OpenVPN Server Ethernet Bridging Question

Posted by Hooplad on Server Fault See other posts from Server Fault or by Hooplad
Published on 2009-11-23T01:02:35Z Indexed on 2010/03/20 21:01 UTC
Read the original article Hit count: 320

Filed under:
|

Hello All,

I am having a difficult time properly configuring an ethernet bridge using OpenVPN 2.0.9 install on CentOS 5 ( VPN server ). The goal that I am trying to complete is to connect a VM ( instance running on the same CentOS machine ) acting as a Microsoft Business Contact Manager server. I would then like this "BCM server" to serve Windows XP clients on 192.168.1.0/24 network as well as clients connecting from VPN ( 10.8.0.0/24 ). The setup as it is now was based off a known working configuration. The problem with the working configuration was that it would allow to the client to connect and access everything running on the VPN server ( SVN, Samba, VM Server ) but not any computers on the 192.168.1.0/24 network.

I must disclose that the VPN server is behind a router/firewall. Ports are being forwarded correctly ( again, clients were able to connect to the VPN server with no problem. netcat confirms the udp port is open as well ).

current ifconfig output

br0       Link encap:Ethernet  HWaddr 00:21:5E:4D:3A:C2
          inet addr:192.168.1.169  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::221:5eff:fe4d:3ac2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:846890 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3072351 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:42686842 (40.7 MiB)  TX bytes:4540654180 (4.2 GiB)

eth0      Link encap:Ethernet  HWaddr 00:21:5E:4D:3A:C2
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:882641 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1781383 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:82342803 (78.5 MiB)  TX bytes:2614727660 (2.4 GiB)
          Interrupt:169

eth1      Link encap:Ethernet  HWaddr 00:21:5E:4D:3A:C3
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:650 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1347223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:67403 (65.8 KiB)  TX bytes:1959529142 (1.8 GiB)
          Interrupt:233

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:17452058 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17452058 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:94020256229 (87.5 GiB)  TX bytes:94020256229 (87.5 GiB)

tap0      Link encap:Ethernet  HWaddr DE:18:C6:D7:01:63
          inet6 addr: fe80::dc18:c6ff:fed7:163/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3086 errors:0 dropped:166 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:315099 (307.7 KiB)

vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01
          inet addr:192.168.177.1  Bcast:192.168.177.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4224 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08
          inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4226 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

current route table

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.55.0     *               255.255.255.0   U     0      0        0    vmnet8
192.168.177.0   *               255.255.255.0   U     0      0        0    vmnet1
192.168.1.0      *               255.255.255.0   U     0      0        0    br0

current iptables output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

server_known_working.conf

local banshee
port 1194
proto udp
dev tap0
ca ca.crt
cert banshee_server.crt
key banshee_server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
client-to-client
keepalive 10 120
tls-auth ta.key 0
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4

The following is the current CentOS server config file.

server_ethernet_bridged.conf ( current )

local 192.168.1.169
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.169 255.255.255.0 192.168.1.200 192.168.1.210
push "route 192.168.1.0 255.255.255.0 192.168.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6

The following is one of the client's config file that was used with the known working configuration.

client.opvn

client
dev tap
proto udp
remote XXX.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca client.crt
cert client.crt
key client.key
tls-auth client.key 1
verb 3

I have tried the HOWTO provided by OpenVPN as well as others

http://www.thebakershome.net/openvpn%5Ftutorial?page=1

with no success.

Any help or suggestions would be appreciated.

© Server Fault or respective owner

Related posts about openvpn

Related posts about centos