[CentOS] openvpn + bridge utils in CentOS 6

Tue Sep 27 09:32:03 UTC 2011
唐建伟 <myhnet at gmail.com>

openvpn configure file

*port 1194
proto udp
dev tap0
ca ca.crt
cert VPN_Server.crt
key VPN_Server.key  # This file should be kept secret
dh dh1024.pem
server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
mute 20
*

the script for bring up the bridge
*# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.119.1"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.119.255"

for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*


On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:

> Hm... It's very hard to guess without config files. Can you post your
> server and client openvpn configs... and also can your show  a br0 creation
> commands?
>
> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> > Hi
> >
> > no, i don't think so. anyway, i can and only can the vpn server from the
> > remote hosts.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >>  So, something stop packets from remote hosts. May be firewall on remote
> >>  PC...? and can you run tcpdump on same remote host, to check that it's
> tap0
> >>  device.
> >>
> >>  27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>>  Hi
> >>>
> >>>  the routing table in the remote hosts are OK. "tcpdump -n -i [device
> >>  name]"
> >>>  cannot capture any packages from remote. no mater br0 nor tap0.
> >>>
> >>>  Best Regards
> >>>  Tang Jianwei
> >>>
> >>>  On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>>   27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>>   Hi all,
> >>>>>
> >>>>>   I just intalled openvpn + bridge in CentOS 6, but i get strange
> >>  problems:
> >>>>>   the remote PCs cannot get the local PCs'  MACs and also, the local
> PCs
> >>>>>   cannot get the remote PCs' MACs
> >>>>>
> >>>>>   but when i run "brctl showmacs br0"  it will list all the MACs and
> >>  also "
> >>>>>   brctl show" will show that all the correct adapters are in br0
> >>>>>
> >>>>>   SELinux disabled
> >>>>>
> >>>>>   any ideas?
> >>>>   First of all you should check routing table of remote hosts. If
> >>   everything
> >>>>   is correct, try to monitor br0, and other devises(ethX) by "tcpdump
> -n
> >>  -i
> >>>>   [device name]".
> >>>>   _______________________________________________
> >>>>   CentOS mailing list
> >>>>   CentOS at centos.org
> >>>>   http://lists.centos.org/mailman/listinfo/centos
> >>>  --
> >>>  Tang Jianwei
> >>>  System Administrator
> >>>  _______________________________________________
> >>>  CentOS mailing list
> >>>  CentOS at centos.org
> >>>  http://lists.centos.org/mailman/listinfo/centos
> >>  _______________________________________________
> >>  CentOS mailing list
> >>  CentOS at centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator