openvpn configure file
*port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 *
the script for bring up the bridge *# Define Bridge Interface br="br0"
# Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0"
# Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255"
for t in $tap; do openvpn --mktun --dev $t done
brctl addbr $br brctl addif $br $eth
for t in $tap; do brctl addif $br $t done
for t in $tap; do ifconfig $t 0.0.0.0 promisc up done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands?
27.09.2011, 12:01, "唐建伟" myhnet@gmail.com:
Hi
no, i don't think so. anyway, i can and only can the vpn server from the remote hosts.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru wrote:
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's
tap0
device.
27.09.2011, 11:06, "唐建伟" myhnet@gmail.com:
Hi
the routing table in the remote hosts are OK. "tcpdump -n -i [device
name]"
cannot capture any packages from remote. no mater br0 nor tap0.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
mikxalich@yandex.ru
wrote:
27.09.2011, 09:52, "唐建伟" myhnet@gmail.com:
Hi all,
I just intalled openvpn + bridge in CentOS 6, but i get strange
problems:
the remote PCs cannot get the local PCs' MACs and also, the local
PCs
cannot get the remote PCs' MACs
but when i run "brctl showmacs br0" it will list all the MACs and
also "
brctl show" will show that all the correct adapters are in br0
SELinux disabled
any ideas?
First of all you should check routing table of remote hosts. If
everything
is correct, try to monitor br0, and other devises(ethX) by "tcpdump
-n
-i
[device name]". _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos