I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key # This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > brctl addif $br $t > done > > for t in $tap; do > ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote: > >> Hm... It's very hard to guess without config files. Can you post your >> server and client openvpn configs... and also can your show a br0 creation >> commands? >> >> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>: >>> Hi >>> >>> no, i don't think so. anyway, i can and only can the vpn server from the >>> remote hosts. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich at yandex.ru >>> wrote: >>>> So, something stop packets from remote hosts. May be firewall on remote >>>> PC...? and can you run tcpdump on same remote host, to check that it's >> tap0 >>>> device. >>>> >>>> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>: >>>>> Hi >>>>> >>>>> the routing table in the remote hosts are OK. "tcpdump -n -i [device >>>> name]" >>>>> cannot capture any packages from remote. no mater br0 nor tap0. >>>>> >>>>> Best Regards >>>>> Tang Jianwei >>>>> >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < >> mikxalich at yandex.ru >>>>> wrote: >>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>: >>>>>>> Hi all, >>>>>>> >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange >>>> problems: >>>>>>> the remote PCs cannot get the local PCs' MACs and also, the local >> PCs >>>>>>> cannot get the remote PCs' MACs >>>>>>> >>>>>>> but when i run "brctl showmacs br0" it will list all the MACs and >>>> also " >>>>>>> brctl show" will show that all the correct adapters are in br0 >>>>>>> >>>>>>> SELinux disabled >>>>>>> >>>>>>> any ideas? >>>>>> First of all you should check routing table of remote hosts. If >>>> everything >>>>>> is correct, try to monitor br0, and other devises(ethX) by "tcpdump >> -n >>>> -i >>>>>> [device name]". >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> -- >>>>> Tang Jianwei >>>>> System Administrator >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos