no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote: > I can't remember a reason, but at one moment I stop to use "openvpn > --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 > by it self. So try to comment this lines: > > for t in $tap; do > openvpn --mktun --dev $t > done > > then restart a network, after then start openvpn and after it start bridge > script > > > > openvpn configure file > > > > *port 1194 > > proto udp > > dev tap0 > > ca ca.crt > > cert VPN_Server.crt > > key VPN_Server.key # This file should be kept secret > > dh dh1024.pem > > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > > keepalive 10 120 > > comp-lzo > > user nobody > > group nobody > > persist-key > > persist-tun > > status openvpn-status.log > > log-append /var/log/openvpn.log > > verb 3 > > mute 20 > > * > > > > the script for bring up the bridge > > *# Define Bridge Interface > > br="br0" > > > > # Define list of TAP interfaces to be bridged, > > # for example tap="tap0 tap1 tap2". > > tap="tap0" > > > > # Define physical ethernet interface to be bridged > > # with TAP interface(s) above. > > eth="eth1" > > eth_ip="192.168.119.1" > > eth_netmask="255.255.255.0" > > eth_broadcast="192.168.119.255" > > > > for t in $tap; do > > openvpn --mktun --dev $t > > done > > > > brctl addbr $br > > brctl addif $br $eth > > > > for t in $tap; do > > brctl addif $br $t > > done > > > > for t in $tap; do > > ifconfig $t 0.0.0.0 promisc up > > done > > > > ifconfig $eth 0.0.0.0 promisc up > > > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru > >wrote: > > > >> Hm... It's very hard to guess without config files. Can you post your > >> server and client openvpn configs... and also can your show a br0 > creation > >> commands? > >> > >> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>: > >>> Hi > >>> > >>> no, i don't think so. anyway, i can and only can the vpn server from > the > >>> remote hosts. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < > mikxalich at yandex.ru > >>> wrote: > >>>> So, something stop packets from remote hosts. May be firewall on > remote > >>>> PC...? and can you run tcpdump on same remote host, to check that > it's > >> tap0 > >>>> device. > >>>> > >>>> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>: > >>>>> Hi > >>>>> > >>>>> the routing table in the remote hosts are OK. "tcpdump -n -i > [device > >>>> name]" > >>>>> cannot capture any packages from remote. no mater br0 nor tap0. > >>>>> > >>>>> Best Regards > >>>>> Tang Jianwei > >>>>> > >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > >> mikxalich at yandex.ru > >>>>> wrote: > >>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>: > >>>>>>> Hi all, > >>>>>>> > >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange > >>>> problems: > >>>>>>> the remote PCs cannot get the local PCs' MACs and also, the > local > >> PCs > >>>>>>> cannot get the remote PCs' MACs > >>>>>>> > >>>>>>> but when i run "brctl showmacs br0" it will list all the MACs > and > >>>> also " > >>>>>>> brctl show" will show that all the correct adapters are in br0 > >>>>>>> > >>>>>>> SELinux disabled > >>>>>>> > >>>>>>> any ideas? > >>>>>> First of all you should check routing table of remote hosts. If > >>>> everything > >>>>>> is correct, try to monitor br0, and other devises(ethX) by > "tcpdump > >> -n > >>>> -i > >>>>>> [device name]". > >>>>>> _______________________________________________ > >>>>>> CentOS mailing list > >>>>>> CentOS at centos.org > >>>>>> http://lists.centos.org/mailman/listinfo/centos > >>>>> -- > >>>>> Tang Jianwei > >>>>> System Administrator > >>>>> _______________________________________________ > >>>>> CentOS mailing list > >>>>> CentOS at centos.org > >>>>> http://lists.centos.org/mailman/listinfo/centos > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS at centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS at centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator