LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 09-04-2006, 01:39 AM   #1
SquishyMarbles
Member
 
Registered: Apr 2006
Posts: 39

Rep: Reputation: 15
OpenVPN Bridging Connectivity Issue (possible TAP problem?)


I've searched all over the internet and I can't find a solution for this, so I think this is a unique problem. I've gotten OpenVPN working extremely well in routing mode, but I'm having problems with bridging mode.

Specifically, when I connect to the server with my client, I get the error, "Network is unreachable," on the SERVER. Additionally, Wireshark cannot see any traffic comming into the tap0 interface, although it sees everything fine on the br0 and eth1 interfaces (a lot of UDP packets, pings and broadcasts, etc). It appears that tap0 just is not routed to. I've used the sample-scripts "bridge-start" and server.conf with the relevant IP addresses entered.

If somebody could possible explain how they got their bridging and VPN working, I would definitely understand a lot of it. I've worked with many, many VPN solutions, many firewalls (there is no firewall on this linux box...i.e. no iptables rules except "accept.."), and I know a thing or two about subnetting, etc. Am I just missing something? Did I misconfigure something? Does anyone need anymore information?

I've seen some good success stories with the bridge VPN, so I expect that somebody who really understands this stuff can help me out. Like I said, if you just want to explain how you got your bridging VPN working, then I might be able to pick out the areas where I am going wrong.

Thanks for any help!
 
Old 09-04-2006, 02:23 AM   #2
SquishyMarbles
Member
 
Registered: Apr 2006
Posts: 39

Original Poster
Rep: Reputation: 15
Oh boy. I retired after a long night of trying to fix this problem, then I gave myself a day of rest, and then I forced myself back on the offensive against this problem. I must've run a thousand iptables and route commands that I knew wouldn't work. Then I tried to surf to an internet website from my server computer (instead of my other two!). That's when I had my eureka moment. The stupid bridging script stole the route to the default gateway. Thus, for anyone how needs further explanation, the packets could come into my OpenVPN server from outside of the network, but the server didn't know how to get the packets back out to and outside networks.

Anyway, I'm humbled. OpenVPN has provided me with another excellent Linux adventure, and it's now something that I expect to use all the time on the road.

I'm surprised that this problem doesn't come up more often. I followed the How-To to a tee, and I used the sample server.conf and bridge-start scripts that came with OpenVPN while only changing the relevent IP addresses. I haven't used the bridge-utilities stuff a lot, but it appears that the default bridge-start OpenVPN script is written in a way that causes the bridging setup to punt your default routes. Nonetheless, for those that are googling into this page, here's the command that fixed all my problems, that I will likely add to the bridge-start script:

route add default gw 192.168.01 [or replace with the IP address of your gateway.]

It appears that everything is in decent working order. I employed the "push "redirect-gateway def1"" command, and even though I'm routing everything through my VPN, my file sharing is not working well from client to server, although everthing behind the server can see my client file shares perfectly. The two computers behind the server are much faster machines though, and the slower client computer appears to chug and churn along before evidently timing out. Way to go turn of the century technology. (Update, I took one of my PCs off the VPN's subnet, and the client finally recognized the file shares that broadcast.)

Anyway, I hope this helps somebody else out.

Last edited by SquishyMarbles; 09-04-2006 at 02:36 AM.
 
Old 09-28-2006, 11:28 PM   #3
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 208
Blog Entries: 2

Rep: Reputation: Disabled
I am confused with the address on bridge interface, which address goes to br0 and tap0
For example eth0 has 192.168.1.10, where did I put the 10.8.0.4 (default openvpn) address at br0 or tap0?
I got it works with client getting itself with address with 10.8.0.50, but It can't rout out internet traffic even I add the default gw in the server and client. the client is XP, the server is linux

I am mixed up the physical ip address with vitual vpn ip address.

thanks

find out how I slove this problem at here

Last edited by number22; 10-01-2006 at 03:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
bridging, tun/tap, qemu issues kc8tbe Linux - Networking 10 03-19-2007 02:47 PM
Recent problem with TUN/TAP and Bridging meres Linux - Networking 2 12-29-2005 08:02 AM
Internet Connectivity Issue sdr0715 Linux - General 2 09-28-2005 02:11 PM
Problen with broadcasts in OpenVPN/bridging ValidiusMaximus Linux - Software 0 06-11-2005 09:08 AM
Network Connectivity Issue EERookie Linux - Networking 2 01-30-2005 02:44 PM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration