[CentOS] openvpn + bridge utils in CentOS 6

唐建伟 myhnet at gmail.com
Mon Nov 7 05:39:28 UTC 2011 

thank you very much for your follow up. wish to get good news from you soon.

On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:

>
>
> 28.09.2011, 04:58, "唐建伟" <myhnet at gmail.com>:
> Hello, I didn't find what to answer to you mounth ago. But now I also have
> an installation of centos 6 (at past I used centos 5.7) , and I have the
> same problems as you. First of all, did you find any solutions?
>
> I only found that the problem is in br0 device. I can't guess why but it
> not recive ARP REPLY packets.
>
> tcpdump on all devices (tap0, eth1, br0) give me the same:
>
> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
> local hosts//
>
> and no APR REPLY.
>
> Intresting that on other hand I have the same configs files on Centos 5.7.
> and everything work perfectly.
>
>
> > no, i removed the commands you mentioned, but it still doesn't work.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >>  I can't remember a reason, but at one moment I stop to use  "openvpn
> >>  --mktun --dev [dev name]" command. May be it's becouse openvpn create
> tap0
> >>  by it self. So try to comment this lines:
> >>
> >>   for t in $tap; do
> >>      openvpn --mktun --dev $t
> >>   done
> >>
> >>  then restart a network, after then start openvpn and after it start
> bridge
> >>  script
> >>>  openvpn configure file
> >>>
> >>>  *port 1194
> >>>  proto udp
> >>>  dev tap0
> >>>  ca ca.crt
> >>>  cert VPN_Server.crt
> >>>  key VPN_Server.key  # This file should be kept secret
> >>>  dh dh1024.pem
> >>>  server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> 192.168.119.225
> >>>  keepalive 10 120
> >>>  comp-lzo
> >>>  user nobody
> >>>  group nobody
> >>>  persist-key
> >>>  persist-tun
> >>>  status openvpn-status.log
> >>>  log-append  /var/log/openvpn.log
> >>>  verb 3
> >>>  mute 20
> >>>  *
> >>>
> >>>  the script for bring up the bridge
> >>>  *# Define Bridge Interface
> >>>  br="br0"
> >>>
> >>>  # Define list of TAP interfaces to be bridged,
> >>>  # for example tap="tap0 tap1 tap2".
> >>>  tap="tap0"
> >>>
> >>>  # Define physical ethernet interface to be bridged
> >>>  # with TAP interface(s) above.
> >>>  eth="eth1"
> >>>  eth_ip="192.168.119.1"
> >>>  eth_netmask="255.255.255.0"
> >>>  eth_broadcast="192.168.119.255"
> >>>
> >>>  for t in $tap; do
> >>>      openvpn --mktun --dev $t
> >>>  done
> >>>
> >>>  brctl addbr $br
> >>>  brctl addif $br $eth
> >>>
> >>>  for t in $tap; do
> >>>      brctl addif $br $t
> >>>  done
> >>>
> >>>  for t in $tap; do
> >>>      ifconfig $t 0.0.0.0 promisc up
> >>>  done
> >>>
> >>>  ifconfig $eth 0.0.0.0 promisc up
> >>>
> >>>  ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >>>
> >>>  On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>>   Hm... It's very hard to guess without config files. Can you post
> your
> >>>>   server and client openvpn configs... and also can your show  a br0
> >>  creation
> >>>>   commands?
> >>>>
> >>>>   27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> >>>>>   Hi
> >>>>>
> >>>>>   no, i don't think so. anyway, i can and only can the vpn server
> from
> >>  the
> >>>>>   remote hosts.
> >>>>>
> >>>>>   Best Regards
> >>>>>   Tang Jianwei
> >>>>>
> >>>>>   On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> >>  mikxalich at yandex.ru
> >>>>>  wrote:
> >>>>>>    So, something stop packets from remote hosts. May be firewall on
> >>  remote
> >>>>>>    PC...? and can you run tcpdump on same remote host, to check that
> >>  it's
> >>>>   tap0
> >>>>>>    device.
> >>>>>>
> >>>>>>    27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>>>>>>    Hi
> >>>>>>>
> >>>>>>>    the routing table in the remote hosts are OK. "tcpdump -n -i
> >>  [device
> >>>>>>    name]"
> >>>>>>>    cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>>>
> >>>>>>>    Best Regards
> >>>>>>>    Tang Jianwei
> >>>>>>>
> >>>>>>>    On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >>>>   mikxalich at yandex.ru
> >>>>>>>   wrote:
> >>>>>>>>     27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>>>>>>     Hi all,
> >>>>>>>>>
> >>>>>>>>>     I just intalled openvpn + bridge in CentOS 6, but i get
> strange
> >>>>>>    problems:
> >>>>>>>>>     the remote PCs cannot get the local PCs'  MACs and also, the
> >>  local
> >>>>   PCs
> >>>>>>>>>     cannot get the remote PCs' MACs
> >>>>>>>>>
> >>>>>>>>>     but when i run "brctl showmacs br0"  it will list all the
> MACs
> >>  and
> >>>>>>    also "
> >>>>>>>>>     brctl show" will show that all the correct adapters are in
> br0
> >>>>>>>>>
> >>>>>>>>>     SELinux disabled
> >>>>>>>>>
> >>>>>>>>>     any ideas?
> >>>>>>>>     First of all you should check routing table of remote hosts.
> If
> >>>>>>     everything
> >>>>>>>>     is correct, try to monitor br0, and other devises(ethX) by
> >>  "tcpdump
> >>>>   -n
> >>>>>>    -i
> >>>>>>>>     [device name]".
> >>>>>>>>     _______________________________________________
> >>>>>>>>     CentOS mailing list
> >>>>>>>>     CentOS at centos.org
> >>>>>>>>     http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>    --
> >>>>>>>    Tang Jianwei
> >>>>>>>    System Administrator
> >>>>>>>    _______________________________________________
> >>>>>>>    CentOS mailing list
> >>>>>>>    CentOS at centos.org
> >>>>>>>    http://lists.centos.org/mailman/listinfo/centos
> >>>>>>    _______________________________________________
> >>>>>>    CentOS mailing list
> >>>>>>    CentOS at centos.org
> >>>>>>    http://lists.centos.org/mailman/listinfo/centos
> >>>>>   --
> >>>>>   Tang Jianwei
> >>>>>   System Administrator
> >>>>>   _______________________________________________
> >>>>>   CentOS mailing list
> >>>>>   CentOS at centos.org
> >>>>>   http://lists.centos.org/mailman/listinfo/centos
> >>>>   _______________________________________________
> >>>>   CentOS mailing list
> >>>>   CentOS at centos.org
> >>>>   http://lists.centos.org/mailman/listinfo/centos
> >>>  --
> >>>  Tang Jianwei
> >>>  System Administrator
> >>>  _______________________________________________
> >>>  CentOS mailing list
> >>>  CentOS at centos.org
> >>>  http://lists.centos.org/mailman/listinfo/centos
> >>  _______________________________________________
> >>  CentOS mailing list
> >>  CentOS at centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator

More information about the CentOS mailing list