28.09.2011, 04:58, "唐建伟" <myhnet at gmail.com>: Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions? I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets. tcpdump on all devices (tap0, eth1, br0) give me the same: 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts// and no APR REPLY. Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly. > no, i removed the commands you mentioned, but it still doesn't work. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote: > >> I can't remember a reason, but at one moment I stop to use "openvpn >> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 >> by it self. So try to comment this lines: >> >> for t in $tap; do >> openvpn --mktun --dev $t >> done >> >> then restart a network, after then start openvpn and after it start bridge >> script >>> openvpn configure file >>> >>> *port 1194 >>> proto udp >>> dev tap0 >>> ca ca.crt >>> cert VPN_Server.crt >>> key VPN_Server.key # This file should be kept secret >>> dh dh1024.pem >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 >>> keepalive 10 120 >>> comp-lzo >>> user nobody >>> group nobody >>> persist-key >>> persist-tun >>> status openvpn-status.log >>> log-append /var/log/openvpn.log >>> verb 3 >>> mute 20 >>> * >>> >>> the script for bring up the bridge >>> *# Define Bridge Interface >>> br="br0" >>> >>> # Define list of TAP interfaces to be bridged, >>> # for example tap="tap0 tap1 tap2". >>> tap="tap0" >>> >>> # Define physical ethernet interface to be bridged >>> # with TAP interface(s) above. >>> eth="eth1" >>> eth_ip="192.168.119.1" >>> eth_netmask="255.255.255.0" >>> eth_broadcast="192.168.119.255" >>> >>> for t in $tap; do >>> openvpn --mktun --dev $t >>> done >>> >>> brctl addbr $br >>> brctl addif $br $eth >>> >>> for t in $tap; do >>> brctl addif $br $t >>> done >>> >>> for t in $tap; do >>> ifconfig $t 0.0.0.0 promisc up >>> done >>> >>> ifconfig $eth 0.0.0.0 promisc up >>> >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >>> >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru >>> wrote: >>>> Hm... It's very hard to guess without config files. Can you post your >>>> server and client openvpn configs... and also can your show a br0 >> creation >>>> commands? >>>> >>>> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>: >>>>> Hi >>>>> >>>>> no, i don't think so. anyway, i can and only can the vpn server from >> the >>>>> remote hosts. >>>>> >>>>> Best Regards >>>>> Tang Jianwei >>>>> >>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < >> mikxalich at yandex.ru >>>>> wrote: >>>>>> So, something stop packets from remote hosts. May be firewall on >> remote >>>>>> PC...? and can you run tcpdump on same remote host, to check that >> it's >>>> tap0 >>>>>> device. >>>>>> >>>>>> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>: >>>>>>> Hi >>>>>>> >>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i >> [device >>>>>> name]" >>>>>>> cannot capture any packages from remote. no mater br0 nor tap0. >>>>>>> >>>>>>> Best Regards >>>>>>> Tang Jianwei >>>>>>> >>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < >>>> mikxalich at yandex.ru >>>>>>> wrote: >>>>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>: >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange >>>>>> problems: >>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the >> local >>>> PCs >>>>>>>>> cannot get the remote PCs' MACs >>>>>>>>> >>>>>>>>> but when i run "brctl showmacs br0" it will list all the MACs >> and >>>>>> also " >>>>>>>>> brctl show" will show that all the correct adapters are in br0 >>>>>>>>> >>>>>>>>> SELinux disabled >>>>>>>>> >>>>>>>>> any ideas? >>>>>>>> First of all you should check routing table of remote hosts. If >>>>>> everything >>>>>>>> is correct, try to monitor br0, and other devises(ethX) by >> "tcpdump >>>> -n >>>>>> -i >>>>>>>> [device name]". >>>>>>>> _______________________________________________ >>>>>>>> CentOS mailing list >>>>>>>> CentOS at centos.org >>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> -- >>>>>>> Tang Jianwei >>>>>>> System Administrator >>>>>>> _______________________________________________ >>>>>>> CentOS mailing list >>>>>>> CentOS at centos.org >>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> -- >>>>> Tang Jianwei >>>>> System Administrator >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos