Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   openvpn + bridge utils in CentOS 6 (http://www.linux-archive.org/centos/580535-openvpn-bridge-utils-centos-6-a.html)

Минтаиров Михаил 09-27-2011 06:44 AM

openvpn + bridge utils in CentOS 6
 
27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> Hi all,
>
> I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
>
> the remote PCs cannot get the local PCs' *MACs and also, the local PCs
> cannot get the remote PCs' MACs
>
> but when i run "brctl showmacs br0" *it will list all the MACs and also "
> brctl show" will show that all the correct adapters are in br0
>
> SELinux disabled
>
> any ideas?
>

First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i [device name]".
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

唐建伟 09-27-2011 07:06 AM

openvpn + bridge utils in CentOS 6
 
Hi

the routing table in the remote hosts are OK. "tcpdump -n -i [device name]"
cannot capture any packages from remote. no mater br0 nor tap0.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

>
>
> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> > Hi all,
> >
> > I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
> >
> > the remote PCs cannot get the local PCs' MACs and also, the local PCs
> > cannot get the remote PCs' MACs
> >
> > but when i run "brctl showmacs br0" it will list all the MACs and also "
> > brctl show" will show that all the correct adapters are in br0
> >
> > SELinux disabled
> >
> > any ideas?
> >
>
> First of all you should check routing table of remote hosts. If everything
> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i
> [device name]".
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Минтаиров Михаил 09-27-2011 07:59 AM

openvpn + bridge utils in CentOS 6
 
So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device.

27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
> Hi
>
> the routing table in the remote hosts are OK. "tcpdump -n -i [device name]"
> cannot capture any packages from remote. no mater br0 nor tap0.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:
>
>> *27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
>>> *Hi all,
>>>
>>> *I just intalled openvpn + bridge in CentOS 6, but i get strange problems:
>>>
>>> *the remote PCs cannot get the local PCs' *MACs and also, the local PCs
>>> *cannot get the remote PCs' MACs
>>>
>>> *but when i run "brctl showmacs br0" *it will list all the MACs and also "
>>> *brctl show" will show that all the correct adapters are in br0
>>>
>>> *SELinux disabled
>>>
>>> *any ideas?
>> *First of all you should check routing table of remote hosts. If *everything
>> *is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n -i
>> *[device name]".
>> *_______________________________________________
>> *CentOS mailing list
>> *CentOS@centos.org
>> *http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

唐建伟 09-27-2011 08:01 AM

openvpn + bridge utils in CentOS 6
 
Hi

no, i don't think so. anyway, i can and only can the vpn server from the
remote hosts.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

>
> So, something stop packets from remote hosts. May be firewall on remote
> PC...? and can you run tcpdump on same remote host, to check that it's tap0
> device.
>
> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
> > Hi
> >
> > the routing table in the remote hosts are OK. "tcpdump -n -i [device
> name]"
> > cannot capture any packages from remote. no mater br0 nor tap0.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru
> >wrote:
> >
> >> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> >>> Hi all,
> >>>
> >>> I just intalled openvpn + bridge in CentOS 6, but i get strange
> problems:
> >>>
> >>> the remote PCs cannot get the local PCs' MACs and also, the local PCs
> >>> cannot get the remote PCs' MACs
> >>>
> >>> but when i run "brctl showmacs br0" it will list all the MACs and
> also "
> >>> brctl show" will show that all the correct adapters are in br0
> >>>
> >>> SELinux disabled
> >>>
> >>> any ideas?
> >> First of all you should check routing table of remote hosts. If
> everything
> >> is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n
> -i
> >> [device name]".
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Минтаиров Михаил 09-27-2011 09:20 AM

openvpn + bridge utils in CentOS 6
 
Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands?

