[CentOS] openvpn + bridge utils in CentOS 6
唐建伟
myhnet at gmail.com
Wed Sep 28 00:58:44 UTC 2011
no, i removed the commands you mentioned, but it still doesn't work.
Best Regards
Tang Jianwei
On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:
> I can't remember a reason, but at one moment I stop to use "openvpn
> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
> by it self. So try to comment this lines:
>
> for t in $tap; do
> openvpn --mktun --dev $t
> done
>
> then restart a network, after then start openvpn and after it start bridge
> script
>
>
> > openvpn configure file
> >
> > *port 1194
> > proto udp
> > dev tap0
> > ca ca.crt
> > cert VPN_Server.crt
> > key VPN_Server.key # This file should be kept secret
> > dh dh1024.pem
> > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > log-append /var/log/openvpn.log
> > verb 3
> > mute 20
> > *
> >
> > the script for bring up the bridge
> > *# Define Bridge Interface
> > br="br0"
> >
> > # Define list of TAP interfaces to be bridged,
> > # for example tap="tap0 tap1 tap2".
> > tap="tap0"
> >
> > # Define physical ethernet interface to be bridged
> > # with TAP interface(s) above.
> > eth="eth1"
> > eth_ip="192.168.119.1"
> > eth_netmask="255.255.255.0"
> > eth_broadcast="192.168.119.255"
> >
> > for t in $tap; do
> > openvpn --mktun --dev $t
> > done
> >
> > brctl addbr $br
> > brctl addif $br $eth
> >
> > for t in $tap; do
> > brctl addif $br $t
> > done
> >
> > for t in $tap; do
> > ifconfig $t 0.0.0.0 promisc up
> > done
> >
> > ifconfig $eth 0.0.0.0 promisc up
> >
> > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >
> > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >> Hm... It's very hard to guess without config files. Can you post your
> >> server and client openvpn configs... and also can your show a br0
> creation
> >> commands?
> >>
> >> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> >>> Hi
> >>>
> >>> no, i don't think so. anyway, i can and only can the vpn server from
> the
> >>> remote hosts.
> >>>
> >>> Best Regards
> >>> Tang Jianwei
> >>>
> >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>> So, something stop packets from remote hosts. May be firewall on
> remote
> >>>> PC...? and can you run tcpdump on same remote host, to check that
> it's
> >> tap0
> >>>> device.
> >>>>
> >>>> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>>>> Hi
> >>>>>
> >>>>> the routing table in the remote hosts are OK. "tcpdump -n -i
> [device
> >>>> name]"
> >>>>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>
> >>>>> Best Regards
> >>>>> Tang Jianwei
> >>>>>
> >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >> mikxalich at yandex.ru
> >>>>> wrote:
> >>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>>>> Hi all,
> >>>>>>>
> >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange
> >>>> problems:
> >>>>>>> the remote PCs cannot get the local PCs' MACs and also, the
> local
> >> PCs
> >>>>>>> cannot get the remote PCs' MACs
> >>>>>>>
> >>>>>>> but when i run "brctl showmacs br0" it will list all the MACs
> and
> >>>> also "
> >>>>>>> brctl show" will show that all the correct adapters are in br0
> >>>>>>>
> >>>>>>> SELinux disabled
> >>>>>>>
> >>>>>>> any ideas?
> >>>>>> First of all you should check routing table of remote hosts. If
> >>>> everything
> >>>>>> is correct, try to monitor br0, and other devises(ethX) by
> "tcpdump
> >> -n
> >>>> -i
> >>>>>> [device name]".
> >>>>>> _______________________________________________
> >>>>>> CentOS mailing list
> >>>>>> CentOS at centos.org
> >>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>> --
> >>>>> Tang Jianwei
> >>>>> System Administrator
> >>>>> _______________________________________________
> >>>>> CentOS mailing list
> >>>>> CentOS at centos.org
> >>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS at centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Tang Jianwei
System Administrator
More information about the CentOS
mailing list