Hi - I'm new to openVPN and I tried to get ethernet bridging running
to no avail (this is on Debian etch/stable).  I picked bridging so
that I don't have to worry about the warrior (ie. roaming) laptops
and what IP addresses they get assigned in hotels, net cafes, etc.

So here is the situation (and your help is greatly appreciated).
I have a gateway machine with 2 NICs on it,

 eth0 connects to the Internet (assume IP is
 --> inet addr:   Bcast:     Mask:
 eth1 connects to the LAN      (IP is
 --> inet addr:  Bcast:  Mask:
I'm looking to create a VPN bridge using or similar
(again to avoid IP collisions and from what I've seen 172.x.x.x
is rarely used) to connect those external traveling laptops back
to our LAN.

Could someone please let me know what values I should set in the
bridge-start script, et al ?  In other words, what should these
values be (cause what I have below doesn't work and when the bridge
is brought up I lose my connection to the LAN entirely) ?

Here are the entries in question in bridge-start,

  # Define Bridge Interface

  # Define list of TAP interfaces to be bridged,
  # for example tap="tap0 tap1 tap2".

  # Define physical ethernet interface to be bridged
  # with TAP interface(s) above.

In my server.conf I have the following relevant statements,

  dev tap

and I have this in my iptables file,

  # OpenVPN: allow external accesses to openvpn
  iptables -A INPUT -p udp -i eth0 --dport 1194 -j ACCEPT

  # OpenVPN: Allow interface connections to OpenVPN server
  iptables -A INPUT   -i tap+ -j ACCEPT
  iptables -A INPUT   -i br0  -j ACCEPT

  # OpenVPN: Allow interface connections be forwarded through other interfaces
  iptables -A FORWARD -i tap+ -j ACCEPT
  iptables -A FORWARD -i br0  -j ACCEPT

and I do the following to see if things work,

  % bridge-start
  % openvpn /etc/openvpn/server.conf

  I try to ssh from gateway to LAN machines (no go)
  I try to ssh from LAN machines back to gateway (no go)

I didn't even try to see if I can access the VPN from the outside
since I seem to have more pressing issues (not that it would matter
if I can't access the LAN).  So what am I doing wrong ? I must have
read the docs 10 times and searched the net endlessly, I just can't
seem to get it right and whenever I run that sample bridge-start
script my LAN connection vanishes and I have to remove the bridge
and ifdown/ifup eth1 to go back to normal.

Thanks in advance.


