[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] bridging, strange issue


  • Subject: Re: [Openvpn-users] bridging, strange issue
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Sat, 08 Sep 2007 14:57:40 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID090LiHT7U0070X39

skuns@xxxxx wrote:
Hi there. I have following bridge configuration:

   debian linux box. openvpn server
192.168.37.170/24 - A, internal network
x.x.x.x - A, internet network
              |
              |
   Adsl modem. with NAT
              |
    client. debian linuxbox

After connection succesfull initiated, i cannot ping from client nor A, 
not network 37.0/24. And vise versa. Both host return destination host 
unreachable.
Client got an address 192.168.37.252 but can't obtain mac address for 
server, arp -a show a record 192.168.37.170 (incomplete)   tap0. Server 
A has same incomplete record for client address. Arp request from client 
transfered to tap0, but looks that packet nether reach server.
[...]
config for server:
-------------------
port 1194
proto tcp
dev tap
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 192.168.37.170 255.255.255.0 192.168.37.252 192.168.37.253
ifconfig-pool-persist ipp.txt
push "route 192.168.37.0 255.255.255.0"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
---------------
[...]
-------------

route table for client:

-------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
192.168.37.0    192.168.37.170  255.255.255.0   UG        0 0          0 
tap0
192.168.37.0    0.0.0.0         255.255.255.0   U         0 0          0 
tap0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 
eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 
eth0
--------------------

When bridging you don't want to push the bridged subnet as a route to the client.  The route will be added when the IP details are set on the adapter.  I also assume you have bridged your tap0 device to your physical Ethernet device if you are trying to bridge to an existing physical network; if not, you won't be able to access physical devices on the target subnet.

-- 
Josh

Attachment: signature.asc
Description: OpenPGP digital signature