Re: [Openvpn-users] 2 bridged connections

  Subject: Re: [Openvpn-users] 2 bridged connections
  From: Mathias Sundman
  Date: Wed, 7 Dec 2005

On Wed, 7 Dec 2005, Rene Cunningham wrote:


Im having a problem getting 2 bridged OpenVPN connections speaking with
each other. From what i can see, once they both connect they are both bound
to tap0.

o Below is my server.conf file

ca /etc/openvpn/keys/ca-server.crt
cert /etc/openvpn/keys/server.crt
dev tap
dh /etc/openvpn/keys/dh1024.pem
group nogroup
ifconfig-pool-persist ipp.txt
keepalive 10 120
key /etc/openvpn/keys/server.key  # This file should be kept secret
port 1194
proto udp
status /var/log/openvpn-status.log
tls-auth /etc/openvpn/keys/ta-server.key 0 # This file is secret
up /etc/openvpn/scripts/bridge-eth0
user nobody
verb 4

o Below is what my bridge looks like

# brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.000024c47b28       no              eth0

As you can see there are no RX or TX packets for tap1. Ive tried adding
the tap1 interface before OpenVPN starts using the following command

# openvpn --mktun --dev tap1

I can get 2 bridged connections speaking with each other if i create a
2nd server.conf file that listens on another port and instead of using
'dev tap' use 'dev tap0' and 'dev tap1'.

Both bridged connections can communicate with local workstations on the

My question is, does OpenVPN support communication between 2 bridged
clients using the same server.conf?

Sure. You only need one server.conf and one tap interface. Create tap0 in advance with --mktun --dev tap0, then use --dev tap0 in your server config.

Then just issue certs for all the clients you want and rock on ;-) If you still have problems getting a second client to connect, give us the details about that problem, like server/client logs, tcpdump showing what happends etc.

