Hi OpenVPN Users,
I have a serious problem with OpenVPN, at trying to bridge: My OpenVPN Server is no more reachable with TCP/UDP (but I can ping it...) if someone connects.
What I have done?
1. /usr/local/sbin/openvpn --mktun --dev tap0 2. brctl addbr br0 3. ifconfig br0 _myip_eth0_ netmask _mynetmask_eth0_ 4. brctl addif br0 tap0 5. brctl addif br0 eth0 6. ifconfig tap0 0.0.0.0 promisc up 7. ifconfig eth0 0.0.0.0 promisc up; route add default _my_eth0_default_gw_ 8. iptables -F 9. iptables -F -t nat 10. /usr/local/sbin/openvpn --config /etc/openvpn/server.conf
It think this is the basic proceeding as usual. If I now a client connects, the server is after some seconds unreachable with TCP/UDP, but it is pingable. My open SSH Connections timins out, and new connections can't be established. Sometime minuts after connecting there come some new messages in SSH up, and and I can sometimes type one or more commands, but allways the connections times out.
Naturally I investigated this behavour: I tested with udp if packets not can be send or only the receiving is the problem. A tcpdump shows, that the server isn't receiving packtes nor can it send packets. The simply are lost, without any icmp or other trace. The tcpdump on server shows that they are sent, but they never reach the destination. Packets from any machine in internet to the server are not shown in the tcpdump on server. The macadress are for source ip and destionation ip in working and not working packets the same. No iptables filter is changed, no ipadress is changed/coming up/going down at ifconfig, and no route is comming up or going down during this problem. Nothing seems to change, and packets are ONLY going lost if I connect to the OpenVPN Server. If I disconnect, some minutes after that the server is reachable again.
I know this problems if I add the eth0 to the bridge. But this is only a onetime problem. Here I have a persistent problem. Maybe OpenVPN has a problem and non-stopping is reinitialysing the bridge?
The funny thing is, that I had a bridging tunnel already running, exactly with this kernel, but OpenVPN in Version 2.0RC1.
My openvpn/kernel version on server is:
websrv tmp # uname -a
Linux websrv.pRiV.de 18.104.22.168 #1 SMP Mon May 30 21:30:10 i686 Celeron (Coppermine) GenuineIntel GNU/Linux
websrv tmp # /usr/local/sbin/openvpn |head -n 1
OpenVPN 2.0.2 i686-pc-linux [SSL] [LZO] built on Sep 2 2005
websrv tmp #
I welcome any help. Maybe somebody knows how see if the kernel get a packet lost, and at best why?
The Log of the Server with "verb 6" is available at http://www.priv.de/openvpnproblem/.
Regards Markus Mueller