[CentOS] openvpn + bridge utils in CentOS 6
唐建伟
myhnet at gmail.com
Tue Sep 27 09:32:03 UTC 2011
openvpn configure file
*port 1194
proto udp
dev tap0
ca ca.crt
cert VPN_Server.crt
key VPN_Server.key # This file should be kept secret
dh dh1024.pem
server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 20
*
the script for bring up the bridge
*# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.119.1"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.119.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich at yandex.ru>wrote:
> Hm... It's very hard to guess without config files. Can you post your
> server and client openvpn configs... and also can your show a br0 creation
> commands?
>
> 27.09.2011, 12:01, "唐建伟" <myhnet at gmail.com>:
> > Hi
> >
> > no, i don't think so. anyway, i can and only can the vpn server from the
> > remote hosts.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich at yandex.ru
> >wrote:
> >
> >> So, something stop packets from remote hosts. May be firewall on remote
> >> PC...? and can you run tcpdump on same remote host, to check that it's
> tap0
> >> device.
> >>
> >> 27.09.2011, 11:06, "唐建伟" <myhnet at gmail.com>:
> >>> Hi
> >>>
> >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device
> >> name]"
> >>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>
> >>> Best Regards
> >>> Tang Jianwei
> >>>
> >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> mikxalich at yandex.ru
> >>> wrote:
> >>>> 27.09.2011, 09:52, "唐建伟" <myhnet at gmail.com>:
> >>>>> Hi all,
> >>>>>
> >>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange
> >> problems:
> >>>>> the remote PCs cannot get the local PCs' MACs and also, the local
> PCs
> >>>>> cannot get the remote PCs' MACs
> >>>>>
> >>>>> but when i run "brctl showmacs br0" it will list all the MACs and
> >> also "
> >>>>> brctl show" will show that all the correct adapters are in br0
> >>>>>
> >>>>> SELinux disabled
> >>>>>
> >>>>> any ideas?
> >>>> First of all you should check routing table of remote hosts. If
> >> everything
> >>>> is correct, try to monitor br0, and other devises(ethX) by "tcpdump
> -n
> >> -i
> >>>> [device name]".
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS at centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Tang Jianwei
System Administrator
More information about the CentOS
mailing list