openvpn + bridge utils in CentOS 6
27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> Hi all, > > I just intalled openvpn + bridge in CentOS 6, but i get strange problems: > > the remote PCs cannot get the local PCs' *MACs and also, the local PCs > cannot get the remote PCs' MACs > > but when i run "brctl showmacs br0" *it will list all the MACs and also " > brctl show" will show that all the correct adapters are in br0 > > SELinux disabled > > any ideas? > First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i [device name]". _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
Hi
the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > > > 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: > > Hi all, > > > > I just intalled openvpn + bridge in CentOS 6, but i get strange problems: > > > > the remote PCs cannot get the local PCs' MACs and also, the local PCs > > cannot get the remote PCs' MACs > > > > but when i run "brctl showmacs br0" it will list all the MACs and also " > > brctl show" will show that all the correct adapters are in br0 > > > > SELinux disabled > > > > any ideas? > > > > First of all you should check routing table of remote hosts. If everything > is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i > [device name]". > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device.
27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: > Hi > > the routing table in the remote hosts are OK. "tcpdump -n -i [device name]" > cannot capture any packages from remote. no mater br0 nor tap0. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > >> *27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: >>> *Hi all, >>> >>> *I just intalled openvpn + bridge in CentOS 6, but i get strange problems: >>> >>> *the remote PCs cannot get the local PCs' *MACs and also, the local PCs >>> *cannot get the remote PCs' MACs >>> >>> *but when i run "brctl showmacs br0" *it will list all the MACs and also " >>> *brctl show" will show that all the correct adapters are in br0 >>> >>> *SELinux disabled >>> >>> *any ideas? >> *First of all you should check routing table of remote hosts. If *everything >> *is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i >> *[device name]". >> *_______________________________________________ >> *CentOS mailing list >> *CentOS@centos.org >> *http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
Hi
no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > > So, something stop packets from remote hosts. May be firewall on remote > PC...? and can you run tcpdump on same remote host, to check that it's tap0 > device. > > 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: > > Hi > > > > the routing table in the remote hosts are OK. "tcpdump -n -i [device > name]" > > cannot capture any packages from remote. no mater br0 nor tap0. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru > >wrote: > > > >> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: > >>> Hi all, > >>> > >>> I just intalled openvpn + bridge in CentOS 6, but i get strange > problems: > >>> > >>> the remote PCs cannot get the local PCs' MACs and also, the local PCs > >>> cannot get the remote PCs' MACs > >>> > >>> but when i run "brctl showmacs br0" it will list all the MACs and > also " > >>> brctl show" will show that all the correct adapters are in br0 > >>> > >>> SELinux disabled > >>> > >>> any ideas? > >> First of all you should check routing table of remote hosts. If > everything > >> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n > -i > >> [device name]". > >> _______________________________________________ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands?
27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: > Hi > > no, i don't think so. anyway, i can and only can the vpn server from the > remote hosts. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > >> *So, something stop packets from remote hosts. May be firewall on remote >> *PC...? and can you run tcpdump on same remote host, to check that it's tap0 >> *device. >> >> *27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: >>> *Hi >>> >>> *the routing table in the remote hosts are OK. "tcpdump -n -i [device >> *name]" >>> *cannot capture any packages from remote. no mater br0 nor tap0. >>> >>> *Best Regards >>> *Tang Jianwei >>> >>> *On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru >>> wrote: >>>> **27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: >>>>> **Hi all, >>>>> >>>>> **I just intalled openvpn + bridge in CentOS 6, but i get strange >> *problems: >>>>> **the remote PCs cannot get the local PCs' *MACs and also, the local PCs >>>>> **cannot get the remote PCs' MACs >>>>> >>>>> **but when i run "brctl showmacs br0" *it will list all the MACs and >> *also " >>>>> **brctl show" will show that all the correct adapters are in br0 >>>>> >>>>> **SELinux disabled >>>>> >>>>> **any ideas? >>>> **First of all you should check routing table of remote hosts. If >> **everything >>>> **is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n >> *-i >>>> **[device name]". >>>> **______________________________________________ _ >>>> **CentOS mailing list >>>> **CentOS@centos.org >>>> **http://lists.centos.org/mailman/listinfo/centos >>> *-- >>> *Tang Jianwei >>> *System Administrator >>> *_______________________________________________ >>> *CentOS mailing list >>> *CentOS@centos.org >>> *http://lists.centos.org/mailman/listinfo/centos >> *_______________________________________________ >> *CentOS mailing list >> *CentOS@centos.org >> *http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
openvpn configure file
*port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth1" eth_ip="192.168.119.1" eth_netmask="255.255.255.0" eth_broadcast="192.168.119.255" for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > Hm... It's very hard to guess without config files. Can you post your > server and client openvpn configs... and also can your show a br0 creation > commands? > > 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: > > Hi > > > > no, i don't think so. anyway, i can and only can the vpn server from the > > remote hosts. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru > >wrote: > > > >> So, something stop packets from remote hosts. May be firewall on remote > >> PC...? and can you run tcpdump on same remote host, to check that it's > tap0 > >> device. > >> > >> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: > >>> Hi > >>> > >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device > >> name]" > >>> cannot capture any packages from remote. no mater br0 nor tap0. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > mikxalich@yandex.ru > >>> wrote: > >>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: > >>>>> Hi all, > >>>>> > >>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange > >> problems: > >>>>> the remote PCs cannot get the local PCs' MACs and also, the local > PCs > >>>>> cannot get the remote PCs' MACs > >>>>> > >>>>> but when i run "brctl showmacs br0" it will list all the MACs and > >> also " > >>>>> brctl show" will show that all the correct adapters are in br0 > >>>>> > >>>>> SELinux disabled > >>>>> > >>>>> any ideas? > >>>> First of all you should check routing table of remote hosts. If > >> everything > >>>> is correct, try to monitor br0, and other devises(ethX) by "tcpdump > -n > >> -i > >>>> [device name]". > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS@centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS@centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines:
for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script > openvpn configure file > > *port 1194 > proto udp > dev tap0 > ca ca.crt > cert VPN_Server.crt > key VPN_Server.key *# This file should be kept secret > dh dh1024.pem > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > keepalive 10 120 > comp-lzo > user nobody > group nobody > persist-key > persist-tun > status openvpn-status.log > log-append */var/log/openvpn.log > verb 3 > mute 20 > * > > the script for bring up the bridge > *# Define Bridge Interface > br="br0" > > # Define list of TAP interfaces to be bridged, > # for example tap="tap0 tap1 tap2". > tap="tap0" > > # Define physical ethernet interface to be bridged > # with TAP interface(s) above. > eth="eth1" > eth_ip="192.168.119.1" > eth_netmask="255.255.255.0" > eth_broadcast="192.168.119.255" > > for t in $tap; do > ****openvpn --mktun --dev $t > done > > brctl addbr $br > brctl addif $br $eth > > for t in $tap; do > ****brctl addif $br $t > done > > for t in $tap; do > ****ifconfig $t 0.0.0.0 promisc up > done > > ifconfig $eth 0.0.0.0 promisc up > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > >> *Hm... It's very hard to guess without config files. Can you post your >> *server and client openvpn configs... and also can your show *a br0 creation >> *commands? >> >> *27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: >>> *Hi >>> >>> *no, i don't think so. anyway, i can and only can the vpn server from the >>> *remote hosts. >>> >>> *Best Regards >>> *Tang Jianwei >>> >>> *On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru >>> wrote: >>>> **So, something stop packets from remote hosts. May be firewall on remote >>>> **PC...? and can you run tcpdump on same remote host, to check that it's >> *tap0 >>>> **device. >>>> >>>> **27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: >>>>> **Hi >>>>> >>>>> **the routing table in the remote hosts are OK. "tcpdump -n -i [device >>>> **name]" >>>>> **cannot capture any packages from remote. no mater br0 nor tap0. >>>>> >>>>> **Best Regards >>>>> **Tang Jianwei >>>>> >>>>> **On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < >> *mikxalich@yandex.ru >>>>> *wrote: >>>>>> ***27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: >>>>>>> ***Hi all, >>>>>>> >>>>>>> ***I just intalled openvpn + bridge in CentOS 6, but i get strange >>>> **problems: >>>>>>> ***the remote PCs cannot get the local PCs' *MACs and also, the local >> *PCs >>>>>>> ***cannot get the remote PCs' MACs >>>>>>> >>>>>>> ***but when i run "brctl showmacs br0" *it will list all the MACs and >>>> **also " >>>>>>> ***brctl show" will show that all the correct adapters are in br0 >>>>>>> >>>>>>> ***SELinux disabled >>>>>>> >>>>>>> ***any ideas? >>>>>> ***First of all you should check routing table of remote hosts. If >>>> ***everything >>>>>> ***is correct, try to monitor br0, and other devises(ethX) by "tcpdump >> *-n >>>> **-i >>>>>> ***[device name]". >>>>>> ***____________________________________________ ___ >>>>>> ***CentOS mailing list >>>>>> ***CentOS@centos.org >>>>>> ***http://lists.centos.org/mailman/listinfo/centos >>>>> **-- >>>>> **Tang Jianwei >>>>> **System Administrator >>>>> **______________________________________________ _ >>>>> **CentOS mailing list >>>>> **CentOS@centos.org >>>>> **http://lists.centos.org/mailman/listinfo/centos >>>> **______________________________________________ _ >>>> **CentOS mailing list >>>> **CentOS@centos.org >>>> **http://lists.centos.org/mailman/listinfo/centos >>> *-- >>> *Tang Jianwei >>> *System Administrator >>> *_______________________________________________ >>> *CentOS mailing list >>> *CentOS@centos.org >>> *http://lists.centos.org/mailman/listinfo/centos >> *_______________________________________________ >> *CentOS mailing list >> *CentOS@centos.org >> *http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
no, i removed the commands you mentioned, but it still doesn't work.
Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > I can't remember a reason, but at one moment I stop to use "openvpn > --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 > by it self. So try to comment this lines: > > for t in $tap; do > openvpn --mktun --dev $t > done > > then restart a network, after then start openvpn and after it start bridge > script > > > > openvpn configure file > > > > *port 1194 > > proto udp > > dev tap0 > > ca ca.crt > > cert VPN_Server.crt > > key VPN_Server.key # This file should be kept secret > > dh dh1024.pem > > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 > > keepalive 10 120 > > comp-lzo > > user nobody > > group nobody > > persist-key > > persist-tun > > status openvpn-status.log > > log-append /var/log/openvpn.log > > verb 3 > > mute 20 > > * > > > > the script for bring up the bridge > > *# Define Bridge Interface > > br="br0" > > > > # Define list of TAP interfaces to be bridged, > > # for example tap="tap0 tap1 tap2". > > tap="tap0" > > > > # Define physical ethernet interface to be bridged > > # with TAP interface(s) above. > > eth="eth1" > > eth_ip="192.168.119.1" > > eth_netmask="255.255.255.0" > > eth_broadcast="192.168.119.255" > > > > for t in $tap; do > > openvpn --mktun --dev $t > > done > > > > brctl addbr $br > > brctl addif $br $eth > > > > for t in $tap; do > > brctl addif $br $t > > done > > > > for t in $tap; do > > ifconfig $t 0.0.0.0 promisc up > > done > > > > ifconfig $eth 0.0.0.0 promisc up > > > > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > > > > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru > >wrote: > > > >> Hm... It's very hard to guess without config files. Can you post your > >> server and client openvpn configs... and also can your show a br0 > creation > >> commands? > >> > >> 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: > >>> Hi > >>> > >>> no, i don't think so. anyway, i can and only can the vpn server from > the > >>> remote hosts. > >>> > >>> Best Regards > >>> Tang Jianwei > >>> > >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < > mikxalich@yandex.ru > >>> wrote: > >>>> So, something stop packets from remote hosts. May be firewall on > remote > >>>> PC...? and can you run tcpdump on same remote host, to check that > it's > >> tap0 > >>>> device. > >>>> > >>>> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: > >>>>> Hi > >>>>> > >>>>> the routing table in the remote hosts are OK. "tcpdump -n -i > [device > >>>> name]" > >>>>> cannot capture any packages from remote. no mater br0 nor tap0. > >>>>> > >>>>> Best Regards > >>>>> Tang Jianwei > >>>>> > >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > >> mikxalich@yandex.ru > >>>>> wrote: > >>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: > >>>>>>> Hi all, > >>>>>>> > >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange > >>>> problems: > >>>>>>> the remote PCs cannot get the local PCs' MACs and also, the > local > >> PCs > >>>>>>> cannot get the remote PCs' MACs > >>>>>>> > >>>>>>> but when i run "brctl showmacs br0" it will list all the MACs > and > >>>> also " > >>>>>>> brctl show" will show that all the correct adapters are in br0 > >>>>>>> > >>>>>>> SELinux disabled > >>>>>>> > >>>>>>> any ideas? > >>>>>> First of all you should check routing table of remote hosts. If > >>>> everything > >>>>>> is correct, try to monitor br0, and other devises(ethX) by > "tcpdump > >> -n > >>>> -i > >>>>>> [device name]". > >>>>>> _______________________________________________ > >>>>>> CentOS mailing list > >>>>>> CentOS@centos.org > >>>>>> http://lists.centos.org/mailman/listinfo/centos > >>>>> -- > >>>>> Tang Jianwei > >>>>> System Administrator > >>>>> _______________________________________________ > >>>>> CentOS mailing list > >>>>> CentOS@centos.org > >>>>> http://lists.centos.org/mailman/listinfo/centos > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS@centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS@centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
28.09.2011, 04:58, "唐建伟" <myhnet@gmail.com>:
Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions? I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets. tcpdump on all devices (tap0, eth1, br0) give me the same: 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts// and no APR REPLY. Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly. > no, i removed the commands you mentioned, but it still doesn't work. > > Best Regards > Tang Jianwei > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > >> *I can't remember a reason, but at one moment I stop to use *"openvpn >> *--mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 >> *by it self. So try to comment this lines: >> >> **for t in $tap; do >> *****openvpn --mktun --dev $t >> **done >> >> *then restart a network, after then start openvpn and after it start bridge >> *script >>> *openvpn configure file >>> >>> **port 1194 >>> *proto udp >>> *dev tap0 >>> *ca ca.crt >>> *cert VPN_Server.crt >>> *key VPN_Server.key *# This file should be kept secret >>> *dh dh1024.pem >>> *server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 >>> *keepalive 10 120 >>> *comp-lzo >>> *user nobody >>> *group nobody >>> *persist-key >>> *persist-tun >>> *status openvpn-status.log >>> *log-append */var/log/openvpn.log >>> *verb 3 >>> *mute 20 >>> ** >>> >>> *the script for bring up the bridge >>> **# Define Bridge Interface >>> *br="br0" >>> >>> *# Define list of TAP interfaces to be bridged, >>> *# for example tap="tap0 tap1 tap2". >>> *tap="tap0" >>> >>> *# Define physical ethernet interface to be bridged >>> *# with TAP interface(s) above. >>> *eth="eth1" >>> *eth_ip="192.168.119.1" >>> *eth_netmask="255.255.255.0" >>> *eth_broadcast="192.168.119.255" >>> >>> *for t in $tap; do >>> *****openvpn --mktun --dev $t >>> *done >>> >>> *brctl addbr $br >>> *brctl addif $br $eth >>> >>> *for t in $tap; do >>> *****brctl addif $br $t >>> *done >>> >>> *for t in $tap; do >>> *****ifconfig $t 0.0.0.0 promisc up >>> *done >>> >>> *ifconfig $eth 0.0.0.0 promisc up >>> >>> *ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* >>> >>> *On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru >>> wrote: >>>> **Hm... It's very hard to guess without config files. Can you post your >>>> **server and client openvpn configs... and also can your show *a br0 >> *creation >>>> **commands? >>>> >>>> **27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: >>>>> **Hi >>>>> >>>>> **no, i don't think so. anyway, i can and only can the vpn server from >> *the >>>>> **remote hosts. >>>>> >>>>> **Best Regards >>>>> **Tang Jianwei >>>>> >>>>> **On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < >> *mikxalich@yandex.ru >>>>> *wrote: >>>>>> ***So, something stop packets from remote hosts. May be firewall on >> *remote >>>>>> ***PC...? and can you run tcpdump on same remote host, to check that >> *it's >>>> **tap0 >>>>>> ***device. >>>>>> >>>>>> ***27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: >>>>>>> ***Hi >>>>>>> >>>>>>> ***the routing table in the remote hosts are OK. "tcpdump -n -i >> *[device >>>>>> ***name]" >>>>>>> ***cannot capture any packages from remote. no mater br0 nor tap0. >>>>>>> >>>>>>> ***Best Regards >>>>>>> ***Tang Jianwei >>>>>>> >>>>>>> ***On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < >>>> **mikxalich@yandex.ru >>>>>>> **wrote: >>>>>>>> ****27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: >>>>>>>>> ****Hi all, >>>>>>>>> >>>>>>>>> ****I just intalled openvpn + bridge in CentOS 6, but i get strange >>>>>> ***problems: >>>>>>>>> ****the remote PCs cannot get the local PCs' *MACs and also, the >> *local >>>> **PCs >>>>>>>>> ****cannot get the remote PCs' MACs >>>>>>>>> >>>>>>>>> ****but when i run "brctl showmacs br0" *it will list all the MACs >> *and >>>>>> ***also " >>>>>>>>> ****brctl show" will show that all the correct adapters are in br0 >>>>>>>>> >>>>>>>>> ****SELinux disabled >>>>>>>>> >>>>>>>>> ****any ideas? >>>>>>>> ****First of all you should check routing table of remote hosts. If >>>>>> ****everything >>>>>>>> ****is correct, try to monitor br0, and other devises(ethX) by >> *"tcpdump >>>> **-n >>>>>> ***-i >>>>>>>> ****[device name]". >>>>>>>> ****__________________________________________ _____ >>>>>>>> ****CentOS mailing list >>>>>>>> ****CentOS@centos.org >>>>>>>> ****http://lists.centos.org/mailman/listinfo/centos >>>>>>> ***-- >>>>>>> ***Tang Jianwei >>>>>>> ***System Administrator >>>>>>> ***____________________________________________ ___ >>>>>>> ***CentOS mailing list >>>>>>> ***CentOS@centos.org >>>>>>> ***http://lists.centos.org/mailman/listinfo/centos >>>>>> ***____________________________________________ ___ >>>>>> ***CentOS mailing list >>>>>> ***CentOS@centos.org >>>>>> ***http://lists.centos.org/mailman/listinfo/centos >>>>> **-- >>>>> **Tang Jianwei >>>>> **System Administrator >>>>> **______________________________________________ _ >>>>> **CentOS mailing list >>>>> **CentOS@centos.org >>>>> **http://lists.centos.org/mailman/listinfo/centos >>>> **______________________________________________ _ >>>> **CentOS mailing list >>>> **CentOS@centos.org >>>> **http://lists.centos.org/mailman/listinfo/centos >>> *-- >>> *Tang Jianwei >>> *System Administrator >>> *_______________________________________________ >>> *CentOS mailing list >>> *CentOS@centos.org >>> *http://lists.centos.org/mailman/listinfo/centos >> *_______________________________________________ >> *CentOS mailing list >> *CentOS@centos.org >> *http://lists.centos.org/mailman/listinfo/centos > -- > Tang Jianwei > System Administrator > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
openvpn + bridge utils in CentOS 6
thank you very much for your follow up. wish to get good news from you soon.
On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил <mikxalich@yandex.ru>wrote: > > > 28.09.2011, 04:58, "唐建伟" <myhnet@gmail.com>: > Hello, I didn't find what to answer to you mounth ago. But now I also have > an installation of centos 6 (at past I used centos 5.7) , and I have the > same problems as you. First of all, did you find any solutions? > > I only found that the problem is in br0 device. I can't guess why but it > not recive ARP REPLY packets. > > tcpdump on all devices (tap0, eth1, br0) give me the same: > > 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, > length 28 > //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my > local hosts// > > and no APR REPLY. > > Intresting that on other hand I have the same configs files on Centos 5.7. > and everything work perfectly. > > > > no, i removed the commands you mentioned, but it still doesn't work. > > > > Best Regards > > Tang Jianwei > > > > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru > >wrote: > > > >> I can't remember a reason, but at one moment I stop to use "openvpn > >> --mktun --dev [dev name]" command. May be it's becouse openvpn create > tap0 > >> by it self. So try to comment this lines: > >> > >> for t in $tap; do > >> openvpn --mktun --dev $t > >> done > >> > >> then restart a network, after then start openvpn and after it start > bridge > >> script > >>> openvpn configure file > >>> > >>> *port 1194 > >>> proto udp > >>> dev tap0 > >>> ca ca.crt > >>> cert VPN_Server.crt > >>> key VPN_Server.key # This file should be kept secret > >>> dh dh1024.pem > >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 > 192.168.119.225 > >>> keepalive 10 120 > >>> comp-lzo > >>> user nobody > >>> group nobody > >>> persist-key > >>> persist-tun > >>> status openvpn-status.log > >>> log-append /var/log/openvpn.log > >>> verb 3 > >>> mute 20 > >>> * > >>> > >>> the script for bring up the bridge > >>> *# Define Bridge Interface > >>> br="br0" > >>> > >>> # Define list of TAP interfaces to be bridged, > >>> # for example tap="tap0 tap1 tap2". > >>> tap="tap0" > >>> > >>> # Define physical ethernet interface to be bridged > >>> # with TAP interface(s) above. > >>> eth="eth1" > >>> eth_ip="192.168.119.1" > >>> eth_netmask="255.255.255.0" > >>> eth_broadcast="192.168.119.255" > >>> > >>> for t in $tap; do > >>> openvpn --mktun --dev $t > >>> done > >>> > >>> brctl addbr $br > >>> brctl addif $br $eth > >>> > >>> for t in $tap; do > >>> brctl addif $br $t > >>> done > >>> > >>> for t in $tap; do > >>> ifconfig $t 0.0.0.0 promisc up > >>> done > >>> > >>> ifconfig $eth 0.0.0.0 promisc up > >>> > >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* > >>> > >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил < > mikxalich@yandex.ru > >>> wrote: > >>>> Hm... It's very hard to guess without config files. Can you post > your > >>>> server and client openvpn configs... and also can your show a br0 > >> creation > >>>> commands? > >>>> > >>>> 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>: > >>>>> Hi > >>>>> > >>>>> no, i don't think so. anyway, i can and only can the vpn server > from > >> the > >>>>> remote hosts. > >>>>> > >>>>> Best Regards > >>>>> Tang Jianwei > >>>>> > >>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил < > >> mikxalich@yandex.ru > >>>>> wrote: > >>>>>> So, something stop packets from remote hosts. May be firewall on > >> remote > >>>>>> PC...? and can you run tcpdump on same remote host, to check that > >> it's > >>>> tap0 > >>>>>> device. > >>>>>> > >>>>>> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>: > >>>>>>> Hi > >>>>>>> > >>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i > >> [device > >>>>>> name]" > >>>>>>> cannot capture any packages from remote. no mater br0 nor tap0. > >>>>>>> > >>>>>>> Best Regards > >>>>>>> Tang Jianwei > >>>>>>> > >>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил < > >>>> mikxalich@yandex.ru > >>>>>>> wrote: > >>>>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>: > >>>>>>>>> Hi all, > >>>>>>>>> > >>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get > strange > >>>>>> problems: > >>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the > >> local > >>>> PCs > >>>>>>>>> cannot get the remote PCs' MACs > >>>>>>>>> > >>>>>>>>> but when i run "brctl showmacs br0" it will list all the > MACs > >> and > >>>>>> also " > >>>>>>>>> brctl show" will show that all the correct adapters are in > br0 > >>>>>>>>> > >>>>>>>>> SELinux disabled > >>>>>>>>> > >>>>>>>>> any ideas? > >>>>>>>> First of all you should check routing table of remote hosts. > If > >>>>>> everything > >>>>>>>> is correct, try to monitor br0, and other devises(ethX) by > >> "tcpdump > >>>> -n > >>>>>> -i > >>>>>>>> [device name]". > >>>>>>>> _______________________________________________ > >>>>>>>> CentOS mailing list > >>>>>>>> CentOS@centos.org > >>>>>>>> http://lists.centos.org/mailman/listinfo/centos > >>>>>>> -- > >>>>>>> Tang Jianwei > >>>>>>> System Administrator > >>>>>>> _______________________________________________ > >>>>>>> CentOS mailing list > >>>>>>> CentOS@centos.org > >>>>>>> http://lists.centos.org/mailman/listinfo/centos > >>>>>> _______________________________________________ > >>>>>> CentOS mailing list > >>>>>> CentOS@centos.org > >>>>>> http://lists.centos.org/mailman/listinfo/centos > >>>>> -- > >>>>> Tang Jianwei > >>>>> System Administrator > >>>>> _______________________________________________ > >>>>> CentOS mailing list > >>>>> CentOS@centos.org > >>>>> http://lists.centos.org/mailman/listinfo/centos > >>>> _______________________________________________ > >>>> CentOS mailing list > >>>> CentOS@centos.org > >>>> http://lists.centos.org/mailman/listinfo/centos > >>> -- > >>> Tang Jianwei > >>> System Administrator > >>> _______________________________________________ > >>> CentOS mailing list > >>> CentOS@centos.org > >>> http://lists.centos.org/mailman/listinfo/centos > >> _______________________________________________ > >> CentOS mailing list > >> CentOS@centos.org > >> http://lists.centos.org/mailman/listinfo/centos > > -- > > Tang Jianwei > > System Administrator > > _______________________________________________ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Tang Jianwei System Administrator _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
| All times are GMT. The time now is 02:06 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.