[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Ethernet bridging on single NIC

  • Subject: Re: [Openvpn-users] Ethernet bridging on single NIC
  • From: "Ian Archer" <ian.archer.am.i@xxxxxxxxx>
  • Date: Fri, 19 Oct 2007 18:23:22 -0400

Switched to udp to no avail.  I ran tcpdump on my bridge0 interface
and packets are popping up.

A little about my network.  I have a computer on a wireless network
with the address  The wireless router is on a 192.168.1.*/24
network.  Also on the 192.168.1.*/24 network is my other computer,
which is acting as VPN server, with address  Both
networks feature a DHCP server.

The client successfully connects to the server, receives the address, after which the connection to the server is lost (HOST
is down).

Also, my local LAN is providing

I attached my

port 1194

;proto tcp
proto udp

dev tap0
;dev tun0
mode server

;dev-node MyTap

ca /usr/local/etc/openvpn/local/ca.crt
cert /usr/local/etc/openvpn/local/kirin.crt
key /usr/local/etc/openvpn/local/kirin.key  # This file should be kept secret
client-config-dir /usr/local/etc/openvpn/bridge-clients
dh /usr/local/etc/openvpn/local/dh1024.pem

ifconfig-pool-persist ipp.txt


keepalive 10 120

status openvpn-status.log

verb 3

On 10/18/07, Daniel L. Miller <dmiller@xxxxxxxxx> wrote:
> Ian Archer wrote:
> > I am using FreeBSD.  It seems like Freebsd bridging is more
> > problematic/untested given the list archives.  The bridging seems
> > successful, i.e. I have it set up and can still use the network.
> > Additionally, the client connects fine.  Unfortunately, after getting
> > an IP address the connection gets severed.  Killing openvpn on the
> > client side re-opens a path.
> >
> I can't comment on *BSD (my only experience is Linux & Windows).
> However, if BSD supports bridging we'll try it.
> By what I'm reading from you your server connection is working via the
> bridge interface (I would recommend a simple verification with a basic
> network tool, like wireshark, and just monitor the bridge interface on
> the server and see if traffic flows through it).
> Creation of the tap interface is a joint responsibility of your OS and
> OpenVPN.  The bridging operation is performed by your OS.  So having a
> successful bridge, that has full functionality on your LAN - accent on
> the LAN - means your OS is fine, and means nothing with regards to
> OpenVPN configuration.
> Re-do your server config with udp, and trim out the comments.  Here's a
> sample that works for me (at the least you'll need to change the local
> IP address):
> mode server
> tls-server
> local
> port 1194
> proto udp
> dev tap1
> client-to-client
> ca /etc/openvpn/easy-rsa/keys/ca.crt
> cert /etc/openvpn/easy-rsa/keys/server.crt
> key /etc/openvpn/easy-rsa/keys/server.key
> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
> keepalive 10 120
> persist-key
> client-config-dir /etc/openvpn/ccd
> status amfes.log
> log-append /var/log/openvpn-amfes.log
> verb 3
> replay-window 72 30
> comp-lzo
> Also - where is your client getting the IP address from?  In my case,
> I'm using our internal DHCP server to assign VPN addresses - not
> OpenVPN.  Do you possibly have a clash between a LAN DHCP server and
> OpenVPN?
> --
> Daniel
OpenVPN mailing lists