[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Ethernet bridging on single NIC


  • Subject: Re: [Openvpn-users] Ethernet bridging on single NIC
  • From: "Ian Archer" <ian.archer.am.i@xxxxxxxxx>
  • Date: Fri, 19 Oct 2007 18:23:22 -0400

Switched to udp to no avail.  I ran tcpdump on my bridge0 interface
and packets are popping up.

A little about my network.  I have a computer on a wireless network
with the address 10.0.0.2.  The wireless router is on a 192.168.1.*/24
network.  Also on the 192.168.1.*/24 network is my other computer,
which is acting as VPN server, with address 192.168.1.112.  Both
networks feature a DHCP server.

The client successfully connects to the server, receives the address
192.168.1.200, after which the connection to the server is lost (HOST
is down).

Also, my local LAN is providing

I attached my

local 192.168.1.112
port 1194

;proto tcp
proto udp

dev tap0
;dev tun0
mode server

;dev-node MyTap

ca /usr/local/etc/openvpn/local/ca.crt
cert /usr/local/etc/openvpn/local/kirin.crt
key /usr/local/etc/openvpn/local/kirin.key  # This file should be kept secret
client-config-dir /usr/local/etc/openvpn/bridge-clients
dh /usr/local/etc/openvpn/local/dh1024.pem

ifconfig-pool-persist ipp.txt

server-bridge 192.168.1.112 255.255.255.0 192.168.1.200 192.168.1.254

client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun

status openvpn-status.log

verb 3


On 10/18/07, Daniel L. Miller <dmiller@xxxxxxxxx> wrote:
> Ian Archer wrote:
> > I am using FreeBSD.  It seems like Freebsd bridging is more
> > problematic/untested given the list archives.  The bridging seems
> > successful, i.e. I have it set up and can still use the network.
> > Additionally, the client connects fine.  Unfortunately, after getting
> > an IP address the connection gets severed.  Killing openvpn on the
> > client side re-opens a path.
> >
> I can't comment on *BSD (my only experience is Linux & Windows).
> However, if BSD supports bridging we'll try it.
>
> By what I'm reading from you your server connection is working via the
> bridge interface (I would recommend a simple verification with a basic
> network tool, like wireshark, and just monitor the bridge interface on
> the server and see if traffic flows through it).
>
> Creation of the tap interface is a joint responsibility of your OS and
> OpenVPN.  The bridging operation is performed by your OS.  So having a
> successful bridge, that has full functionality on your LAN - accent on
> the LAN - means your OS is fine, and means nothing with regards to
> OpenVPN configuration.
>
> Re-do your server config with udp, and trim out the comments.  Here's a
> sample that works for me (at the least you'll need to change the local
> IP address):
> mode server
> tls-server
> local 192.168.0.72
> port 1194
> proto udp
> dev tap1
> client-to-client
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/server.crt
> key /etc/openvpn/easy-rsa/keys/server.key
> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
> keepalive 10 120
> persist-key
> client-config-dir /etc/openvpn/ccd
> status amfes.log
> log-append /var/log/openvpn-amfes.log
> verb 3
> replay-window 72 30
> comp-lzo
>
> Also - where is your client getting the IP address from?  In my case,
> I'm using our internal DHCP server to assign VPN addresses - not
> OpenVPN.  Do you possibly have a clash between a LAN DHCP server and
> OpenVPN?
>
> --
> Daniel
>______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users