Hi all,
I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs
but when i run "brctl showmacs br0" it will list all the MACs and also " brctl show" will show that all the correct adapters are in br0
SELinux disabled
any ideas?
27.09.2011, 09:52, "唐建伟" myhnet@gmail.com:
First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i [device name]".
Hi
the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" cannot capture any packages from remote. no mater br0 nor tap0.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device.
27.09.2011, 11:06, "唐建伟" myhnet@gmail.com:
Hi
no, i don't think so. anyway, i can and only can the vpn server from the remote hosts.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands?
27.09.2011, 12:01, "唐建伟" myhnet@gmail.com:
openvpn configure file
*port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 *
the script for bring up the bridge *# Define Bridge Interface br="br0"
# Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0"
# Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255"
for t in $tap; do openvpn --mktun --dev $t done
brctl addbr $br brctl addif $br $eth
for t in $tap; do brctl addif $br $t done
for t in $tap; do ifconfig $t 0.0.0.0 promisc up done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines:
for t in $tap; do openvpn --mktun --dev $t done
then restart a network, after then start openvpn and after it start bridge script
no, i removed the commands you mentioned, but it still doesn't work.
Best Regards Tang Jianwei
On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил mikxalich@yandex.ruwrote:
28.09.2011, 04:58, "唐建伟" myhnet@gmail.com: Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions?
I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets.
tcpdump on all devices (tap0, eth1, br0) give me the same:
20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts//
and no APR REPLY.
Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly.
thank you very much for your follow up. wish to get good news from you soon.
On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил mikxalich@yandex.ruwrote:
Hello,
I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one.
Extrange behaviour but this works for me in this way now.
I look forward RedHat fixed this bug soon.
El 07/11/11 06:39, 唐建伟 escribió:
This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution:
http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/
So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration).
hmmm, it should be the exact problem i got, thank you very much.
On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил mikxalich@yandex.ruwrote: