FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-08-2011, 01:30 PM
Минтаиров Михаил
 
Default openvpn + bridge utils in CentOS 6

This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution:

http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/

So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration).

> Hello,
>
> I did not have read this issue before, but I have seen this problem
> also. Whenever I restart the bridge (with tap0 interfaces also) I have
> to make a first ping to the physical interface related to the tap0
> module. I also ping another machine on the same physical network. After
> that, I am able to reach the bridged one.
>
> Extrange behaviour but this works for me in this way now.
>
> I look forward RedHat fixed this bug soon.
>
> El 07/11/11 06:39, 唐建伟 escribió:
>
>> *thank you very much for your follow up. wish to get good news from you soon.
>>
>> *On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich@yandex.ru>wrote:
>>> *28.09.2011, 04:58, "唐建伟"<myhnet@gmail.com>:
>>> *Hello, I didn't find what to answer to you mounth ago. But now I also have
>>> *an installation of centos 6 (at past I used centos 5.7) , and I have the
>>> *same problems as you. First of all, did you find any solutions?
>>>
>>> *I only found that the problem is in br0 device. I can't guess why but it
>>> *not recive ARP REPLY packets.
>>>
>>> *tcpdump on all devices (tap0, eth1, br0) give me the same:
>>>
>>> *20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>> *length 28
>>> *20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>> *length 28
>>> *20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
>>> *length 28
>>> *//192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
>>> *local hosts//
>>>
>>> *and no APR REPLY.
>>>
>>> *Intresting that on other hand I have the same configs files on Centos 5.7.
>>> *and everything work perfectly.
>>>> *no, i removed the commands you mentioned, but it still doesn't work.
>>>>
>>>> *Best Regards
>>>> *Tang Jianwei
>>>>
>>>> *On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<mikxalich@yandex.ru
>>>> *wrote:
>>>>> ***I can't remember a reason, but at one moment I stop to use *"openvpn
>>>>> ***--mktun --dev [dev name]" command. May be it's becouse openvpn create
>>> *tap0
>>>>> ***by it self. So try to comment this lines:
>>>>>
>>>>> ****for t in $tap; do
>>>>> *******openvpn --mktun --dev $t
>>>>> ****done
>>>>>
>>>>> ***then restart a network, after then start openvpn and after it start
>>> *bridge
>>>>> ***script
>>>>>> ***openvpn configure file
>>>>>>
>>>>>> ****port 1194
>>>>>> ***proto udp
>>>>>> ***dev tap0
>>>>>> ***ca ca.crt
>>>>>> ***cert VPN_Server.crt
>>>>>> ***key VPN_Server.key *# This file should be kept secret
>>>>>> ***dh dh1024.pem
>>>>>> ***server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
>>> *192.168.119.225
>>>>>> ***keepalive 10 120
>>>>>> ***comp-lzo
>>>>>> ***user nobody
>>>>>> ***group nobody
>>>>>> ***persist-key
>>>>>> ***persist-tun
>>>>>> ***status openvpn-status.log
>>>>>> ***log-append */var/log/openvpn.log
>>>>>> ***verb 3
>>>>>> ***mute 20
>>>>>> ****
>>>>>>
>>>>>> ***the script for bring up the bridge
>>>>>> ****# Define Bridge Interface
>>>>>> ***br="br0"
>>>>>>
>>>>>> ***# Define list of TAP interfaces to be bridged,
>>>>>> ***# for example tap="tap0 tap1 tap2".
>>>>>> ***tap="tap0"
>>>>>>
>>>>>> ***# Define physical ethernet interface to be bridged
>>>>>> ***# with TAP interface(s) above.
>>>>>> ***eth="eth1"
>>>>>> ***eth_ip="192.168.119.1"
>>>>>> ***eth_netmask="255.255.255.0"
>>>>>> ***eth_broadcast="192.168.119.255"
>>>>>>
>>>>>> ***for t in $tap; do
>>>>>> *******openvpn --mktun --dev $t
>>>>>> ***done
>>>>>>
>>>>>> ***brctl addbr $br
>>>>>> ***brctl addif $br $eth
>>>>>>
>>>>>> ***for t in $tap; do
>>>>>> *******brctl addif $br $t
>>>>>> ***done
>>>>>>
>>>>>> ***for t in $tap; do
>>>>>> *******ifconfig $t 0.0.0.0 promisc up
>>>>>> ***done
>>>>>>
>>>>>> ***ifconfig $eth 0.0.0.0 promisc up
>>>>>>
>>>>>> ***ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>>>>>>
>>>>>> ***On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
>>> *mikxalich@yandex.ru
>>>>>> *wrote:
>>>>>>> ****Hm... It's very hard to guess without config files. Can you post
>>> *your
>>>>>>> ****server and client openvpn configs... and also can your show *a br0
>>>>> ***creation
>>>>>>> ****commands?
>>>>>>>
>>>>>>> ****27.09.2011, 12:01, "唐建伟"<myhnet@gmail.com>:
>>>>>>>> ****Hi
>>>>>>>>
>>>>>>>> ****no, i don't think so. anyway, i can and only can the vpn server
>>> *from
>>>>> ***the
>>>>>>>> ****remote hosts.
>>>>>>>>
>>>>>>>> ****Best Regards
>>>>>>>> ****Tang Jianwei
>>>>>>>>
>>>>>>>> ****On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил<
>>>>> ***mikxalich@yandex.ru
>>>>>>>> ***wrote:
>>>>>>>>> *****So, something stop packets from remote hosts. May be firewall on
>>>>> ***remote
>>>>>>>>> *****PC...? and can you run tcpdump on same remote host, to check that
>>>>> ***it's
>>>>>>> ****tap0
>>>>>>>>> *****device.
>>>>>>>>>
>>>>>>>>> *****27.09.2011, 11:06, "唐建伟"<myhnet@gmail.com>:
>>>>>>>>>> *****Hi
>>>>>>>>>>
>>>>>>>>>> *****the routing table in the remote hosts are OK. "tcpdump -n -i
>>>>> ***[device
>>>>>>>>> *****name]"
>>>>>>>>>> *****cannot capture any packages from remote. no mater br0 nor tap0.
>>>>>>>>>>
>>>>>>>>>> *****Best Regards
>>>>>>>>>> *****Tang Jianwei
>>>>>>>>>>
>>>>>>>>>> *****On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил<
>>>>>>> ****mikxalich@yandex.ru
>>>>>>>>>> ****wrote:
>>>>>>>>>>> ******27.09.2011, 09:52, "唐建伟"<myhnet@gmail.com>:
>>>>>>>>>>>> ******Hi all,
>>>>>>>>>>>>
>>>>>>>>>>>> ******I just intalled openvpn + bridge in CentOS 6, but i get
>>> *strange
>>>>>>>>> *****problems:
>>>>>>>>>>>> ******the remote PCs cannot get the local PCs' *MACs and also, the
>>>>> ***local
>>>>>>> ****PCs
>>>>>>>>>>>> ******cannot get the remote PCs' MACs
>>>>>>>>>>>>
>>>>>>>>>>>> ******but when i run "brctl showmacs br0" *it will list all the
>>> *MACs
>>>>> ***and
>>>>>>>>> *****also "
>>>>>>>>>>>> ******brctl show" will show that all the correct adapters are in
>>> *br0
>>>>>>>>>>>> ******SELinux disabled
>>>>>>>>>>>>
>>>>>>>>>>>> ******any ideas?
>>>>>>>>>>> ******First of all you should check routing table of remote hosts.
>>> *If
>>>>>>>>> ******everything
>>>>>>>>>>> ******is correct, try to monitor br0, and other devises(ethX) by
>>>>> ***"tcpdump
>>>>>>> ****-n
>>>>>>>>> *****-i
>>>>>>>>>>> ******[device name]".
>>>>>>>>>>> ******______________________________________ _________
>>>>>>>>>>> ******CentOS mailing list
>>>>>>>>>>> ******CentOS@centos.org
>>>>>>>>>>> ******http://lists.centos.org/mailman/listinfo/centos
>>>>>>>>>> *****--
>>>>>>>>>> *****Tang Jianwei
>>>>>>>>>> *****System Administrator
>>>>>>>>>> *****________________________________________ _______
>>>>>>>>>> *****CentOS mailing list
>>>>>>>>>> *****CentOS@centos.org
>>>>>>>>>> *****http://lists.centos.org/mailman/listinfo/centos
>>>>>>>>> *****________________________________________ _______
>>>>>>>>> *****CentOS mailing list
>>>>>>>>> *****CentOS@centos.org
>>>>>>>>> *****http://lists.centos.org/mailman/listinfo/centos
>>>>>>>> ****--
>>>>>>>> ****Tang Jianwei
>>>>>>>> ****System Administrator
>>>>>>>> ****__________________________________________ _____
>>>>>>>> ****CentOS mailing list
>>>>>>>> ****CentOS@centos.org
>>>>>>>> ****http://lists.centos.org/mailman/listinfo/centos
>>>>>>> ****__________________________________________ _____
>>>>>>> ****CentOS mailing list
>>>>>>> ****CentOS@centos.org
>>>>>>> ****http://lists.centos.org/mailman/listinfo/centos
>>>>>> ***--
>>>>>> ***Tang Jianwei
>>>>>> ***System Administrator
>>>>>> ***____________________________________________ ___
>>>>>> ***CentOS mailing list
>>>>>> ***CentOS@centos.org
>>>>>> ***http://lists.centos.org/mailman/listinfo/centos
>>>>> ***____________________________________________ ___
>>>>> ***CentOS mailing list
>>>>> ***CentOS@centos.org
>>>>> ***http://lists.centos.org/mailman/listinfo/centos
>>>> *--
>>>> *Tang Jianwei
>>>> *System Administrator
>>>> *_______________________________________________
>>>> *CentOS mailing list
>>>> *CentOS@centos.org
>>>> *http://lists.centos.org/mailman/listinfo/centos
>>> *_______________________________________________
>>> *CentOS mailing list
>>> *CentOS@centos.org
>>> *http://lists.centos.org/mailman/listinfo/centos
> --
>
> Lorenzo Martinez Rodriguez
>
> Visit me: **http://www.lorenzomartinez.es
> Mail me to: lorenzo@lorenzomartinez.es
> My blog: http://www.securitybydefault.com
> My twitter: @lawwait
> PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-09-2011, 12:13 AM
唐建伟
 
Default openvpn + bridge utils in CentOS 6

hmmm, it should be the exact problem i got, thank you very much.

On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

> This situation with pings is really strange...But in my case the solution
> was much easier . CentOS 6 was installed on VmWare virtual machine and the
> problem was in it network device configuration. The most hardly thing was
> to guess to that. After this I quickly found a solution:
>
> http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/
>
> So, to my experience, the CentOS(or RedHat) work correctly, and may be you
> should try to look for errors in somewhere else (as in my case it was
> VmWare configuration).
>
> > Hello,
> >
> > I did not have read this issue before, but I have seen this problem
> > also. Whenever I restart the bridge (with tap0 interfaces also) I have
> > to make a first ping to the physical interface related to the tap0
> > module. I also ping another machine on the same physical network. After
> > that, I am able to reach the bridged one.
> >
> > Extrange behaviour but this works for me in this way now.
> >
> > I look forward RedHat fixed this bug soon.
> >
> > El 07/11/11 06:39, 唐建伟 escribió:
> >
> >> thank you very much for your follow up. wish to get good news from you
> soon.
> >>
> >> On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich@yandex.ru
> >wrote:
> >>> 28.09.2011, 04:58, "唐建伟"<myhnet@gmail.com>:
> >>> Hello, I didn't find what to answer to you mounth ago. But now I also
> have
> >>> an installation of centos 6 (at past I used centos 5.7) , and I have
> the
> >>> same problems as you. First of all, did you find any solutions?
> >>>
> >>> I only found that the problem is in br0 device. I can't guess why but
> it
> >>> not recive ARP REPLY packets.
> >>>
> >>> tcpdump on all devices (tap0, eth1, br0) give me the same:
> >>>
> >>> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>> length 28
> >>> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>> length 28
> >>> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>> length 28
> >>> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of
> my
> >>> local hosts//
> >>>
> >>> and no APR REPLY.
> >>>
> >>> Intresting that on other hand I have the same configs files on Centos
> 5.7.
> >>> and everything work perfectly.
> >>>> no, i removed the commands you mentioned, but it still doesn't work.
> >>>>
> >>>> Best Regards
> >>>> Tang Jianwei
> >>>>
> >>>> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<
> mikxalich@yandex.ru
> >>>> wrote:
> >>>>> I can't remember a reason, but at one moment I stop to use
> "openvpn
> >>>>> --mktun --dev [dev name]" command. May be it's becouse openvpn
> create
> >>> tap0
> >>>>> by it self. So try to comment this lines:
> >>>>>
> >>>>> for t in $tap; do
> >>>>> openvpn --mktun --dev $t
> >>>>> done
> >>>>>
> >>>>> then restart a network, after then start openvpn and after it
> start
> >>> bridge
> >>>>> script
> >>>>>> openvpn configure file
> >>>>>>
> >>>>>> *port 1194
> >>>>>> proto udp
> >>>>>> dev tap0
> >>>>>> ca ca.crt
> >>>>>> cert VPN_Server.crt
> >>>>>> key VPN_Server.key # This file should be kept secret
> >>>>>> dh dh1024.pem
> >>>>>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> >>> 192.168.119.225
> >>>>>> keepalive 10 120
> >>>>>> comp-lzo
> >>>>>> user nobody
> >>>>>> group nobody
> >>>>>> persist-key
> >>>>>> persist-tun
> >>>>>> status openvpn-status.log
> >>>>>> log-append /var/log/openvpn.log
> >>>>>> verb 3
> >>>>>> mute 20
> >>>>>> *
> >>>>>>
> >>>>>> the script for bring up the bridge
> >>>>>> *# Define Bridge Interface
> >>>>>> br="br0"
> >>>>>>
> >>>>>> # Define list of TAP interfaces to be bridged,
> >>>>>> # for example tap="tap0 tap1 tap2".
> >>>>>> tap="tap0"
> >>>>>>
> >>>>>> # Define physical ethernet interface to be bridged
> >>>>>> # with TAP interface(s) above.
> >>>>>> eth="eth1"
> >>>>>> eth_ip="192.168.119.1"
> >>>>>> eth_netmask="255.255.255.0"
> >>>>>> eth_broadcast="192.168.119.255"
> >>>>>>
> >>>>>> for t in $tap; do
> >>>>>> openvpn --mktun --dev $t
> >>>>>> done
> >>>>>>
> >>>>>> brctl addbr $br
> >>>>>> brctl addif $br $eth
> >>>>>>
> >>>>>> for t in $tap; do
> >>>>>> brctl addif $br $t
> >>>>>> done
> >>>>>>
> >>>>>> for t in $tap; do
> >>>>>> ifconfig $t 0.0.0.0 promisc up
