[SOLVED] VLAN interfaces, TAP adapter, and bridges oh my!

OK so I've never had a need to setting up VLANs in Linux before, but I do now. I am running Debian 8 primarily as a OpenVPN server. I have a bridged VPN working fine at the moment with OpenVPN bridge scripts creating the tap adapter and bridge interfaces and bridging the NIC and tap adapter under the bridge interface.

What I would like to do in my giant plan is have multiple OpenVPN instances running all on their own bridged adapter so that an AD server can hand out the DHCP leases and update the AD DNS, I do not want to use tunneling and use the OpenVPN server as a router.

Now I have one external interface, and one internal interface to the LAN. I want to tag VLAN traffic on the internal interface connected to a Catalyst 2960 and then bridge those VLAN interfaces to TAP adapters and create multiple bridges. (Perhaps someone can think of a better way to do these bridged VPNs with OpenVPN, please suggest if you ahve a better idea)

Anyways I followed the steps to create a tagged VLAN interface in Debian using the /etc/network/interfaces file, and have also configured the CISCO switch already for trunking on that port, as well as the Native VLAN for any untagged traffic. The interfaces come up fine, but when trying to network using the VLAN interface I get no connectivity to the LAN at all, and the firewall seems to block all traffic (even allowed traffic) to the external interface, although I can get out to the Internet from the box.

I tried changing the MAC address of teh VLAN interface (as per a post where this resolved someone's issue) but it did not work. Could anyone guide me through setting these up or make a suggestion as to where it might be going wrong or how to diagnose what the issue might be?

I actually think I've figured out a better way, at least partially, I'll VLAN the TAP interfaces and need only one bridge and the original ethernet adapter. Regardless I digress I'm adding configs here for help with it.

Quote:

/etc/network/interfaces auto eth0 allow-hotplug eth0 iface eth0 inet manual auto eth0.1 #Internal Interface allow-hotplug eth0.1 iface eth0.1 inet static #pre-up ifconfig NIC hw ether 99:54:AE:54:1D:AF #Fake MAC in an attempt to get VLAN working post-up iptables-restore < /etc/iptables.up.rules address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx # gateway xxx.xxx.xxx.xxx vlan-raw-device eth0 auto eth1 allow-hotplug eth1 iface eth1 inet static address xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx up route add default gw xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xxx

And this is the switchport config

Quote:

interface FastEthernet0/36 description TES-MCT-UAG G1 switchport trunk allowed vlan 1,2,20,30,40 switchport mode trunk Port Mode Encapsulation Status Native vlan Fa0/36 on 802.1q trunking 1

OK, well further testing revealed that the issue was the VLAN tagging of VLAN 1 as soon as I tagged the non native vlan it started working.

Good job and well done. Oh my!