Re: [CentOS] openvpn + bridge utils in CentOS 6
hmmm, it should be the exact problem i got, thank you very much. On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил wrote: > This situation with pings is really strange...But in my case the solution > was much easier . CentOS 6 was installed on VmWare virtual machine and the > problem was in it network device configuration. The most hardly thing was > to guess to that. After this I quickly found a solution: > > http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/ > > So, to my experience, the CentOS(or RedHat) work correctly, and may be you > should try to look for errors in somewhere else (as in my case it was > VmWare configuration). > > > Hello, > > > > I did not have read this issue before, but I have seen this problem > > also. Whenever I restart the bridge (with tap0 interfaces also) I have > > to make a first ping to the physical interface related to the tap0 > > module. I also ping another machine on the same physical network. After > > that, I am able to reach the bridged one. > > > > Extrange behaviour but this works for me in this way now. > > > > I look forward RedHat fixed this bug soon. > > > > El 07/11/11 06:39, 唐建伟 escribió: > > > >> thank you very much for your follow up. wish to get good news from you > soon. > >> > >> On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил >wrote: > >>> 28.09.2011, 04:58, "唐建伟": > >>> Hello, I didn't find what to answer to you mounth ago. But now I also > have > >>> an installation of centos 6 (at past I used centos 5.7) , and I have > the > >>> same problems as you. First of all, did you find any solutions? > >>> > >>> I only found that the problem is in br0 device. I can't guess why but > it > >>> not recive ARP REPLY packets. > >>> > >>> tcpdump on all devices (tap0, eth1, br0) give me the same: > >>> > >>> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > >>> length 28 > >>> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > >>> length 28 > >>> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > >>> length 28 > >>> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of > my > >>> local hosts// > >>> > >>> and no APR REPLY. > >>> > >>> Intresting that on other hand I have the same configs files on Centos > 5.7. > >>> and everything work perfectly. > no, i removed the commands you mentioned, but it still doesn't work. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил< > mikxal...@yandex.ru > wrote: > >I can't remember a reason, but at one moment I stop to use > "openvpn > >--mktun --dev [dev name]" command. May be it's becouse openvpn > create > >>> tap0 > >by it self. So try to comment this lines: > > > > for t in $tap; do > >openvpn --mktun --dev $t > > done > > > >then restart a network, after then start openvpn and after it > start > >>> bridge > >script > >>openvpn configure file > >> > >>*port 1194 > >>proto udp > >>dev tap0 > >>ca ca.crt > >>cert VPN_Server.crt > >>key VPN_Server.key # This file should be kept secret > >>dh dh1024.pem > >>server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 > >>> 192.168.119.225 > >>keepalive 10 120 > >>comp-lzo > >>user nobody > >>group nobody > >>persist-key > >>persist-tun > >>status openvpn-status.log > >>log-append /var/log/openvpn.log > >>verb 3 > >>mute 20 > >>* > >> > >>the script for bring up the bridge > >>*# Define Bridge Interface > >>br="br0" > >> > >># Define list of TAP interfaces to be bridged, > >># for example tap="tap0 tap1 tap2". > >>tap="tap0" > >> > >># Define physical ethernet interface to be bridged > >># with TAP interface(s) above. > >>eth="eth1" > >>eth_ip="192.168.119.1" > >>eth_netmask="255.255.255.0" > >>eth_broadcast="192.168.119.255" > >> > >>for t in $tap; do > >>openvpn --mktun --dev $t > >>done > >> > >>brctl addbr $br > >>brctl addif $br $eth > >> > >>for t in $tap; do > >>brctl addif $br $t > >>done > >> > >>for t in $tap; do > >>ifconfig $t 0.0.0.0 promisc up > >>done > >> > >>ifconfig $eth 0.0.0.0 promisc up > >> > >>ifconfig $br $eth_ip netmask $eth_netmask broadcast > $eth_broadcast* > >> > >>On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< > >>> mikxal...@yandex.ru > >> wrote: > >>> Hm... It's very hard to guess without config files. Can you > post > >>> your > >>> server and client openvpn configs... and also can your show a > br0 > >creation > >>
Re: [CentOS] openvpn + bridge utils in CentOS 6
This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution: http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/ So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration). > Hello, > > I did not have read this issue before, but I have seen this problem > also. Whenever I restart the bridge (with tap0 interfaces also) I have > to make a first ping to the physical interface related to the tap0 > module. I also ping another machine on the same physical network. After > that, I am able to reach the bridged one. > > Extrange behaviour but this works for me in this way now. > > I look forward RedHat fixed this bug soon. > > El 07/11/11 06:39, 唐建伟 escribió: > >> thank you very much for your follow up. wish to get good news from you soon. >> >> On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилwrote: >>> 28.09.2011, 04:58, "唐建伟": >>> Hello, I didn't find what to answer to you mounth ago. But now I also have >>> an installation of centos 6 (at past I used centos 5.7) , and I have the >>> same problems as you. First of all, did you find any solutions? >>> >>> I only found that the problem is in br0 device. I can't guess why but it >>> not recive ARP REPLY packets. >>> >>> tcpdump on all devices (tap0, eth1, br0) give me the same: >>> >>> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >>> length 28 >>> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my >>> local hosts// >>> >>> and no APR REPLY. >>> >>> Intresting that on other hand I have the same configs files on Centos 5.7. >>> and everything work perfectly. no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил>>> wrote: > I can't remember a reason, but at one moment I stop to use "openvpn > --mktun --dev [dev name]" command. May be it's becouse openvpn create >>> tap0 > by it self. So try to comment this lines: > > for t in $tap; do > openvpn --mktun --dev $t > done > > then restart a network, after then start openvpn and after it start >>> bridge > script >> openvpn configure file >> >> *port 1194 >> proto udp >> dev tap0 >> ca ca.crt >> cert VPN_Server.crt >> key VPN_Server.key # This file should be kept secret >> dh dh1024.pem >> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 >>> 192.168.119.225 >> keepalive 10 120 >> comp-lzo >> user nobody >> group nobody >> persist-key >> persist-tun >> status openvpn-status.log >> log-append /var/log/openvpn.log >> verb 3 >> mute 20 >> * >> >> the script for bring up the bridge >> *# Define Bridge Interface >> br="br0" >> >> # Define list of TAP interfaces to be bridged, >> # for example tap="tap0 tap1 tap2". >> tap="tap0" >> >> # Define physical ethernet interface to be bridged >> # with TAP interface(s) above. >> eth="eth1" >> eth_ip="192.168.119.1" >> eth_netmask="255.255.255.0" >> eth_broadcast="192.168.119.255" >> >> for t in $tap; do >> openvpn --mktun --dev $t >> done >> >> brctl addbr $br >> brctl addif $br $eth >> >> for t in $tap; do >> brctl addif $br $t >> done >> >> for t in $tap; do >> ifconfig $t 0.0.0.0 promisc up >> done >> >> ifconfig $eth 0.0.0.0 promisc up >> >> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >> >> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< >>> mikxal...@yandex.ru >> wrote: >>> Hm... It's very hard to guess without config files. Can you post >>> your >>> server and client openvpn configs... and also can your show a br0 > creation >>> commands? >>> >>> 27.09.2011, 12:01, "唐建伟": Hi no, i don't think so. anyway, i can and only can the vpn server >>> from > the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< > mikxal...@yandex.ru wrote: > So, something stop pac
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hello, I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one. Extrange behaviour but this works for me in this way now. I look forward RedHat fixed this bug soon. El 07/11/11 06:39, 唐建伟 escribió: > thank you very much for your follow up. wish to get good news from you soon. > > On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилwrote: > >> >> 28.09.2011, 04:58, "唐建伟": >> Hello, I didn't find what to answer to you mounth ago. But now I also have >> an installation of centos 6 (at past I used centos 5.7) , and I have the >> same problems as you. First of all, did you find any solutions? >> >> I only found that the problem is in br0 device. I can't guess why but it >> not recive ARP REPLY packets. >> >> tcpdump on all devices (tap0, eth1, br0) give me the same: >> >> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, >> length 28 >> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my >> local hosts// >> >> and no APR REPLY. >> >> Intresting that on other hand I have the same configs files on Centos 5.7. >> and everything work perfectly. >> >> >>> no, i removed the commands you mentioned, but it still doesn't work. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил>> wrote: >>> I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create >> tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start >> bridge script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key # This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 >> 192.168.119.225 > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > brctl addif $br $t > done > > for t in $tap; do > ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил< >> mikxal...@yandex.ru > wrote: >>Hm... It's very hard to guess without config files. Can you post >> your >>server and client openvpn configs... and also can your show a br0 creation >>commands? >> >>27.09.2011, 12:01, "唐建伟": >>>Hi >>> >>>no, i don't think so. anyway, i can and only can the vpn server >> from the >>>remote hosts. >>> >>>Best Regards >>>Tang Jianwei >>> >>>On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил< mikxal...@yandex.ru >>> wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's >>tap0 device. 27.09.2011, 11:06, "唐建伟": > Hi > > the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" > cannot capture any packages from remote. no mater br0 nor tap0. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил< >>mikxal...@yandex.ru >wrote: >> 27.09.2011, 09:52, "唐建伟": >>> Hi all, >>> >>> I just intalled openvpn + bridg
Re: [CentOS] openvpn + bridge utils in CentOS 6
thank you very much for your follow up. wish to get good news from you soon. On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил wrote: > > > 28.09.2011, 04:58, "唐建伟" : > Hello, I didn't find what to answer to you mounth ago. But now I also have > an installation of centos 6 (at past I used centos 5.7) , and I have the > same problems as you. First of all, did you find any solutions? > > I only found that the problem is in br0 device. I can't guess why but it > not recive ARP REPLY packets. > > tcpdump on all devices (tap0, eth1, br0) give me the same: > > 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my > local hosts// > > and no APR REPLY. > > Intresting that on other hand I have the same configs files on Centos 5.7. > and everything work perfectly. > > > > no, i removed the commands you mentioned, but it still doesn't work. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил >wrote: > > > >> I can't remember a reason, but at one moment I stop to use "openvpn > >> --mktun --dev [dev name]" command. May be it's becouse openvpn create > tap0 > >> by it self. So try to comment this lines: > >> > >> for t in $tap; do > >> openvpn --mktun --dev $t > >> done > >> > >> then restart a network, after then start openvpn and after it start > bridge > >> script > >>> openvpn configure file > >>> > >>> *port 1194 > >>> proto udp > >>> dev tap0 > >>> ca ca.crt > >>> cert VPN_Server.crt > >>> key VPN_Server.key # This file should be kept secret > >>> dh dh1024.pem > >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 > 192.168.119.225 > >>> keepalive 10 120 > >>> comp-lzo > >>> user nobody > >>> group nobody > >>> persist-key > >>> persist-tun > >>> status openvpn-status.log > >>> log-append /var/log/openvpn.log > >>> verb 3 > >>> mute 20 > >>> * > >>> > >>> the script for bring up the bridge > >>> *# Define Bridge Interface > >>> br="br0" > >>> > >>> # Define list of TAP interfaces to be bridged, > >>> # for example tap="tap0 tap1 tap2". > >>> tap="tap0" > >>> > >>> # Define physical ethernet interface to be bridged > >>> # with TAP interface(s) above. > >>> eth="eth1" > >>> eth_ip="192.168.119.1" > >>> eth_netmask="255.255.255.0" > >>> eth_broadcast="192.168.119.255" > >>> > >>> for t in $tap; do > >>> openvpn --mktun --dev $t > >>> done > >>> > >>> brctl addbr $br > >>> brctl addif $br $eth > >>> > >>> for t in $tap; do > >>> brctl addif $br $t > >>> done > >>> > >>> for t in $tap; do > >>> ifconfig $t 0.0.0.0 promisc up > >>> done > >>> > >>> ifconfig $eth 0.0.0.0 promisc up > >>> > >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > >>> > >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил < > mikxal...@yandex.ru > >>> wrote: > Hm... It's very hard to guess without config files. Can you post > your > server and client openvpn configs... and also can your show a br0 > >> creation > commands? > > 27.09.2011, 12:01, "唐建伟" : > > Hi > > > > no, i don't think so. anyway, i can and only can the vpn server > from > >> the > > remote hosts. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < > >> mikxal...@yandex.ru > > wrote: > >>So, something stop packets from remote hosts. May be firewall on > >> remote > >>PC...? and can you run tcpdump on same remote host, to check that > >> it's > tap0 > >>device. > >> > >>27.09.2011, 11:06, "唐建伟" : > >>>Hi > >>> > >>>the routing table in the remote hosts are OK. "tcpdump -n -i > >> [device > >>name]" > >>>cannot capture any packages from remote. no mater br0 nor tap0. > >>> > >>>Best Regards > >>>Tang Jianwei > >>> > >>>On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > mikxal...@yandex.ru > >>> wrote: > 27.09.2011, 09:52, "唐建伟" : > > Hi all, > > > > I just intalled openvpn + bridge in CentOS 6, but i get > strange > >>problems: > > the remote PCs cannot get the local PCs' MACs and also, the > >> local > PCs > > cannot get the remote PCs' MACs > > > > but when i run "brctl showmacs br0" it will list all the > MACs > >> and > >>also " > > brctl show" will show that all the correct adapters are in > br0 > > > > SELinux disabled > > > > any ideas? > First of all you should check routing table of remote hosts. > If > >>
Re: [CentOS] openvpn + bridge utils in CentOS 6
28.09.2011, 04:58, "唐建伟" : Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions? I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets. tcpdump on all devices (tap0, eth1, br0) give me the same: 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts// and no APR REPLY. Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly. > no, i removed the commands you mentioned, but it still doesn't work. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил wrote: > >> I can't remember a reason, but at one moment I stop to use "openvpn >> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 >> by it self. So try to comment this lines: >> >> for t in $tap; do >> openvpn --mktun --dev $t >> done >> >> then restart a network, after then start openvpn and after it start bridge >> script >>> openvpn configure file >>> >>> *port 1194 >>> proto udp >>> dev tap0 >>> ca ca.crt >>> cert VPN_Server.crt >>> key VPN_Server.key # This file should be kept secret >>> dh dh1024.pem >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 >>> keepalive 10 120 >>> comp-lzo >>> user nobody >>> group nobody >>> persist-key >>> persist-tun >>> status openvpn-status.log >>> log-append /var/log/openvpn.log >>> verb 3 >>> mute 20 >>> * >>> >>> the script for bring up the bridge >>> *# Define Bridge Interface >>> br="br0" >>> >>> # Define list of TAP interfaces to be bridged, >>> # for example tap="tap0 tap1 tap2". >>> tap="tap0" >>> >>> # Define physical ethernet interface to be bridged >>> # with TAP interface(s) above. >>> eth="eth1" >>> eth_ip="192.168.119.1" >>> eth_netmask="255.255.255.0" >>> eth_broadcast="192.168.119.255" >>> >>> for t in $tap; do >>> openvpn --mktun --dev $t >>> done >>> >>> brctl addbr $br >>> brctl addif $br $eth >>> >>> for t in $tap; do >>> brctl addif $br $t >>> done >>> >>> for t in $tap; do >>> ifconfig $t 0.0.0.0 promisc up >>> done >>> >>> ifconfig $eth 0.0.0.0 promisc up >>> >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >>> >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил >> wrote: Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 >> creation commands? 27.09.2011, 12:01, "唐建伟" : > Hi > > no, i don't think so. anyway, i can and only can the vpn server from >> the > remote hosts. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < >> mikxal...@yandex.ru > wrote: >> So, something stop packets from remote hosts. May be firewall on >> remote >> PC...? and can you run tcpdump on same remote host, to check that >> it's tap0 >> device. >> >> 27.09.2011, 11:06, "唐建伟" : >>> Hi >>> >>> the routing table in the remote hosts are OK. "tcpdump -n -i >> [device >> name]" >>> cannot capture any packages from remote. no mater br0 nor tap0. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < mikxal...@yandex.ru >>> wrote: 27.09.2011, 09:52, "唐建伟" : > Hi all, > > I just intalled openvpn + bridge in CentOS 6, but i get strange >> problems: > the remote PCs cannot get the local PCs' MACs and also, the >> local PCs > cannot get the remote PCs' MACs > > but when i run "brctl showmacs br0" it will list all the MACs >> and >> also " > brctl show" will show that all the correct adapters are in br0 > > SELinux disabled > > any ideas? First of all you should check routing table of remote hosts. If >> everything is correct, try to monitor br0, and other devises(ethX) by >> "tcpdump -n >> -i [device name]". ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> ___ >>> CentOS maili
Re: [CentOS] openvpn + bridge utils in CentOS 6
no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил wrote: > I can't remember a reason, but at one moment I stop to use "openvpn > --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 > by it self. So try to comment this lines: > > for t in $tap; do > openvpn --mktun --dev $t > done > > then restart a network, after then start openvpn and after it start bridge > script > > > > openvpn configure file > > > > *port 1194 > > proto udp > > dev tap0 > > ca ca.crt > > cert VPN_Server.crt > > key VPN_Server.key # This file should be kept secret > > dh dh1024.pem > > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > > keepalive 10 120 > > comp-lzo > > user nobody > > group nobody > > persist-key > > persist-tun > > status openvpn-status.log > > log-append /var/log/openvpn.log > > verb 3 > > mute 20 > > * > > > > the script for bring up the bridge > > *# Define Bridge Interface > > br="br0" > > > > # Define list of TAP interfaces to be bridged, > > # for example tap="tap0 tap1 tap2". > > tap="tap0" > > > > # Define physical ethernet interface to be bridged > > # with TAP interface(s) above. > > eth="eth1" > > eth_ip="192.168.119.1" > > eth_netmask="255.255.255.0" > > eth_broadcast="192.168.119.255" > > > > for t in $tap; do > > openvpn --mktun --dev $t > > done > > > > brctl addbr $br > > brctl addif $br $eth > > > > for t in $tap; do > > brctl addif $br $t > > done > > > > for t in $tap; do > > ifconfig $t 0.0.0.0 promisc up > > done > > > > ifconfig $eth 0.0.0.0 promisc up > > > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил >wrote: > > > >> Hm... It's very hard to guess without config files. Can you post your > >> server and client openvpn configs... and also can your show a br0 > creation > >> commands? > >> > >> 27.09.2011, 12:01, "唐建伟" : > >>> Hi > >>> > >>> no, i don't think so. anyway, i can and only can the vpn server from > the > >>> remote hosts. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < > mikxal...@yandex.ru > >>> wrote: > So, something stop packets from remote hosts. May be firewall on > remote > PC...? and can you run tcpdump on same remote host, to check that > it's > >> tap0 > device. > > 27.09.2011, 11:06, "唐建伟" : > > Hi > > > > the routing table in the remote hosts are OK. "tcpdump -n -i > [device > name]" > > cannot capture any packages from remote. no mater br0 nor tap0. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > >> mikxal...@yandex.ru > > wrote: > >>27.09.2011, 09:52, "唐建伟" : > >>>Hi all, > >>> > >>>I just intalled openvpn + bridge in CentOS 6, but i get strange > problems: > >>>the remote PCs cannot get the local PCs' MACs and also, the > local > >> PCs > >>>cannot get the remote PCs' MACs > >>> > >>>but when i run "brctl showmacs br0" it will list all the MACs > and > also " > >>>brctl show" will show that all the correct adapters are in br0 > >>> > >>>SELinux disabled > >>> > >>>any ideas? > >>First of all you should check routing table of remote hosts. If > everything > >>is correct, try to monitor br0, and other devises(ethX) by > "tcpdump > >> -n > -i > >>[device name]". > >>___ > >>CentOS mailing list > >>CentOS@centos.org > >>http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> ___ > >>> CentOS mailing list > >>> CentOS@centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei
Re: [CentOS] openvpn + bridge utils in CentOS 6
I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key # This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append /var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > brctl addif $br $t > done > > for t in $tap; do > ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил wrote: > >> Hm... It's very hard to guess without config files. Can you post your >> server and client openvpn configs... and also can your show a br0 creation >> commands? >> >> 27.09.2011, 12:01, "唐建伟" : >>> Hi >>> >>> no, i don't think so. anyway, i can and only can the vpn server from the >>> remote hosts. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил >> wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's >> tap0 device. 27.09.2011, 11:06, "唐建伟" : > Hi > > the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" > cannot capture any packages from remote. no mater br0 nor tap0. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < >> mikxal...@yandex.ru > wrote: >> 27.09.2011, 09:52, "唐建伟" : >>> Hi all, >>> >>> I just intalled openvpn + bridge in CentOS 6, but i get strange problems: >>> the remote PCs cannot get the local PCs' MACs and also, the local >> PCs >>> cannot get the remote PCs' MACs >>> >>> but when i run "brctl showmacs br0" it will list all the MACs and also " >>> brctl show" will show that all the correct adapters are in br0 >>> >>> SELinux disabled >>> >>> any ideas? >> First of all you should check routing table of remote hosts. If everything >> is correct, try to monitor br0, and other devises(ethX) by "tcpdump >> -n -i >> [device name]". >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255" for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил wrote: > Hm... It's very hard to guess without config files. Can you post your > server and client openvpn configs... and also can your show a br0 creation > commands? > > 27.09.2011, 12:01, "唐建伟" : > > Hi > > > > no, i don't think so. anyway, i can and only can the vpn server from the > > remote hosts. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил >wrote: > > > >> So, something stop packets from remote hosts. May be firewall on remote > >> PC...? and can you run tcpdump on same remote host, to check that it's > tap0 > >> device. > >> > >> 27.09.2011, 11:06, "唐建伟" : > >>> Hi > >>> > >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device > >> name]" > >>> cannot capture any packages from remote. no mater br0 nor tap0. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > mikxal...@yandex.ru > >>> wrote: > 27.09.2011, 09:52, "唐建伟" : > > Hi all, > > > > I just intalled openvpn + bridge in CentOS 6, but i get strange > >> problems: > > the remote PCs cannot get the local PCs' MACs and also, the local > PCs > > cannot get the remote PCs' MACs > > > > but when i run "brctl showmacs br0" it will list all the MACs and > >> also " > > brctl show" will show that all the correct adapters are in br0 > > > > SELinux disabled > > > > any ideas? > First of all you should check routing table of remote hosts. If > >> everything > is correct, try to monitor br0, and other devises(ethX) by "tcpdump > -n > >> -i > [device name]". > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> ___ > >>> CentOS mailing list > >>> CentOS@centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands? 27.09.2011, 12:01, "唐建伟" : > Hi > > no, i don't think so. anyway, i can and only can the vpn server from the > remote hosts. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил wrote: > >> So, something stop packets from remote hosts. May be firewall on remote >> PC...? and can you run tcpdump on same remote host, to check that it's tap0 >> device. >> >> 27.09.2011, 11:06, "唐建伟" : >>> Hi >>> >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device >> name]" >>> cannot capture any packages from remote. no mater br0 nor tap0. >>> >>> Best Regards >>> Tang Jianwei >>> >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил >> wrote: 27.09.2011, 09:52, "唐建伟" : > Hi all, > > I just intalled openvpn + bridge in CentOS 6, but i get strange >> problems: > the remote PCs cannot get the local PCs' MACs and also, the local PCs > cannot get the remote PCs' MACs > > but when i run "brctl showmacs br0" it will list all the MACs and >> also " > brctl show" will show that all the correct adapters are in br0 > > SELinux disabled > > any ideas? First of all you should check routing table of remote hosts. If >> everything is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n >> -i [device name]". ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> -- >>> Tang Jianwei >>> System Administrator >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил wrote: > > So, something stop packets from remote hosts. May be firewall on remote > PC...? and can you run tcpdump on same remote host, to check that it's tap0 > device. > > 27.09.2011, 11:06, "唐建伟" : > > Hi > > > > the routing table in the remote hosts are OK. "tcpdump -n -i [device > name]" > > cannot capture any packages from remote. no mater br0 nor tap0. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил >wrote: > > > >> 27.09.2011, 09:52, "唐建伟" : > >>> Hi all, > >>> > >>> I just intalled openvpn + bridge in CentOS 6, but i get strange > problems: > >>> > >>> the remote PCs cannot get the local PCs' MACs and also, the local PCs > >>> cannot get the remote PCs' MACs > >>> > >>> but when i run "brctl showmacs br0" it will list all the MACs and > also " > >>> brctl show" will show that all the correct adapters are in br0 > >>> > >>> SELinux disabled > >>> > >>> any ideas? > >> First of all you should check routing table of remote hosts. If > everything > >> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n > -i > >> [device name]". > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, "唐建伟" : > Hi > > the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" > cannot capture any packages from remote. no mater br0 nor tap0. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил wrote: > >> 27.09.2011, 09:52, "唐建伟" : >>> Hi all, >>> >>> I just intalled openvpn + bridge in CentOS 6, but i get strange problems: >>> >>> the remote PCs cannot get the local PCs' MACs and also, the local PCs >>> cannot get the remote PCs' MACs >>> >>> but when i run "brctl showmacs br0" it will list all the MACs and also " >>> brctl show" will show that all the correct adapters are in br0 >>> >>> SELinux disabled >>> >>> any ideas? >> First of all you should check routing table of remote hosts. If everything >> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i >> [device name]". >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hi the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил wrote: > > > 27.09.2011, 09:52, "唐建伟" : > > Hi all, > > > > I just intalled openvpn + bridge in CentOS 6, but i get strange problems: > > > > the remote PCs cannot get the local PCs' MACs and also, the local PCs > > cannot get the remote PCs' MACs > > > > but when i run "brctl showmacs br0" it will list all the MACs and also " > > brctl show" will show that all the correct adapters are in br0 > > > > SELinux disabled > > > > any ideas? > > > > First of all you should check routing table of remote hosts. If everything > is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i > [device name]". > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
27.09.2011, 09:52, "唐建伟" : > Hi all, > > I just intalled openvpn + bridge in CentOS 6, but i get strange problems: > > the remote PCs cannot get the local PCs' MACs and also, the local PCs > cannot get the remote PCs' MACs > > but when i run "brctl showmacs br0" it will list all the MACs and also " > brctl show" will show that all the correct adapters are in br0 > > SELinux disabled > > any ideas? > First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i [device name]". ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos