LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-20-2013, 06:33 AM   #1
woow
LQ Newbie
 
Registered: May 2011
Distribution: CentOS 6.2
Posts: 11

Rep: Reputation: Disabled
Open VPN connectivity problem with bridged interfaces


Hi.

I have followed these instructions on http://www.server-world.info/en/note...OS_6&p=openvpn creating a VPN and I'm facing the connectivity issues although I'm able to connect into the tunnel from a client. My main concerns are I'm not sure I'm setting up correct the bridged network, and have put the firewall rules to forward the traffic, but without success.

The openvpn server.conf is the following

Code:
port 1194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/centos.crt
key /etc/openvpn/easy-rsa/keys/centos.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 10.0.0.60 255.255.255.0 10.0.0.200 10.0.0.254
push "route 10.0.0.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log         /var/log/openvpn.log
log-append  /var/log/openvpn.log
verb 3
/etc/openvpn/bridge-start

Code:
br="br0"
tap="tap0"
eth="eth1"
eth_ip="10.0.0.60"
eth_netmask="255.255.255.0"
eth_broadcast="10.0.0.255"
for t in $tap; do
    openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
    brctl addif $br $t
done
for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
where ifcongig (after bridge-start)

Code:
eth0      Link encap:Ethernet  HWaddr 00:E0:81:B4:F0:22  
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3682 errors:0 dropped:0 overruns:0 frame:0

eth1      Link encap:Ethernet  HWaddr 00:E0:81:B4:F0:23  
          inet addr:192.168.1.150  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1

br0       Link encap:Ethernet  HWaddr 00:E0:81:B4:F0:23  
          inet addr:10.0.0.60  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:81ff:feb4:f023/64 Scope:Link

tap0      Link encap:Ethernet  HWaddr B6:06:83:5A:D7:17  
          inet6 addr: fe80::b406:83ff:fe5a:d717/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
I should note that eth1 is not connected to the router. I have bridged this interface with with the br0 / tap0 as when I try to bind eth0 I completely loose connectivity from the internet.

Now I connect to the server from the client successfully, but from there I cannot ping either the local machine assigned ip (10.0.0.200), neither the server's (10.0.0.60)

I checked the iptables and added the following roules:

Code:
iptables -I INPUT 1 -i tap0 -j ACCEPT
iptables -I INPUT 1 -i br0 -j ACCEPT
iptables -I FORWARD 1 -i br0 -j ACCEPT
I would appreciated if someone could give a explanation what am I doing wrong or a tip how to resolve this issue.

Thank you.
 
Old 01-20-2013, 03:26 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,850

Rep: Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757Reputation: 757
Not sure what else is on your network, but tap is layer 2 bridging. It makes two disjoint ethernet segments into one.

tun is layer 3 bridging. It bridges two separate ethernet LANS, which can have separate gateways, DHCP servers, etc.

You can use tap if the VPN is always on, so the services are always there. If you want to be able to run them separately use tun.

Directions for CentOS:
https://safesrv.net/install-openvpn-on-centos/
 
1 members found this post helpful.
Old 01-31-2013, 08:37 AM   #3
woow
LQ Newbie
 
Registered: May 2011
Distribution: CentOS 6.2
Posts: 11

Original Poster
Rep: Reputation: Disabled
Thanks for your answer. The problem existed because I was trying to connect the client over tun when the server was configured over tap.
Changing the server configuration to tun solved the problem.

Thank you very much.
 
  


Reply

Tags
openvpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bridged & Bonded Interfaces? Confusion slimjim Linux - Networking 2 06-14-2012 05:36 AM
Bridged Interfaces in CentOS snq Linux - Networking 1 11-21-2010 01:24 AM
[SOLVED] Bridged VPN with two NICs traderbam Linux - Networking 1 06-04-2010 07:19 PM
Linux KVM/VMWare bridged interfaces and the Cisco 5505 fantasygoat Linux - Networking 1 12-04-2009 02:21 PM
Trying to configure shorewall to allow bridged vpn traffic to the local subnet perlchun Linux - Networking 4 06-25-2008 10:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration