hmmm, it should be the exact problem i got, thank you very much.
On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution:
http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/
So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration).
Hello,
I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one.
Extrange behaviour but this works for me in this way now.
I look forward RedHat fixed this bug soon.
El 07/11/11 06:39, 唐建伟 escribió:
thank you very much for your follow up. wish to get good news from you
soon.
On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich@yandex.ru
wrote:
28.09.2011, 04:58, "唐建伟"myhnet@gmail.com: Hello, I didn't find what to answer to you mounth ago. But now I also
have
an installation of centos 6 (at past I used centos 5.7) , and I have
the
same problems as you. First of all, did you find any solutions?
I only found that the problem is in br0 device. I can't guess why but
it
not recive ARP REPLY packets.
tcpdump on all devices (tap0, eth1, br0) give me the same:
20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of
my
local hosts//
and no APR REPLY.
Intresting that on other hand I have the same configs files on Centos
5.7.
and everything work perfectly.
no, i removed the commands you mentioned, but it still doesn't work.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<
mikxalich@yandex.ru
wrote:
I can't remember a reason, but at one moment I stop to use
"openvpn
--mktun --dev [dev name]" command. May be it's becouse openvpn
create
tap0
by it self. So try to comment this lines:
for t in $tap; do openvpn --mktun --dev $t donethen restart a network, after then start openvpn and after it
start
bridge
script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key # This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
192.168.119.225
> keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > brctl addif $br $t > done > > for t in $tap; do > ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast
$eth_broadcast*
> > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
mikxalich@yandex.ru
> wrote: >> Hm... It's very hard to guess without config files. Can you
post
your
>> server and client openvpn configs... and also can your show a
br0
creation >> commands? >> >> 27.09.2011, 12:01, "唐建伟"myhnet@gmail.com: >>> Hi >>> >>> no, i don't think so. anyway, i can and only can the vpn
server
from
the >>> remote hosts. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< mikxalich@yandex.ru >>> wrote: >>>> So, something stop packets from remote hosts. May be
firewall on
remote >>>> PC...? and can you run tcpdump on same remote host, to
check that
it's >> tap0 >>>> device. >>>> >>>> 27.09.2011, 11:06, "唐建伟"myhnet@gmail.com: >>>>> Hi >>>>> >>>>> the routing table in the remote hosts are OK. "tcpdump -n
-i
[device >>>> name]" >>>>> cannot capture any packages from remote. no mater br0 nor
tap0.
>>>>> >>>>> Best Regards >>>>> Tang Jianwei >>>>> >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил< >> mikxalich@yandex.ru >>>>> wrote: >>>>>> 27.09.2011, 09:52, "唐建伟"myhnet@gmail.com: >>>>>>> Hi all, >>>>>>> >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get
strange
>>>> problems: >>>>>>> the remote PCs cannot get the local PCs' MACs and
also, the
local >> PCs >>>>>>> cannot get the remote PCs' MACs >>>>>>> >>>>>>> but when i run "brctl showmacs br0" it will list all
the
MACs
and >>>> also " >>>>>>> brctl show" will show that all the correct adapters are
in
br0
>>>>>>> SELinux disabled >>>>>>> >>>>>>> any ideas? >>>>>> First of all you should check routing table of remote
hosts.
If
>>>> everything >>>>>> is correct, try to monitor br0, and other devises(ethX)
by
"tcpdump >> -n >>>> -i >>>>>> [device name]". >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS@centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> -- >>>>> Tang Jianwei >>>>> System Administrator >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS@centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS@centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--
Lorenzo Martinez Rodriguez
Visit me: http://www.lorenzomartinez.es Mail me to: lorenzo@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos