -u uml-net
  pre-down tunctl -d tap0

auto br0
iface br0 inet static
  address 192.168.10.1
  network 192.168.10.0
  broadcast 192.168.10.255
  netmask 255.255.255.0
  bridge_ports tap0 eth0


I have a special case here though, I need to create the TAP0 device without using OPENVPN.
Anyway Openvpn uses the device later and it works fine. You should see something like this
conserning the eth and br devices:

br0       Link encap:Ethernet  HWaddr 00:01:80:59:3D:70
         inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
         inet6 addr: fe80::201:80ff:fe59:3d70/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:290631 errors:0 dropped:0 overruns:0 frame:0
         TX packets:326005 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:133155342 (126.9 MiB)  TX bytes:286589560 (273.3 MiB)

eth0      Link encap:Ethernet  HWaddr 00:01:80:59:3D:70
         inet6 addr: fe80::201:80ff:fe59:3d70/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:290650 errors:1 dropped:0 overruns:0 frame:1
         TX packets:324177 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:138090321 (131.6 MiB)  TX bytes:286414902 (273.1 MiB)
         Interrupt:177 Base address:0xe200

Notice that there will be no IP on the eth0 device. That is correct as it is doing bridging.

Kind Regards
Etienne


Martin Müller - Rudolf Hausstein OHG wrote:

Hello!

Im running openvpn 2.0-1sarge2 on Debian Sarge 3.1. If I put up my br0, all traffic stops on my lan-Interface eth0. If ping eth0 from the lan, there is no response. If I ping the interface from the server, there is also no response.

ifconfig shows lo, br0,tap0, tap1, tap2, eth0 and eth1


My config:

lan    eth0    192.168.100.99
wan    eth1    83.64.XXX.XXX

>>server.config
port 1194
proto udp
dev tap
tun-mtu 1500
fragment 1300
mssfix
server-bridge 192.168.100.1 255.255.255.0 192.168.100.210 192.168.100.220
keepalive 10 45
user nobody
group nogroup
comp-lzo
persist-key
persist-tun
verb 5

>> /etc/network/interfaces

auto br0
iface br0 inet static
       address 192.168.100.5
       netmask 255.255.255.0
       network 192.168.100.0
       broadcast 192.168.100.255
       pre-up /sbin/ip link set eth0 up
       pre-up /usr/sbin/openvpn --mktun --dev tap0
       pre-up /usr/sbin/openvpn --mktun --dev tap1
       pre-up /usr/sbin/openvpn --mktun --dev tap2
       pre-up /sbin/ip link set tap0 up
       pre-up /sbin/ip link set tap1 up
       pre-up /sbin/ip link set tap2 up
       pre-up /usr/sbin/brctl addbr br0
       pre-up /usr/sbin/brctl addif br0 eth0
       pre-up /usr/sbin/brctl addif br0 tap0
       pre-up /usr/sbin/brctl addif br0 tap1
       pre-up /usr/sbin/brctl addif br0 tap2
       post-down  /usr/sbin/brctl delbr br0

---------


How must I configure the IPs to have a bridged interface? The documentation is in this case very thin.

Thanks for your assistence!


Martin


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users 





-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00068.html on line 304

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00068.html on line 304