[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Ethernet bridging on single NIC

  • Subject: Re: [Openvpn-users] Ethernet bridging on single NIC
  • From: "Daniel L. Miller" <dmiller@xxxxxxxxx>
  • Date: Thu, 18 Oct 2007 12:05:52 -0700

Ian Archer wrote:
> I am using FreeBSD.  It seems like Freebsd bridging is more
> problematic/untested given the list archives.  The bridging seems
> successful, i.e. I have it set up and can still use the network.
> Additionally, the client connects fine.  Unfortunately, after getting
> an IP address the connection gets severed.  Killing openvpn on the
> client side re-opens a path.
I can't comment on *BSD (my only experience is Linux & Windows).  
However, if BSD supports bridging we'll try it.

By what I'm reading from you your server connection is working via the 
bridge interface (I would recommend a simple verification with a basic 
network tool, like wireshark, and just monitor the bridge interface on 
the server and see if traffic flows through it).

Creation of the tap interface is a joint responsibility of your OS and 
OpenVPN.  The bridging operation is performed by your OS.  So having a 
successful bridge, that has full functionality on your LAN - accent on 
the LAN - means your OS is fine, and means nothing with regards to 
OpenVPN configuration.

Re-do your server config with udp, and trim out the comments.  Here's a 
sample that works for me (at the least you'll need to change the local 
IP address):
mode server
port 1194
proto udp
dev tap1
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
keepalive 10 120
client-config-dir /etc/openvpn/ccd
status amfes.log
log-append /var/log/openvpn-amfes.log
verb 3
replay-window 72 30

Also - where is your client getting the IP address from?  In my case, 
I'm using our internal DHCP server to assign VPN addresses - not 
OpenVPN.  Do you possibly have a clash between a LAN DHCP server and 
OpenVPN mailing lists