OpenVPN - bridge mode

Petr - Coresoft petr at coresoft.cz
Mon Nov 16 08:47:28 CET 2009
Previous message: Problem s VPN tunely - zrejme fragmentace - vyreseno
Next message: OpenVPN - bridge mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dobry den,

uz jsem z toho zoufalej, po precteni vsech moznych howto, mi porad OpenVPN 
nefunguje.Klient se overi pres TLS, start klienta i serveru probehne v 
poradku, ale nemuzu nikam pingnout, pritom arp pakety na klientovi vidim.
Kdyz bude treba neco doplnit rad zaslu. V bridge modu by se nemelo moc resit
routovani, tak routovaci tabulky neposilam. Nejde mi ani ping z klienta 
192.168.10.80 na server s IP 192.168.10.69:

gw:~# ping 192.168.10.69
PING 192.168.10.69 (192.168.10.69) 56(84) bytes of data.
From 192.168.10.80 icmp_seq=1 Destination Host Unreachable
From 192.168.10.80 icmp_seq=2 Destination Host Unreachable
From 192.168.10.80 icmp_seq=3 Destination Host Unreachable

FW problem to nebude, kdyz se klient se serverm spoji, kdyz si na klientu 
pustim tcpdump -vv -i tap0 tak vidim arp komunikaci ze vzdalene site, ale 
nemuzu pingnout na zadnou adresu.



konfigurace serveru (FreeBSD 7.1)

keepalive 10 120
proto udp
dev tap
server-bridge 192.168.10.69 255.255.255.0 192.168.10.80 192.168.10.85
push "route 192.168.10.0 255.255.255.0"
verb 9
log /var/log/openvpn/openvpn.log
ca /usr/local/etc/openvpn/keys/ca.crt
dh /usr/local/etc/openvpn/keys/dh2048.pem
cert /usr/local/etc/openvpn/keys/-server.crt
key /usr/local/etc/openvpn/keys/-server.key
comp-lzo
mssfix
duplicate-cn

klienta (Linux, zkouseno i na MS Windows XP)

keepalive 10 120
proto udp
dev tap
remote x.x.x.x
verb 9
log /var/log/openvpn/openvpn.log
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/-server.crt
key /etc/openvpn/keys/-server.key
pull
comp-lzo
mssfix
tls-client

ifconfig server:

serv2# ifconfig
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 
1500
        options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:0b:cd:cf:4d:01
        inet 192.168.10.250 netmask 0xffffff00 broadcast 192.168.10.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
tap0: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:bd:1b:86:b1:00
        Opened by PID 33431
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 52:eb:51:79:6c:00
        inet 192.168.10.69 netmask 0xffffff00 broadcast 192.168.10.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000000
        member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 200000
serv2#


ifconfig klient:

gw:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:e0:7d:cb:9b:dd
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:7dff:fecb:9bdd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:368288 errors:0 dropped:0 overruns:0 frame:0
          TX packets:358797 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:188896205 (180.1 MiB)  TX bytes:299252267 (285.3 MiB)
          Interrupt:23 Base address:0xb400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2454 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2454 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:266127 (259.8 KiB)  TX bytes:266127 (259.8 KiB)

tap0      Link encap:Ethernet  HWaddr 00:ff:61:9c:18:ec
          inet addr:192.168.10.80  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2ff:61ff:fe9c:18ec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:690 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:139403 (136.1 KiB)  TX bytes:594 (594.0 B)

Budu rad za jakoukoliv pomoc.
Petr Kucera
Ceske Budejovice
Previous message: Problem s VPN tunely - zrejme fragmentace - vyreseno
Next message: OpenVPN - bridge mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users-l mailing list