openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255" for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote: > Hm... It's very hard to guess without config files. Can you post your > server and client openvpn configs... and also can your show a br0 creation > commands? > > 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>: > > Hi > > > > no, i don't think so. anyway, i can and only can the vpn server from the > > remote hosts. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich at yandex.ru > >wrote: > > > >> So, something stop packets from remote hosts. May be firewall on remote > >> PC...? and can you run tcpdump on same remote host, to check that it's > tap0 > >> device. > >> > >> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>: > >>> Hi > >>> > >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device > >> name]" > >>> cannot capture any packages from remote. no mater br0 nor tap0. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > mikxalich at yandex.ru > >>> wrote: > >>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>: > >>>>> Hi all, > >>>>> > >>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange > >> problems: > >>>>> the remote PCs cannot get the local PCs' MACs and also, the local > PCs > >>>>> cannot get the remote PCs' MACs > >>>>> > >>>>> but when i run "brctl showmacs br0" it will list all the MACs and > >> also " > >>>>> brctl show" will show that all the correct adapters are in br0 > >>>>> > >>>>> SELinux disabled > >>>>> > >>>>> any ideas? > >>>> First of all you should check routing table of remote hosts. If > >> everything > >>>> is correct, try to monitor br0, and other devises(ethX) by "tcpdump > -n > >> -i > >>>> [device name]". > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS at centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator