[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost

Subject: Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
From: "Joris Kinable" <deus87@xxxxxxxxx>
Date: Sun, 7 Jan 2007 10:41:33 +0100

Thnx for your reply. I've tried to get it working:

openvpn server.conf (using dev tun):
dev tun
server 10.8.0.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 130.90.5.2"
push "dhcp-option DNS 130.90.5.3"
push "dhcp-option WINS 130.90.6.20"
push "dhcp-option WINS 130.90.6.21"

Firewall rules:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -t nat -A POSTROUTING -s  10.8.0.0/24 -o eth0 -j MASQUERADE

Other:
echo 1 > /proc/sys/net/ipv4/ip_forward

The good news is that it is now possible to get into the
servernetwork. The problem remains that UDP broadcasting doesn't work
with this config since broadcasts aren't forwarded over a routed vpn.

So I tried your suggestion to use dev tap and the above firewall rules:

openvpn server.conf (using dev tap without creating a bridge):
dev tap
server 10.8.0.0 255.255.255.0
push "redirect-gateway"
push "dhcp-option DNS 130.90.5.2"
push "dhcp-option DNS 130.90.5.3"
push "dhcp-option WINS 130.90.6.20"
push "dhcp-option WINS 130.90.6.21"

With this config UDP broadcast still don't work, and even worse it is
not possible to get onto the servers network anymore. So do you have
any idea what I need to change?

Joris


On 1/4/07, Charles Duffy <cduffy@xxxxxxxxxxx> wrote:
> Joris Kinable wrote:
> > In my opinion to solve the first problem I need a bridged VPN, and
> > assign the clients an ip from a private range. In case I choose a
> > routed VPN I won't be able to solve the first problem.
>
> There's nothing stopping you from building a routed VPN using "dev tap".
> Just don't create a bridge, use IP forwarding on the server for
> communication with the rest of your network, and provide a real DHCP
> server or somesuch to hand out IPs.
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

References:
- Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
  - From: Joris Kinable
- Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
  - From: Marcel de Reuver
- Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
  - From: Joris Kinable
- Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
  - From: Charles Duffy

Prev by Date: Re: [Openvpn-users] OpenVPN and Windows network drive maps
Next by Date: Re: [Openvpn-users] Openvpn and rendezvous
Previous by thread: Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
Next by thread: Re: [Openvpn-users] Repost - Windows authentication over OpenVPN
Index(es):
- Date
- Thread