[CentOS] openvpn + bridge utils in CentOS 6

Wed Sep 28 00:58:44 UTC 2011
唐建伟 <myhnet at gmail.com>

no, i removed the commands you mentioned, but it still doesn't work.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:

> I can't remember a reason, but at one moment I stop to use  "openvpn
> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
> by it self. So try to comment this lines:
>
>  for t in $tap; do
>     openvpn --mktun --dev $t
>  done
>
> then restart a network, after then start openvpn and after it start bridge
> script
>
>
> > openvpn configure file
> >
> > *port 1194
> > proto udp
> > dev tap0
> > ca ca.crt
> > cert VPN_Server.crt
> > key VPN_Server.key  # This file should be kept secret
> > dh dh1024.pem
> > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > log-append  /var/log/openvpn.log
> > verb 3
> > mute 20
> > *
> >
> > the script for bring up the bridge
> > *# Define Bridge Interface
> > br="br0"
> >
> > # Define list of TAP interfaces to be bridged,
> > # for example tap="tap0 tap1 tap2".
> > tap="tap0"
> >
> > # Define physical ethernet interface to be bridged
> > # with TAP interface(s) above.
> > eth="eth1"
> > eth_ip="192.168.119.1"
> > eth_netmask="255.255.255.0"
> > eth_broadcast="192.168.119.255"
> >
> > for t in $tap; do
> >     openvpn --mktun --dev $t
> > done
> >
> > brctl addbr $br
> > brctl addif $br $eth
> >
> > for t in $tap; do
> >     brctl addif $br $t
> > done
> >
> > for t in $tap; do
> >     ifconfig $t 0.0.0.0 promisc up
> > done
> >
> > ifconfig $eth 0.0.0.0 promisc up
> >
> > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >
> > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >>  Hm... It's very hard to guess without config files. Can you post your
> >>  server and client openvpn configs... and also can your show  a br0
> creation
> >>  commands?
> >>
> >>  27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> >>>  Hi
> >>>
> >>>  no, i don't think so. anyway, i can and only can the vpn server from
> the
> >>>  remote hosts.
> >>>
> >>>  Best Regards
> >>>  Tang Jianwei
> >>>
> >>>  On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>>   So, something stop packets from remote hosts. May be firewall on
> remote
> >>>>   PC...? and can you run tcpdump on same remote host, to check that
> it's
> >>  tap0
> >>>>   device.
> >>>>
> >>>>   27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>>>>   Hi
> >>>>>
> >>>>>   the routing table in the remote hosts are OK. "tcpdump -n -i
> [device
> >>>>   name]"
> >>>>>   cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>
> >>>>>   Best Regards
> >>>>>   Tang Jianwei
> >>>>>
> >>>>>   On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >>  mikxalich at yandex.ru
> >>>>>  wrote:
> >>>>>>    27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>>>>    Hi all,
> >>>>>>>
> >>>>>>>    I just intalled openvpn + bridge in CentOS 6, but i get strange
> >>>>   problems:
> >>>>>>>    the remote PCs cannot get the local PCs'  MACs and also, the
> local
> >>  PCs
> >>>>>>>    cannot get the remote PCs' MACs
> >>>>>>>
> >>>>>>>    but when i run "brctl showmacs br0"  it will list all the MACs
> and
> >>>>   also "
> >>>>>>>    brctl show" will show that all the correct adapters are in br0
> >>>>>>>
> >>>>>>>    SELinux disabled
> >>>>>>>
> >>>>>>>    any ideas?
> >>>>>>    First of all you should check routing table of remote hosts. If
> >>>>    everything
> >>>>>>    is correct, try to monitor br0, and other devises(ethX) by
> "tcpdump
> >>  -n
> >>>>   -i
> >>>>>>    [device name]".
> >>>>>>    _______________________________________________
> >>>>>>    CentOS mailing list
> >>>>>>    CentOS at centos.org
> >>>>>>    http://lists.centos.org/mailman/listinfo/centos
> >>>>>   --
> >>>>>   Tang Jianwei
> >>>>>   System Administrator
> >>>>>   _______________________________________________
> >>>>>   CentOS mailing list
> >>>>>   CentOS at centos.org
> >>>>>   http://lists.centos.org/mailman/listinfo/centos
> >>>>   _______________________________________________
> >>>>   CentOS mailing list
> >>>>   CentOS at centos.org
> >>>>   http://lists.centos.org/mailman/listinfo/centos
> >>>  --
> >>>  Tang Jianwei
> >>>  System Administrator
> >>>  _______________________________________________
> >>>  CentOS mailing list
> >>>  CentOS at centos.org
> >>>  http://lists.centos.org/mailman/listinfo/centos
> >>  _______________________________________________
> >>  CentOS mailing list
> >>  CentOS at centos.org
> >>  http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator