[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] bridging, strange issue

  • Subject: Re: [Openvpn-users] bridging, strange issue
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sat, 08 Sep 2007 14:57:40 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID090LiHT7U0070X39

skuns@xxxxx wrote:
Hi there. I have following bridge configuration:

   debian linux box. openvpn server - A, internal network
x.x.x.x - A, internet network
   Adsl modem. with NAT
    client. debian linuxbox

After connection succesfull initiated, i cannot ping from client nor A, 
not network 37.0/24. And vise versa. Both host return destination host 
Client got an address but can't obtain mac address for 
server, arp -a show a record (incomplete)   tap0. Server 
A has same incomplete record for client address. Arp request from client 
transfered to tap0, but looks that packet nether reach server.
config for server:
port 1194
proto tcp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"
keepalive 10 120
user nobody
group nogroup
status openvpn-status.log
verb 4

route table for client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface   UG        0 0          0 
tap0   U         0 0          0 
tap0   U         0 0          0 
eth0         UG        0 0          0 

When bridging you don't want to push the bridged subnet as a route to the client.  The route will be added when the IP details are set on the adapter.  I also assume you have bridged your tap0 device to your physical Ethernet device if you are trying to bridge to an existing physical network; if not, you won't be able to access physical devices on the target subnet.


Attachment: signature.asc
Description: OpenPGP digital signature