[CentOS] openvpn + bridge utils in CentOS 6

Tue Sep 27 10:01:15 UTC 2011
Минтаиров Михаил <mikxalich at yandex.ru>

I can't remember a reason, but at one moment I stop to use  "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines:

 for t in $tap; do
     openvpn --mktun --dev $t
 done

then restart a network, after then start openvpn and after it start bridge script


> openvpn configure file
>
> *port 1194
> proto udp
> dev tap0
> ca ca.crt
> cert VPN_Server.crt
> key VPN_Server.key  # This file should be kept secret
> dh dh1024.pem
> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> log-append  /var/log/openvpn.log
> verb 3
> mute 20
> *
>
> the script for bring up the bridge
> *# Define Bridge Interface
> br="br0"
>
> # Define list of TAP interfaces to be bridged,
> # for example tap="tap0 tap1 tap2".
> tap="tap0"
>
> # Define physical ethernet interface to be bridged
> # with TAP interface(s) above.
> eth="eth1"
> eth_ip="192.168.119.1"
> eth_netmask="255.255.255.0"
> eth_broadcast="192.168.119.255"
>
> for t in $tap; do
>     openvpn --mktun --dev $t
> done
>
> brctl addbr $br
> brctl addif $br $eth
>
> for t in $tap; do
>     brctl addif $br $t
> done
>
> for t in $tap; do
>     ifconfig $t 0.0.0.0 promisc up
> done
>
> ifconfig $eth 0.0.0.0 promisc up
>
> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>
> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:
>
>>  Hm... It's very hard to guess without config files. Can you post your
>>  server and client openvpn configs... and also can your show  a br0 creation
>>  commands?
>>
>>  27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
>>>  Hi
>>>
>>>  no, i don't think so. anyway, i can and only can the vpn server from the
>>>  remote hosts.
>>>
>>>  Best Regards
>>>  Tang Jianwei
>>>
>>>  On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich at yandex.ru
>>> wrote:
>>>>   So, something stop packets from remote hosts. May be firewall on remote
>>>>   PC...? and can you run tcpdump on same remote host, to check that it's
>>  tap0
>>>>   device.
>>>>
>>>>   27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
>>>>>   Hi
>>>>>
>>>>>   the routing table in the remote hosts are OK. "tcpdump -n -i [device
>>>>   name]"
>>>>>   cannot capture any packages from remote. no mater br0 nor tap0.
>>>>>
>>>>>   Best Regards
>>>>>   Tang Jianwei
>>>>>
>>>>>   On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
>>  mikxalich at yandex.ru
>>>>>  wrote:
>>>>>>    27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
>>>>>>>    Hi all,
>>>>>>>
>>>>>>>    I just intalled openvpn + bridge in CentOS 6, but i get strange
>>>>   problems:
>>>>>>>    the remote PCs cannot get the local PCs'  MACs and also, the local
>>  PCs
>>>>>>>    cannot get the remote PCs' MACs
>>>>>>>
>>>>>>>    but when i run "brctl showmacs br0"  it will list all the MACs and
>>>>   also "
>>>>>>>    brctl show" will show that all the correct adapters are in br0
>>>>>>>
>>>>>>>    SELinux disabled
>>>>>>>
>>>>>>>    any ideas?
>>>>>>    First of all you should check routing table of remote hosts. If
>>>>    everything
>>>>>>    is correct, try to monitor br0, and other devises(ethX) by "tcpdump
>>  -n
>>>>   -i
>>>>>>    [device name]".
>>>>>>    _______________________________________________
>>>>>>    CentOS mailing list
>>>>>>    CentOS at centos.org
>>>>>>    http://lists.centos.org/mailman/listinfo/centos
>>>>>   --
>>>>>   Tang Jianwei
>>>>>   System Administrator
>>>>>   _______________________________________________
>>>>>   CentOS mailing list
>>>>>   CentOS at centos.org
>>>>>   http://lists.centos.org/mailman/listinfo/centos
>>>>   _______________________________________________
>>>>   CentOS mailing list
>>>>   CentOS at centos.org
>>>>   http://lists.centos.org/mailman/listinfo/centos
>>>  --
>>>  Tang Jianwei
>>>  System Administrator
>>>  _______________________________________________
>>>  CentOS mailing list
>>>  CentOS at centos.org
>>>  http://lists.centos.org/mailman/listinfo/centos
>>  _______________________________________________
>>  CentOS mailing list
>>  CentOS at centos.org
>>  http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos