[CentOS] openvpn + bridge utils in CentOS 6
唐建伟
myhnet at gmail.com
Mon Nov 7 05:39:28 UTC 2011
thank you very much for your follow up. wish to get good news from you soon.
On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:
>
>
> 28.09.2011, 04:58, "唐建伟" <myhnet at gmail.com>:
> Hello, I didn't find what to answer to you mounth ago. But now I also have
> an installation of centos 6 (at past I used centos 5.7) , and I have the
> same problems as you. First of all, did you find any solutions?
>
> I only found that the problem is in br0 device. I can't guess why but it
> not recive ARP REPLY packets.
>
> tcpdump on all devices (tap0, eth1, br0) give me the same:
>
> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
> local hosts//
>
> and no APR REPLY.
>
> Intresting that on other hand I have the same configs files on Centos 5.7.
> and everything work perfectly.
>
>
> > no, i removed the commands you mentioned, but it still doesn't work.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >> I can't remember a reason, but at one moment I stop to use "openvpn
> >> --mktun --dev [dev name]" command. May be it's becouse openvpn create
> tap0
> >> by it self. So try to comment this lines:
> >>
> >> for t in $tap; do
> >> openvpn --mktun --dev $t
> >> done
> >>
> >> then restart a network, after then start openvpn and after it start
> bridge
> >> script
> >>> openvpn configure file
> >>>
> >>> *port 1194
> >>> proto udp
> >>> dev tap0
> >>> ca ca.crt
> >>> cert VPN_Server.crt
> >>> key VPN_Server.key # This file should be kept secret
> >>> dh dh1024.pem
> >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> 192.168.119.225
> >>> keepalive 10 120
> >>> comp-lzo
> >>> user nobody
> >>> group nobody
> >>> persist-key
> >>> persist-tun
> >>> status openvpn-status.log
> >>> log-append /var/log/openvpn.log
> >>> verb 3
> >>> mute 20
> >>> *
> >>>
> >>> the script for bring up the bridge
> >>> *# Define Bridge Interface
> >>> br="br0"
> >>>
> >>> # Define list of TAP interfaces to be bridged,
> >>> # for example tap="tap0 tap1 tap2".
> >>> tap="tap0"
> >>>
> >>> # Define physical ethernet interface to be bridged
> >>> # with TAP interface(s) above.
> >>> eth="eth1"
> >>> eth_ip="192.168.119.1"
> >>> eth_netmask="255.255.255.0"
> >>> eth_broadcast="192.168.119.255"
> >>>
> >>> for t in $tap; do
> >>> openvpn --mktun --dev $t
> >>> done
> >>>
> >>> brctl addbr $br
> >>> brctl addif $br $eth
> >>>
> >>> for t in $tap; do
> >>> brctl addif $br $t
> >>> done
> >>>
> >>> for t in $tap; do
> >>> ifconfig $t 0.0.0.0 promisc up
> >>> done
> >>>
> >>> ifconfig $eth 0.0.0.0 promisc up
> >>>
> >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >>>
> >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>> Hm... It's very hard to guess without config files. Can you post
> your
> >>>> server and client openvpn configs... and also can your show a br0
> >> creation
> >>>> commands?
> >>>>
> >>>> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> >>>>> Hi
> >>>>>
> >>>>> no, i don't think so. anyway, i can and only can the vpn server
> from
> >> the
> >>>>> remote hosts.
> >>>>>
> >>>>> Best Regards
> >>>>> Tang Jianwei
> >>>>>
> >>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> >> mikxalich at yandex.ru
> >>>>> wrote:
> >>>>>> So, something stop packets from remote hosts. May be firewall on
> >> remote
> >>>>>> PC...? and can you run tcpdump on same remote host, to check that
> >> it's
> >>>> tap0
> >>>>>> device.
> >>>>>>
> >>>>>> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>>>>>> Hi
> >>>>>>>
> >>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i
> >> [device
> >>>>>> name]"
> >>>>>>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>>>
> >>>>>>> Best Regards
> >>>>>>> Tang Jianwei
> >>>>>>>
> >>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >>>> mikxalich at yandex.ru
> >>>>>>> wrote:
> >>>>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>>>>>> Hi all,
> >>>>>>>>>
> >>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get
> strange
> >>>>>> problems:
> >>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the
> >> local
> >>>> PCs
> >>>>>>>>> cannot get the remote PCs' MACs
> >>>>>>>>>
> >>>>>>>>> but when i run "brctl showmacs br0" it will list all the
> MACs
> >> and
> >>>>>> also "
> >>>>>>>>> brctl show" will show that all the correct adapters are in
> br0
> >>>>>>>>>
> >>>>>>>>> SELinux disabled
> >>>>>>>>>
> >>>>>>>>> any ideas?
> >>>>>>>> First of all you should check routing table of remote hosts.
> If
> >>>>>> everything
> >>>>>>>> is correct, try to monitor br0, and other devises(ethX) by
> >> "tcpdump
> >>>> -n
> >>>>>> -i
> >>>>>>>> [device name]".
> >>>>>>>> _______________________________________________
> >>>>>>>> CentOS mailing list
> >>>>>>>> CentOS at centos.org
> >>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>> --
> >>>>>>> Tang Jianwei
> >>>>>>> System Administrator
> >>>>>>> _______________________________________________
> >>>>>>> CentOS mailing list
> >>>>>>> CentOS at centos.org
> >>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>> _______________________________________________
> >>>>>> CentOS mailing list
> >>>>>> CentOS at centos.org
> >>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>> --
> >>>>> Tang Jianwei
> >>>>> System Administrator
> >>>>> _______________________________________________
> >>>>> CentOS mailing list
> >>>>> CentOS at centos.org
> >>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS at centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Tang Jianwei
System Administrator
More information about the CentOS
mailing list