[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Bridging problems

I'm having a problem getting bridging to work with OpenVPN.
My setup is this:

    Server is RedHat Linux WS 4 (kernel 2.6.9-55.0.2.EL)
    Client is Mac OS X 10.4.9 

    On the server side I'm running OpenVPN 2.09 (installed from
    RPM: openvpn-2.0.9-1.el4.rf.i386.rpm

    On the client side I'm running the latest version of Tunnelblick
    (downloaded from their website and installed as described).

    The iptables firewall on the server side is completely off.

    The setup is for a single client bridged to a server and the bridge
is setup as described in the documentation on Ethernet Bridging on the
OpenVPN website. The bridge sets up just fine. On the Mac OS X side, 
the connection similarly seems to set up just fine. When I start the 
connection on the client side, Tunnelblick establishes the connection
and I can see it established (in /var/log/messages on the server side).
For all intents and purposes (ifconfig, brctl) the connection between 
the two sides looks just like the examples in the documentation and 
the OpenVPN book.

    Next I try to ping from the client to the server. That doesn't work.
Using tcpdump on both sides, I can see an ARP WHO-HAS packet for the 
address being pinged enter the bridge interface on the Mac (client)
side. On the Linux side, it never shows up on the tap0 interface of the 

   The problem I have now is there's no way to tell where the packet's
been dropped. OpenVPN offers no way to print packets (in decrypted form)
that it's received from the remote even with the verb parameter set to
its maximum value. I'd like to be able to determine:

    a) Whether or not the packet has been received over the 1194 UDP
port by OpenVPN
    b) Whether or not OpenVPN properly injected the packet on the tap0
       interface (or if not, what prevented it from doing so).

    I have purchased the OpenVPN book. In the Troubleshooting chapter on
page 234 it describes that with verb=5, it will print "detailed
statistics of all tunnel traffic" with uppercased letters standing for 
data on the real interface, and lowercase letters on tun/tap interface.
I don't see this at all, yet I know from the /var/log/messages file on
the server that OpenVPN is getting traffic on the real interface
periodically from the client (presumably traffic maintaining the
connection between the two sides). The book also states that the status
file that is rewritten every minute will show "detailed statistical
data" and gives an example of the file, which shows that it reports on 
reads and writes by interface (real and tap/tun). That doesn't appear to
be true, because my status file shows no such thing (and I've enabled

    Is there any way (switch, or compile option, etc). that I can get
OpenVPN to trace packets that it receives (in decrypted form) and report
properly on whether or not it sent/received a specific packet on an
interface (i.e. real or tun/tap), etc. so I could track this down? 


Openvpn-users mailing list