OpenVPN Bridging Connectivity Issue (possible TAP problem?)
 

I've searched all over the internet and I can't find a solution for this, so I think this is a unique problem. I've gotten OpenVPN working extremely well in routing mode, but I'm having problems with bridging mode.

Specifically, when I connect to the server with my client, I get the error, "Network is unreachable," on the SERVER. Additionally, Wireshark cannot see any traffic comming into the tap0 interface, although it sees everything fine on the br0 and eth1 interfaces (a lot of UDP packets, pings and broadcasts, etc). It appears that tap0 just is not routed to. I've used the sample-scripts "bridge-start" and server.conf with the relevant IP addresses entered.

If somebody could possible explain how they got their bridging and VPN working, I would definitely understand a lot of it. I've worked with many, many VPN solutions, many firewalls (there is no firewall on this linux box...i.e. no iptables rules except "accept.."), and I know a thing or two about subnetting, etc. Am I just missing something? Did I misconfigure something? Does anyone need anymore information?

I've seen some good success stories with the bridge VPN, so I expect that somebody who really understands this stuff can help me out. Like I said, if you just want to explain how you got your bridging VPN working, then I might be able to pick out the areas where I am going wrong.

Thanks for any help!

Oh boy. I retired after a long night of trying to fix this problem, then I gave myself a day of rest, and then I forced myself back on the offensive against this problem. I must've run a thousand iptables and route commands that I knew wouldn't work. Then I tried to surf to an internet website from my server computer (instead of my other two!). That's when I had my eureka moment. The stupid bridging script stole the route to the default gateway. Thus, for anyone how needs further explanation, the packets could come into my OpenVPN server from outside of the network, but the server didn't know how to get the packets back out to and outside networks.

Anyway, I'm humbled. OpenVPN has provided me with another excellent Linux adventure, and it's now something that I expect to use all the time on the road.

I'm surprised that this problem doesn't come up more often. I followed the How-To to a tee, and I used the sample server.conf and bridge-start scripts that came with OpenVPN while only changing the relevent IP addresses. I haven't used the bridge-utilities stuff a lot, but it appears that the default bridge-start OpenVPN script is written in a way that causes the bridging setup to punt your default routes. Nonetheless, for those that are googling into this page, here's the command that fixed all my problems, that I will likely add to the bridge-start script:

route add default gw 192.168.01 [or replace with the IP address of your gateway.]

It appears that everything is in decent working order. I employed the "push "redirect-gateway def1"" command, and even though I'm routing everything through my VPN, my file sharing is not working well from client to server, although everthing behind the server can see my client file shares perfectly. The two computers behind the server are much faster machines though, and the slower client computer appears to chug and churn along before evidently timing out. Way to go turn of the century technology. (Update, I took one of my PCs off the VPN's subnet, and the client finally recognized the file shares that broadcast.)

Anyway, I hope this helps somebody else out.

I am confused with the address on bridge interface, which address goes to br0 and tap0
For example eth0 has 192.168.1.10, where did I put the 10.8.0.4 (default openvpn) address at br0 or tap0?
I got it works with client getting itself with address with 10.8.0.50, but It can't rout out internet traffic even I add the default gw in the server and client. the client is XP, the server is linux

I am mixed up the physical ip address with vitual vpn ip address.

thanks

find out how I slove this problem at here