This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution: http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/ So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration). > Hello, > > I did not have read this issue before, but I have seen this problem > also. Whenever I restart the bridge (with tap0 interfaces also) I have > to make a first ping to the physical interface related to the tap0 > module. I also ping another machine on the same physical network. After > that, I am able to reach the bridged one. > > Extrange behaviour but this works for me in this way now. > > I look forward RedHat fixed this bug soon. > > El 07/11/11 06:39, 唐建伟 escribió: > >> thank you very much for your follow up. wish to get good news from you soon. >> >> On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich at yandex.ru>wrote: >>> 28.09.2011, 04:58, "唐建伟"<myhnet at gmail.com>: >>> Hello, I didn't find what to answer to you mounth ago. But now I also have >>> an installation of centos 6 (at past I used centos 5.7) , and I have the >>> same problems as you. First of all, did you find any solutions? >>> >>> I only found that the problem is in br0 device. I can't guess why but it >>> not recive ARP REPLY packets. >>> >>> tcpdump on all devices (tap0, eth1, br0) give me the same: >>> >>> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my >>> local hosts// >>> >>> and no APR REPLY. >>> >>> Intresting that on other hand I have the same configs files on Centos 5.7. >>> and everything work perfectly. >>>> no, i removed the commands you mentioned, but it still doesn't work. >>>> >>>> Best Regards >>>> Tang Jianwei >>>> >>>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<mikxalich at yandex.ru >>>> wrote: >>>>> I can't remember a reason, but at one moment I stop to use "openvpn >>>>> --mktun --dev [dev name]" command. May be it's becouse openvpn create >>> tap0 >>>>> by it self. So try to comment this lines: >>>>> >>>>> for t in $tap; do >>>>> openvpn --mktun --dev $t >>>>> done >>>>> >>>>> then restart a network, after then start openvpn and after it start >>> bridge >>>>> script >>>>>> openvpn configure file >>>>>> >>>>>> *port 1194 >>>>>> proto udp >>>>>> dev tap0 >>>>>> ca ca.crt >>>>>> cert VPN_Server.crt >>>>>> key VPN_Server.key # This file should be kept secret >>>>>> dh dh1024.pem >>>>>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 >>> 192.168.119.225 >>>>>> keepalive 10 120 >>>>>> comp-lzo >>>>>> user nobody >>>>>> group nobody >>>>>> persist-key >>>>>> persist-tun >>>>>> status openvpn-status.log >>>>>> log-append /var/log/openvpn.log >>>>>> verb 3 >>>>>> mute 20 >>>>>> * >>>>>> >>>>>> the script for bring up the bridge >>>>>> *# Define Bridge Interface >>>>>> br="br0" >>>>>> >>>>>> # Define list of TAP interfaces to be bridged, >>>>>> # for example tap="tap0 tap1 tap2". >>>>>> tap="tap0" >>>>>> >>>>>> # Define physical ethernet interface to be bridged >>>>>> # with TAP interface(s) above. >>>>>> eth="eth1" >>>>>> eth_ip="192.168.119.1" >>>>>> eth_netmask="255.255.255.0" >>>>>> eth_broadcast="192.168.119.255" >>>>>> >>>>>> for t in $tap; do >>>>>> openvpn --mktun --dev $t >>>>>> done >>>>>> >>>>>> brctl addbr $br >>>>>> brctl addif $br $eth >>>>>> >>>>>> for t in $tap; do >>>>>> brctl addif $br $t >>>>>> done >>>>>> >>>>>> for t in $tap; do >>>>>> ifconfig $t 0.0.0.0 promisc up >>>>>> done >>>>>> >>>>>> ifconfig $eth 0.0.0.0 promisc up >>>>>> >>>>>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >>>>>> >>>>>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< >>> mikxalich at yandex.ru >>>>>> wrote: >>>>>>> Hm... It's very hard to guess without config files. Can you post >>> your >>>>>>> server and client openvpn configs... and also can your show a br0 >>>>> creation >>>>>>> commands? >>>>>>> >>>>>>> 27.09.2011, 12:01, "唐建伟"<myhnet at gmail.com>: >>>>>>>> Hi >>>>>>>> >>>>>>>> no, i don't think so. anyway, i can and only can the vpn server >>> from >>>>> the >>>>>>>> remote hosts. >>>>>>>> >>>>>>>> Best Regards >>>>>>>> Tang Jianwei >>>>>>>> >>>>>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< >>>>> mikxalich at yandex.ru >>>>>>>> wrote: >>>>>>>>> So, something stop packets from remote hosts. May be firewall on >>>>> remote >>>>>>>>> PC...? and can you run tcpdump on same remote host, to check that >>>>> it's >>>>>>> tap0 >>>>>>>>> device. >>>>>>>>> >>>>>>>>> 27.09.2011, 11:06, "唐建伟"<myhnet at gmail.com>: >>>>>>>>>> Hi >>>>>>>>>> >>>>>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i >>>>> [device >>>>>>>>> name]" >>>>>>>>>> cannot capture any packages from remote. no mater br0 nor tap0. >>>>>>>>>> >>>>>>>>>> Best Regards >>>>>>>>>> Tang Jianwei >>>>>>>>>> >>>>>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил< >>>>>>> mikxalich at yandex.ru >>>>>>>>>> wrote: >>>>>>>>>>> 27.09.2011, 09:52, "唐建伟"<myhnet at gmail.com>: >>>>>>>>>>>> Hi all, >>>>>>>>>>>> >>>>>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get >>> strange >>>>>>>>> problems: >>>>>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the >>>>> local >>>>>>> PCs >>>>>>>>>>>> cannot get the remote PCs' MACs >>>>>>>>>>>> >>>>>>>>>>>> but when i run "brctl showmacs br0" it will list all the >>> MACs >>>>> and >>>>>>>>> also " >>>>>>>>>>>> brctl show" will show that all the correct adapters are in >>> br0 >>>>>>>>>>>> SELinux disabled >>>>>>>>>>>> >>>>>>>>>>>> any ideas? >>>>>>>>>>> First of all you should check routing table of remote hosts. >>> If >>>>>>>>> everything >>>>>>>>>>> is correct, try to monitor br0, and other devises(ethX) by >>>>> "tcpdump >>>>>>> -n >>>>>>>>> -i >>>>>>>>>>> [device name]". >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> CentOS mailing list >>>>>>>>>>> CentOS at centos.org >>>>>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>>>>> -- >>>>>>>>>> Tang Jianwei >>>>>>>>>> System Administrator >>>>>>>>>> _______________________________________________ >>>>>>>>>> CentOS mailing list >>>>>>>>>> CentOS at centos.org >>>>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>>>> _______________________________________________ >>>>>>>>> CentOS mailing list >>>>>>>>> CentOS at centos.org >>>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>>> -- >>>>>>>> Tang Jianwei >>>>>>>> System Administrator >>>>>>>> _______________________________________________ >>>>>>>> CentOS mailing list >>>>>>>> CentOS at centos.org >>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> _______________________________________________ >>>>>>> CentOS mailing list >>>>>>> CentOS at centos.org >>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>> -- >>>>>> Tang Jianwei >>>>>> System Administrator >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> -- >>>> Tang Jianwei >>>> System Administrator >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos > -- > > Lorenzo Martinez Rodriguez > > Visit me: http://www.lorenzomartinez.es > Mail me to: lorenzo at lorenzomartinez.es > My blog: http://www.securitybydefault.com > My twitter: @lawwait > PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos