[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] [noob] OpenVpn bridging mode configuration


  • Subject: Re: [Openvpn-users] [noob] OpenVpn bridging mode configuration
  • From: "Dave" <dev@xxxxxxxxxxxxxx>
  • Date: Sun, 29 Jul 2007 12:51:26 -0500
  • Importance: Normal

>...
>i have just installed  openvpn , i got a scenario when i have small LAN ,
we application servers in it  >(oracle,apache...) , and i want people to
connect to the lan and browse the lan ressource .
> 
>...
> , when i start the bridge-start script , my network crash and i must
restart the machine , i'm sure i have missed something somewhere , but i
need a help to find what :d 
>... 

When you say 'crash' do you really mean crash, or just that networking stop
working abruptly?  I personally have had to add the default gateway back to
the interface after doing all the bridge-start stuff.

I'm assuming the default gateway in your scenario is 192.168.1.1.  You would
add something like this at the end of your bridge-start script:

route add default gw 192.168.1.1

And something like this at the end of the bridge-stop

ifconfig eth0 192.168.1.201 up

I say 'something like' because the syntax of the 'route' command depends on
the OS, but you're probably using Linux and that one shown will probably
work.  Double check the IPs I used because I'm guessing your setup.

Also, not related to this problem, but in your server script I think you can
remove the lines:
push "route 192.168.1.0 255.255.255.0"
and also:
client-to-client
This is because you are using bridging, so all the clients will be on the
192.168.1.x network already (not so if you were using tunnelling, then you
would need these lines).

Lastly, and maybe it's not in your control, but since you're using
192.168.1.x for your local lan, you have a high likelihood of running into
problems down-the-line.  That network is widely used for people's internal
LAN.  So, if you had a client that was already on 192.168.1.x at a remote
site, then vpn'ed into your network, they would have two adapters with
192.168.1.x (the physical adapter, and the virtual one for openvpn).  If at
all possible, chose a different number for the third octet.  Almost anything
other than 0, 1, or 255 is better.  Otherwise, you can only hope for the
best.

-Dave

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users