[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN 192.168.30.1 client to 192.168.10.1 server, bridge LANs


  • Subject: [Openvpn-users] OpenVPN 192.168.30.1 client to 192.168.10.1 server, bridge LANs
  • From: Jeff Kowalczyk <jtk@xxxxxxxxx>
  • Date: Tue, 15 Jan 2008 19:55:09 -0800 (PST)

I'm trying to establish a bridged connection between two LANs with two OpenWRTs
(WRT65GL, kamikaze release) Running OpenVPN 2.0.9.

I can't get any packets transmitted between the two LANs. I have replicated
http://forum.openwrt.org/viewtopic.php?pid=10701#p10701 (e.g. 10.0.0.1,2)
exactly with the expected result, but am having trouble replicating that
success on the actual LANs.

I'm in need of some advice, any suggestions are greatly appreciated:

The LAN networks are:

	LAN1: 192.168.10.0   (DHCP .50-.130, static .2-.6)
	LAN2: 192.168.30.0   (DHCP .10-.130)

The OpenWRT public IP addresses (fictionalized) are:

	IP1: 5.6.7.162    (fictional)
	IP2: 5.6.7.179    (fictional)

OpenVPN Config on IP1/LAN1:

	/etc/openvpn/server.conf
	dev tap0
	local 5.6.7.162
	remote 5.6.7.179
	port 1194
	server-bridge 192.168.10.137 255.255.255.0 192.168.10.138 192.168.10.254
	push "route 192.168.10.0 255.255.255.0"
	secret /etc/openvpn/openvpn.key
	daemon

OpenVPN Config on IP2/LAN2:

	/etc/openvpn/client.conf:
	client
	dev tap0
	remote 5.6.7.162
	port 1194
	secret /etc/openvpn/openvpn.key
	daemon

The ifconfigs after manually setting the tap0 IP, per the bridging HowTo:


IP1/LAN1:

   br-lan Link encap:Ethernet  HWaddr 00:12:12:12:12:12
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4021 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:590823 (576.9 KiB)  TX bytes:390216 (381.0 KiB)

   eth0   Link encap:Ethernet  HWaddr 00:12:12:12:12:12
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12878 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10890 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1556636 (1.4 MiB)  TX bytes:1431732 (1.3 MiB)
          Interrupt:4

   eth0.0 Link encap:Ethernet  HWaddr 00:12:12:12:12:12
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4021 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:613647 (599.2 KiB)  TX bytes:406300 (396.7 KiB)

   eth0.1 Link encap:Ethernet  HWaddr 00:12:12:12:12:12
          inet addr:5.6.7.162  Bcast:5.6.7.175  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6878 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:712519 (695.8 KiB)  TX bytes:974503 (951.6 KiB)

   lo     Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

   tap0   Link encap:Ethernet  HWaddr 00:FF:A4:59:69:2B
          inet addr:192.168.10.137  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:1106 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


IP2/LAN2:

   br-lan Link encap:Ethernet  HWaddr 00:11:11:11:11:11
          inet addr:192.168.30.1  Bcast:192.168.30.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:177 errors:0 dropped:0 overruns:0 frame:0
          TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15969 (15.5 KiB)  TX bytes:32360 (31.6 KiB)

   eth0   Link encap:Ethernet  HWaddr 00:11:11:11:11:11
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3671 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4030 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:409173 (399.5 KiB)  TX bytes:536111 (523.5 KiB)
          Interrupt:4

   eth0.0 Link encap:Ethernet  HWaddr 00:11:11:11:11:11
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:177 errors:0 dropped:0 overruns:0 frame:0
          TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:16677 (16.2 KiB)  TX bytes:32816 (32.0 KiB)

   eth0.1 Link encap:Ethernet  HWaddr 00:11:11:11:11:11
          inet addr:5.6.7.179  Bcast:5.6.7.191  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3496 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3916 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:326560 (318.9 KiB)  TX bytes:482971 (471.6 KiB)

   lo     Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:672 (672.0 B)  TX bytes:672 (672.0 B)

   tap0   Link encap:Ethernet  HWaddr 00:FF:38:22:4B:8C
          inet addr:192.168.10.138  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:48 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


OpenVPN is started by the init script:

	# cat /etc/init.d/openvpn
	#!/bin/sh /etc/rc.common
	# Copyright (C) 2007 OpenWrt.org

	START=70
	BIN=openvpn
	DEFAULT=/etc/default/$BIN
	RUN_D=/var/run
	PID_F=$RUN_D/$BIN.pid

	start() {
		[ -f $DEFAULT ] && . $DEFAULT
		mkdir -p $RUN_D
		$BIN --writepid $RUN_D/$BIN.pid --daemon $OPTIONS
	}

	stop() {
		[ -f $PID_F ] && kill $(cat $PID_F)
	}

Which has an indirection to /etc/openvpn/[server,client].conf:

	# cat /etc/default/openvpn
	CONFIG="/etc/openvpn/server.conf"
	OPTIONS="--config $CONFIG"


Before starting OpenVPN, I run a bridge-up script adapted to OpenWRT:

	# cat /etc/openvpn/bridge-up
	#!/bin/sh
	br="br-lan"
	tap="tap0"
	for t in $tap; do
		openvpn --mktun --dev $t
	done
	for t in $tap; do
		 brctl addif $br $t
	done
	for t in $tap; do
		 ifconfig $t 0.0.0.0 promisc up
	done

And for completeness, the eventual bridge-down script:

	# cat /etc/openvpn/bridge-down
	#!/bin/sh
	tap="tap0"
	for t in $tap; do
		openvpn --rmtun --dev $t
	done

The iptables firewall is currently configured as follows:

	# iptables --list | grep 1194
	ACCEPT  udp  --  anywhere  anywhere  multiport dports 1194

I'm pretty sure I need to incorporate the suggestion at:
http://openvpn.net/bridge.html#linuxscript, which cites:

	iptables -A INPUT -i tap0 -j ACCEPT
	iptables -A INPUT -i br-lan -j ACCEPT
	iptables -A FORWARD -i br-lan -j ACCEPT

I presume the latter two will be somewhat different than the recommendation
due to the nature of the OpenWRT use of br-lan, which is not OpenVPN-specific,
but also a bridge for interface wan (eth0.1).

Thanks for any suggestions, and I'll be glad to provide additional config info.

- Jeff

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users