Hello, I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one. Extrange behaviour but this works for me in this way now. I look forward RedHat fixed this bug soon. El 07/11/11 06:39, 唐建伟 escribió: > thank you very much for your follow up. wish to get good news from you soon. > > On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich at yandex.ru>wrote: > >> >> 28.09.2011, 04:58, "唐建伟"<myhnet at gmail.com>: >> Hello, I didn't find what to answer to you mounth ago. But now I also have >> an installation of centos 6 (at past I used centos 5.7) , and I have the >> same problems as you. First of all, did you find any solutions? >> >> I only found that the problem is in br0 device. I can't guess why but it >> not recive ARP REPLY packets. >> >> tcpdump on all devices (tap0, eth1, br0) give me the same: >> >> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my >> local hosts// >> >> and no APR REPLY. >> >> Intresting that on other hand I have the same configs files on Centos 5.7. >> and everything work perfectly. >> >> >>> no, i removed the commands you mentioned, but it still doesn't work. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<mikxalich at yandex.ru >>> wrote: >>> >>>> I can't remember a reason, but at one moment I stop to use "openvpn >>>> --mktun --dev [dev name]" command. May be it's becouse openvpn create >> tap0 >>>> by it self. So try to comment this lines: >>>> >>>> for t in $tap; do >>>> openvpn --mktun --dev $t >>>> done >>>> >>>> then restart a network, after then start openvpn and after it start >> bridge >>>> script >>>>> openvpn configure file >>>>> >>>>> *port 1194 >>>>> proto udp >>>>> dev tap0 >>>>> ca ca.crt >>>>> cert VPN_Server.crt >>>>> key VPN_Server.key # This file should be kept secret >>>>> dh dh1024.pem >>>>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 >> 192.168.119.225 >>>>> keepalive 10 120 >>>>> comp-lzo >>>>> user nobody >>>>> group nobody >>>>> persist-key >>>>> persist-tun >>>>> status openvpn-status.log >>>>> log-append /var/log/openvpn.log >>>>> verb 3 >>>>> mute 20 >>>>> * >>>>> >>>>> the script for bring up the bridge >>>>> *# Define Bridge Interface >>>>> br="br0" >>>>> >>>>> # Define list of TAP interfaces to be bridged, >>>>> # for example tap="tap0 tap1 tap2". >>>>> tap="tap0" >>>>> >>>>> # Define physical ethernet interface to be bridged >>>>> # with TAP interface(s) above. >>>>> eth="eth1" >>>>> eth_ip="192.168.119.1" >>>>> eth_netmask="255.255.255.0" >>>>> eth_broadcast="192.168.119.255" >>>>> >>>>> for t in $tap; do >>>>> openvpn --mktun --dev $t >>>>> done >>>>> >>>>> brctl addbr $br >>>>> brctl addif $br $eth >>>>> >>>>> for t in $tap; do >>>>> brctl addif $br $t >>>>> done >>>>> >>>>> for t in $tap; do >>>>> ifconfig $t 0.0.0.0 promisc up >>>>> done >>>>> >>>>> ifconfig $eth 0.0.0.0 promisc up >>>>> >>>>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >>>>> >>>>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< >> mikxalich at yandex.ru >>>>> wrote: >>>>>> Hm... It's very hard to guess without config files. Can you post >> your >>>>>> server and client openvpn configs... and also can your show a br0 >>>> creation >>>>>> commands? >>>>>> >>>>>> 27.09.2011, 12:01, "唐建伟"<myhnet at gmail.com>: >>>>>>> Hi >>>>>>> >>>>>>> no, i don't think so. anyway, i can and only can the vpn server >> from >>>> the >>>>>>> remote hosts. >>>>>>> >>>>>>> Best Regards >>>>>>> Tang Jianwei >>>>>>> >>>>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< >>>> mikxalich at yandex.ru >>>>>>> wrote: >>>>>>>> So, something stop packets from remote hosts. May be firewall on >>>> remote >>>>>>>> PC...? and can you run tcpdump on same remote host, to check that >>>> it's >>>>>> tap0 >>>>>>>> device. >>>>>>>> >>>>>>>> 27.09.2011, 11:06, "唐建伟"<myhnet at gmail.com>: >>>>>>>>> Hi >>>>>>>>> >>>>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i >>>> [device >>>>>>>> name]" >>>>>>>>> cannot capture any packages from remote. no mater br0 nor tap0. >>>>>>>>> >>>>>>>>> Best Regards >>>>>>>>> Tang Jianwei >>>>>>>>> >>>>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил< >>>>>> mikxalich at yandex.ru >>>>>>>>> wrote: >>>>>>>>>> 27.09.2011, 09:52, "唐建伟"<myhnet at gmail.com>: >>>>>>>>>>> Hi all, >>>>>>>>>>> >>>>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get >> strange >>>>>>>> problems: >>>>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the >>>> local >>>>>> PCs >>>>>>>>>>> cannot get the remote PCs' MACs >>>>>>>>>>> >>>>>>>>>>> but when i run "brctl showmacs br0" it will list all the >> MACs >>>> and >>>>>>>> also " >>>>>>>>>>> brctl show" will show that all the correct adapters are in >> br0 >>>>>>>>>>> SELinux disabled >>>>>>>>>>> >>>>>>>>>>> any ideas? >>>>>>>>>> First of all you should check routing table of remote hosts. >> If >>>>>>>> everything >>>>>>>>>> is correct, try to monitor br0, and other devises(ethX) by >>>> "tcpdump >>>>>> -n >>>>>>>> -i >>>>>>>>>> [device name]". >>>>>>>>>> _______________________________________________ >>>>>>>>>> CentOS mailing list >>>>>>>>>> CentOS at centos.org >>>>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>>>> -- >>>>>>>>> Tang Jianwei >>>>>>>>> System Administrator >>>>>>>>> _______________________________________________ >>>>>>>>> CentOS mailing list >>>>>>>>> CentOS at centos.org >>>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>>> _______________________________________________ >>>>>>>> CentOS mailing list >>>>>>>> CentOS at centos.org >>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> -- >>>>>>> Tang Jianwei >>>>>>> System Administrator >>>>>>> _______________________________________________ >>>>>>> CentOS mailing list >>>>>>> CentOS at centos.org >>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> -- >>>>> Tang Jianwei >>>>> System Administrator >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lorenzo at lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2