[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Bridging Setup on Linux w/ Windows Clients


  • Subject: [Openvpn-users] Bridging Setup on Linux w/ Windows Clients
  • From: Pasada Khumprakob <khumprp@xxxxxxxxxxx>
  • Date: Thu, 30 Aug 2007 15:19:55 -0400
  • Importance: Normal

Hello all -
 
I have been unsuccessful so far at my bridging attempts, with just plain weird stuff going on. I was accually able to stay connected today for about 10 min, then I manually disconnected, and then I could get a good connection back.... So I want to start from scratch with the hopes that someone can point out my mistake.
 
On the server right now, I have disabled IPTABLES totally. The external IP of the server is eg: 201.0.0.195 255.255.255.192. I create the virtual TAP adapter on the linux server and bridge it together with the ETH0 (I have only one physical NIC). I then assign the BR0 the IP of ETH0.
 
In my server.conf file I start by assigning the virtual adapter an address of 201.0.0.254 255.255.255.192, and set the local directive to that of the bridge's IP 201.0.0.195. I do my certificate stuff, and aside from that the only other important thing I have is 'push "route 201.0.0.0 255.255.255.192 201.0.0.193"' the default gateway on that network.  I also have fragment 1500, mssfix 1500, and some other settings that I believe are unrelated.
 
On the client side I do NOT setup a bridge. I have an adapter created, and in my client.conf file I assign it an IP with ifconfig 201.0.0.241 and the appropriate netmask. I also have route-method exe, and route-delay 2 in the file. The rest is standard.
 
What I'm trying to accomplish is having my laptop from a wireless connection be able to connect to my private network (201.0.0.xxx). So my laptop has the IP assigned from the wireless, it assigns the TAP device an address on my private network, the server has two addresses, both on the network (which I realize could be a security problem). The one address is for the VPN connections, and the other is the virtual TAP device 201.0.0.254.
 
On my Vista machine, I can connect and stay connected for about 30sec before it starts sending out tons and tons of UDP junk packets (10K/s), loses the connection, and then gets it back. On XP machines, they cannot ping or do anything, and the arp table has an invalid entry for the VPN server's address.
 
Am I doing this setup wrong? I need to do bridging so we can have access to windows shares and other broadcast-network items. Any thoughts on how to better architect this? Whats weird is that it work only once out of a hundred times without this UDP flood issue. I originally thought it was a bad driver or something along the lines with Vista, but now I am completely lost.
 
Any help is greatly appreciated!
Pasada Khumprakob