> >>>>>> done
> >>>>>>
> >>>>>> ifconfig $eth 0.0.0.0 promisc up
> >>>>>>
> >>>>>> ifconfig $br $eth_ip netmask $eth_netmask broadcast
> $eth_broadcast*
> >>>>>>
> >>>>>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
> >>> mikxalich@yandex.ru
> >>>>>> wrote:
> >>>>>>> Hm... It's very hard to guess without config files. Can you
> post
> >>> your
> >>>>>>> server and client openvpn configs... and also can your show a
> br0
> >>>>> creation
> >>>>>>> commands?
> >>>>>>>
> >>>>>>> 27.09.2011, 12:01, "唐建伟"<myhnet@gmail.com>:
> >>>>>>>> Hi
> >>>>>>>>
> >>>>>>>> no, i don't think so. anyway, i can and only can the vpn
> server
> >>> from
> >>>>> the
> >>>>>>>> remote hosts.
> >>>>>>>>
> >>>>>>>> Best Regards
> >>>>>>>> Tang Jianwei
> >>>>>>>>
> >>>>>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил<
> >>>>> mikxalich@yandex.ru
> >>>>>>>> wrote:
> >>>>>>>>> So, something stop packets from remote hosts. May be
> firewall on
> >>>>> remote
> >>>>>>>>> PC...? and can you run tcpdump on same remote host, to
> check that
> >>>>> it's
> >>>>>>> tap0
> >>>>>>>>> device.
> >>>>>>>>>
> >>>>>>>>> 27.09.2011, 11:06, "唐建伟"<myhnet@gmail.com>:
> >>>>>>>>>> Hi
> >>>>>>>>>>
> >>>>>>>>>> the routing table in the remote hosts are OK. "tcpdump -n
> -i
> >>>>> [device
> >>>>>>>>> name]"
> >>>>>>>>>> cannot capture any packages from remote. no mater br0 nor
> tap0.
> >>>>>>>>>>
> >>>>>>>>>> Best Regards
> >>>>>>>>>> Tang Jianwei
> >>>>>>>>>>
> >>>>>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил<
> >>>>>>> mikxalich@yandex.ru
> >>>>>>>>>> wrote:
> >>>>>>>>>>> 27.09.2011, 09:52, "唐建伟"<myhnet@gmail.com>:
> >>>>>>>>>>>> Hi all,
> >>>>>>>>>>>>
> >>>>>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get
> >>> strange
> >>>>>>>>> problems:
> >>>>>>>>>>>> the remote PCs cannot get the local PCs' MACs and
> also, the
> >>>>> local
> >>>>>>> PCs
> >>>>>>>>>>>> cannot get the remote PCs' MACs
> >>>>>>>>>>>>
> >>>>>>>>>>>> but when i run "brctl showmacs br0" it will list all
> the
> >>> MACs
> >>>>> and
> >>>>>>>>> also "
> >>>>>>>>>>>> brctl show" will show that all the correct adapters are
> in
> >>> br0
> >>>>>>>>>>>> SELinux disabled
> >>>>>>>>>>>>
> >>>>>>>>>>>> any ideas?
> >>>>>>>>>>> First of all you should check routing table of remote
> hosts.
> >>> If
> >>>>>>>>> everything
> >>>>>>>>>>> is correct, try to monitor br0, and other devises(ethX)
> by
> >>>>> "tcpdump
> >>>>>>> -n
> >>>>>>>>> -i
> >>>>>>>>>>> [device name]".
> >>>>>>>>>>> _______________________________________________
> >>>>>>>>>>> CentOS mailing list
> >>>>>>>>>>> CentOS@centos.org
> >>>>>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>>>> --
> >>>>>>>>>> Tang Jianwei
> >>>>>>>>>> System Administrator
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> CentOS mailing list
> >>>>>>>>>> CentOS@centos.org
> >>>>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>>> _______________________________________________
> >>>>>>>>> CentOS mailing list
> >>>>>>>>> CentOS@centos.org
> >>>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>> --
> >>>>>>>> Tang Jianwei
> >>>>>>>> System Administrator
> >>>>>>>> _______________________________________________
> >>>>>>>> CentOS mailing list
> >>>>>>>> CentOS@centos.org
> >>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>> _______________________________________________
> >>>>>>> CentOS mailing list
> >>>>>>> CentOS@centos.org
> >>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>> --
> >>>>>> Tang Jianwei
> >>>>>> System Administrator
> >>>>>> _______________________________________________
> >>>>>> CentOS mailing list
> >>>>>> CentOS@centos.org
> >>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>> _______________________________________________
> >>>>> CentOS mailing list
> >>>>> CentOS@centos.org
> >>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>> --
> >>>> Tang Jianwei
> >>>> System Administrator
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS@centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> > --
> >
> > Lorenzo Martinez Rodriguez
> >
> > Visit me: http://www.lorenzomartinez.es
> > Mail me to: lorenzo@lorenzomartinez.es
> > My blog: http://www.securitybydefault.com
> > My twitter: @lawwait
> > PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org