I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines:
for t in $tap; do openvpn --mktun --dev $t done
then restart a network, after then start openvpn and after it start bridge script
openvpn configure file
*port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20
the script for bring up the bridge *# Define Bridge Interface br="br0"
# Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0"
# Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255"
for t in $tap; do openvpn --mktun --dev $t done
brctl addbr $br brctl addif $br $eth
for t in $tap; do brctl addif $br $t done
for t in $tap; do ifconfig $t 0.0.0.0 promisc up done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands?
27.09.2011, 12:01, "唐建伟" myhnet@gmail.com:
Hi
no, i don't think so. anyway, i can and only can the vpn server from the remote hosts.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru wrote:
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's
tap0
device.
27.09.2011, 11:06, "唐建伟" myhnet@gmail.com:
Hi
the routing table in the remote hosts are OK. "tcpdump -n -i [device
name]"
cannot capture any packages from remote. no mater br0 nor tap0.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
mikxalich@yandex.ru
wrote:
27.09.2011, 09:52, "唐建伟" myhnet@gmail.com: > Hi all, > > I just intalled openvpn + bridge in CentOS 6, but i get strange
problems:
> the remote PCs cannot get the local PCs' MACs and also, the local
PCs
> cannot get the remote PCs' MACs > > but when i run "brctl showmacs br0" it will list all the MACs and
also "
> brctl show" will show that all the correct adapters are in br0 > > SELinux disabled > > any ideas? First of all you should check routing table of remote hosts. If
everything
is correct, try to monitor br0, and other devises(ethX) by "tcpdump
-n
-i
[device name]". _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos