[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost

  • Subject: Re: [Openvpn-users] problem setting up vpn bridge:internetconnectionis lost
  • From: "Joris Kinable" <deus87@xxxxxxxxx>
  • Date: Sun, 7 Jan 2007 10:41:33 +0100

Thnx for your reply. I've tried to get it working:

openvpn server.conf (using dev tun):
dev tun
push "redirect-gateway"
push "dhcp-option DNS"
push "dhcp-option DNS"
push "dhcp-option WINS"
push "dhcp-option WINS"

Firewall rules:
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

The good news is that it is now possible to get into the
servernetwork. The problem remains that UDP broadcasting doesn't work
with this config since broadcasts aren't forwarded over a routed vpn.

So I tried your suggestion to use dev tap and the above firewall rules:

openvpn server.conf (using dev tap without creating a bridge):
dev tap
push "redirect-gateway"
push "dhcp-option DNS"
push "dhcp-option DNS"
push "dhcp-option WINS"
push "dhcp-option WINS"

With this config UDP broadcast still don't work, and even worse it is
not possible to get onto the servers network anymore. So do you have
any idea what I need to change?


On 1/4/07, Charles Duffy <cduffy@xxxxxxxxxxx> wrote:
> Joris Kinable wrote:
> > In my opinion to solve the first problem I need a bridged VPN, and
> > assign the clients an ip from a private range. In case I choose a
> > routed VPN I won't be able to solve the first problem.
> There's nothing stopping you from building a routed VPN using "dev tap".
> Just don't create a bridge, use IP forwarding on the server for
> communication with the rest of your network, and provide a real DHCP
> server or somesuch to hand out IPs.
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
OpenVPN mailing lists