[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Bridging ethernet problem

Title: [Openvpn-users] Bridging ethernet problem
Your bridge script uses eth1, but your ifconfig output says eth0. Which one is correct ?
Firewall.
You are on the way to create a loop on your ethernet network. Not a funny thing.
Maybe the linux bridge code will detect it, and cut one redundant connection, but if it cuts
the physical connection (as opposed to the tunelled one), the vpn hosts will be cut oof the LAN.
 
Simply put: do not bridge a network to itself.
 
Regards,
David

From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of José Antonio Olivera Ortega
Sent: Wed 05-Dec-07 11:15
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [Openvpn-users] Bridging ethernet problem

Hello,

I am trying to setup a ethernet bridge between tow linux box
located inside the same network 192.168.112/24 to learn
about L2 VPNs with openvpn.

I did all the ethernet bridgin howto steps  and  I loose  the
concectivity connection with the VPN server.

At the beginning the ifconfig command output shows as follow

eth0      Link encap:Ethernet  HWaddr 00:0F:1F:99:F5:D9
          inet addr:192.168.112.72  Bcast:192.168.112.255 
Mask:255.255.255.0
          inet6 addr: fe80::20f:1fff:fe99:f5d9/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:9902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:788 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1213638 (1.1 MiB)  TX bytes:69707 (68.0 KiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:838 errors:0 dropped:0 overruns:0 frame:0
          TX packets:838 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:144724 (141.3 KiB)  TX bytes:144724 (141.3 KiB)

After I execute brigde-start.sh the ifconfig command output shows:

br0      Link encap:Ethernet  HWaddr 00:0F:1F:99:F5:D9
          inet addr:192.168.112.72  Bcast:192.168.112.255 
Mask:255.255.255.0
          inet6 addr: fe80::20f:1fff:fe99:f5d9/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:9902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:788 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:112286 (109.6 KiB)  TX bytes:468 (468.0 b)

eth0      Link encap:Ethernet  HWaddr 00:0F:1F:99:F5:D9
          inet6 addr: fe80::20f:1fff:fe99:f5d9/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:9902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:788 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1213638 (1.1 MiB)  TX bytes:69707 (68.0 KiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:838 errors:0 dropped:0 overruns:0 frame:0
          TX packets:838 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:144724 (141.3 KiB)  TX bytes:144724 (141.3 KiB)

tap0      Link encap:Ethernet  HWaddr 26:38:31:69:7A:C2
          inet6 addr: fe80::2438:31ff:fe69:7ac2/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

The brigde-start.sh script is as follow:

#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.112.71"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.112.255"

for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

Then I execute openvpn; /usr/sbin/openvpn --config vpnServer.conf

Before that I loose the connection from any box of the same net to the
server, but I can ping from the server to any box of the network.

If I loose the connection with the server clients can't connect and
establish
a tunnel between them and the server.

Can anybody help me?.

I look fordward to hearing from you soon.

Respectfully,

José Antonio Olivera Ortega.

 --
José Antonio Olivera Ortega
Automóvil Conectado - Telefónica I+D

Teléfono: 913340330 Ext. 1000
Email: jaoo62@xxxxxx
--


-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users