OpenVPN Server Ethernet Bridging Question
Posted
by Hooplad
on Server Fault
See other posts from Server Fault
or by Hooplad
Published on 2009-11-23T01:02:35Z
Indexed on
2010/03/20
21:01 UTC
Read the original article
Hit count: 288
Hello All,
I am having a difficult time properly configuring an ethernet bridge using OpenVPN 2.0.9 install on CentOS 5 ( VPN server ). The goal that I am trying to complete is to connect a VM ( instance running on the same CentOS machine ) acting as a Microsoft Business Contact Manager server. I would then like this "BCM server" to serve Windows XP clients on 192.168.1.0/24 network as well as clients connecting from VPN ( 10.8.0.0/24 ). The setup as it is now was based off a known working configuration. The problem with the working configuration was that it would allow to the client to connect and access everything running on the VPN server ( SVN, Samba, VM Server ) but not any computers on the 192.168.1.0/24 network.
I must disclose that the VPN server is behind a router/firewall. Ports are being forwarded correctly ( again, clients were able to connect to the VPN server with no problem. netcat confirms the udp port is open as well ).
current ifconfig output
br0 Link encap:Ethernet HWaddr 00:21:5E:4D:3A:C2
inet addr:192.168.1.169 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::221:5eff:fe4d:3ac2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:846890 errors:0 dropped:0 overruns:0 frame:0
TX packets:3072351 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42686842 (40.7 MiB) TX bytes:4540654180 (4.2 GiB)
eth0 Link encap:Ethernet HWaddr 00:21:5E:4D:3A:C2
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:882641 errors:0 dropped:0 overruns:0 frame:0
TX packets:1781383 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:82342803 (78.5 MiB) TX bytes:2614727660 (2.4 GiB)
Interrupt:169
eth1 Link encap:Ethernet HWaddr 00:21:5E:4D:3A:C3
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:650 errors:0 dropped:0 overruns:0 frame:0
TX packets:1347223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67403 (65.8 KiB) TX bytes:1959529142 (1.8 GiB)
Interrupt:233
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:17452058 errors:0 dropped:0 overruns:0 frame:0
TX packets:17452058 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:94020256229 (87.5 GiB) TX bytes:94020256229 (87.5 GiB)
tap0 Link encap:Ethernet HWaddr DE:18:C6:D7:01:63
inet6 addr: fe80::dc18:c6ff:fed7:163/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3086 errors:0 dropped:166 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:315099 (307.7 KiB)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:192.168.177.1 Bcast:192.168.177.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet addr:192.168.55.1 Bcast:192.168.55.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4226 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
current route table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.55.0 * 255.255.255.0 U 0 0 0 vmnet8
192.168.177.0 * 255.255.255.0 U 0 0 0 vmnet1
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
current iptables output
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
server_known_working.conf
local banshee
port 1194
proto udp
dev tap0
ca ca.crt
cert banshee_server.crt
key banshee_server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
client-to-client
keepalive 10 120
tls-auth ta.key 0
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
The following is the current CentOS server config file.
server_ethernet_bridged.conf ( current )
local 192.168.1.169
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.169 255.255.255.0 192.168.1.200 192.168.1.210
push "route 192.168.1.0 255.255.255.0 192.168.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6
The following is one of the client's config file that was used with the known working configuration.
client.opvn
client
dev tap
proto udp
remote XXX.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca client.crt
cert client.crt
key client.key
tls-auth client.key 1
verb 3
I have tried the HOWTO provided by OpenVPN as well as others
http://www.thebakershome.net/openvpn%5Ftutorial?page=1
with no success.
Any help or suggestions would be appreciated.
© Server Fault or respective owner
