[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN bridge mode problems: Windows client disrupts connectivity

  • Subject: [Openvpn-users] OpenVPN bridge mode problems: Windows client disrupts connectivity
  • From: "Konstantin Boyandin" <boyandin@xxxxxxxxx>
  • Date: Fri, 1 Sep 2006 16:35:29 +0700
Greetings,

I have used OpenVPN in route mode, and everything went quite well. Now
I try to set up the bridge mode, since Windows users wish to see their
domain in network neighborhood and so on.

The setup:

Intranet network: 10.0.0/24
OpenVPN server intranet address: 10.0.0.24
OpenVPN internal network: 10.111.0/24
OPenVPN server OS: FC5

Here is the set up data.

First, this is the script to start bridging:

====== script below
modprobe tun
modprobe bridge

openvpn --mktun --dev tap0

brctl addbr br0
brctl setfd br0 0
brctl addif br0 eth0
brctl addif br0 tap0

ifconfig tap0 0.0.0.0 promisc up
ifconfig eth0 0.0.0.0 promisc up

ifconfig br0 10.0.0.24 netmask 255.255.255.0 broadcast 10.0.0.255
ifconfig br0:0 10.111.0.1 netmask 255.255.255.0 broadcast 10.111.0.255
====== script above

After that, I allow access through firewall

====== script below
iptables -I INPUT 1 -i tun+ -j ACCEPT
iptables -I FORWARD 1 -i tun+ -j ACCEPT
iptables -I INPUT 1 -i tap+ -j ACCEPT
iptables -I FORWARD 1 -i tap+ -j ACCEPT
iptables -I INPUT 1 -i br+ -j ACCEPT
iptables -I FORWARD 1 -i br+ -j ACCEPT
====== script above

Finally, here's OpenVPN config, comments stripped:

====== config below
local 10.0.0.24
port 1194
proto tcp
dev tap0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.111.0.1 255.255.255.0 10.111.0.32 10.111.0.254
push "route-gateway 10.111.0.1"
push "route 10.0.0.0 255.255.255.0 10.111.0.1"
push "route 10.111.0.0 255.255.255.0 10.111.0.1"
duplicate-cn # I use LDAP authentification
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
plugin /usr/lib/openvpn-auth-pam.so login
client-cert-not-required
username-as-common-name
====== config above

The result: when I try to connect to OpenVPN from intranet, the
Windows computer I use 'loses' connectivity, namely all the local
traffic as if stops. When the OpenVPN client is terminated, normal OS
functioning resumes.

Can anyone enlighten me about what to do to handle this?

I installed the lates OpenVPN currently available at the site.

Best wishes,

Konstantin
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00002.html on line 260

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-09/msg00002.html on line 260