27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
> Hi
>
> no, i don't think so. anyway, i can and only can the vpn server from the
> remote hosts.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:
>
>> *So, something stop packets from remote hosts. May be firewall on remote
>> *PC...? and can you run tcpdump on same remote host, to check that it's tap0
>> *device.
>>
>> *27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
>>> *Hi
>>>
>>> *the routing table in the remote hosts are OK. "tcpdump -n -i [device
>> *name]"
>>> *cannot capture any packages from remote. no mater br0 nor tap0.
>>>
>>> *Best Regards
>>> *Tang Jianwei
>>>
>>> *On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <mikxalich@yandex.ru
>>> wrote:
>>>> **27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
>>>>> **Hi all,
>>>>>
>>>>> **I just intalled openvpn + bridge in CentOS 6, but i get strange
>> *problems:
>>>>> **the remote PCs cannot get the local PCs' *MACs and also, the local PCs
>>>>> **cannot get the remote PCs' MACs
>>>>>
>>>>> **but when i run "brctl showmacs br0" *it will list all the MACs and
>> *also "
>>>>> **brctl show" will show that all the correct adapters are in br0
>>>>>
>>>>> **SELinux disabled
>>>>>
>>>>> **any ideas?
>>>> **First of all you should check routing table of remote hosts. If
>> **everything
>>>> **is correct, try to monitor br0, and other devises(ethX) by "tcpdump -n
>> *-i
>>>> **[device name]".
>>>> **______________________________________________ _
>>>> **CentOS mailing list
>>>> **CentOS@centos.org
>>>> **http://lists.centos.org/mailman/listinfo/centos
>>> *--
>>> *Tang Jianwei
>>> *System Administrator
>>> *_______________________________________________
>>> *CentOS mailing list
>>> *CentOS@centos.org
>>> *http://lists.centos.org/mailman/listinfo/centos
>> *_______________________________________________
>> *CentOS mailing list
>> *CentOS@centos.org
>> *http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

唐建伟 09-27-2011 09:32 AM

openvpn + bridge utils in CentOS 6
 
openvpn configure file

*port 1194
proto udp
dev tap0
ca ca.crt
cert VPN_Server.crt
key VPN_Server.key # This file should be kept secret
dh dh1024.pem
server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 20
*

the script for bring up the bridge
*# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.119.1"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.119.255"

for t in $tap; do
openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*


On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

> Hm... It's very hard to guess without config files. Can you post your
> server and client openvpn configs... and also can your show a br0 creation
> commands?
>
> 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
> > Hi
> >
> > no, i don't think so. anyway, i can and only can the vpn server from the
> > remote hosts.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru
> >wrote:
> >
> >> So, something stop packets from remote hosts. May be firewall on remote
> >> PC...? and can you run tcpdump on same remote host, to check that it's
> tap0
> >> device.
> >>
> >> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
> >>> Hi
> >>>
> >>> the routing table in the remote hosts are OK. "tcpdump -n -i [device
> >> name]"
> >>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>
> >>> Best Regards
> >>> Tang Jianwei
> >>>
> >>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> mikxalich@yandex.ru
> >>> wrote:
> >>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> >>>>> Hi all,
> >>>>>
> >>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange
> >> problems:
> >>>>> the remote PCs cannot get the local PCs' MACs and also, the local
> PCs
> >>>>> cannot get the remote PCs' MACs
> >>>>>
> >>>>> but when i run "brctl showmacs br0" it will list all the MACs and
> >> also "
> >>>>> brctl show" will show that all the correct adapters are in br0
> >>>>>
> >>>>> SELinux disabled
> >>>>>
> >>>>> any ideas?
> >>>> First of all you should check routing table of remote hosts. If
> >> everything
> >>>> is correct, try to monitor br0, and other devises(ethX) by "tcpdump
> -n
> >> -i
> >>>> [device name]".
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS@centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Минтаиров Михаил 09-27-2011 10:01 AM

openvpn + bridge utils in CentOS 6
 
I can't remember a reason, but at one moment I stop to use "openvpn --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines:

for t in $tap; do
openvpn --mktun --dev $t
done

then restart a network, after then start openvpn and after it start bridge script


> openvpn configure file
>
> *port 1194
> proto udp
> dev tap0
> ca ca.crt
> cert VPN_Server.crt
> key VPN_Server.key *# This file should be kept secret
> dh dh1024.pem
> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> keepalive 10 120
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> log-append */var/log/openvpn.log
> verb 3
> mute 20
> *
>
> the script for bring up the bridge
> *# Define Bridge Interface
> br="br0"
>
> # Define list of TAP interfaces to be bridged,
> # for example tap="tap0 tap1 tap2".
> tap="tap0"
>
> # Define physical ethernet interface to be bridged
> # with TAP interface(s) above.
> eth="eth1"
> eth_ip="192.168.119.1"
> eth_netmask="255.255.255.0"
> eth_broadcast="192.168.119.255"
>
> for t in $tap; do
> ****openvpn --mktun --dev $t
> done
>
> brctl addbr $br
> brctl addif $br $eth
>
> for t in $tap; do
> ****brctl addif $br $t
> done
>
> for t in $tap; do
> ****ifconfig $t 0.0.0.0 promisc up
> done
>
> ifconfig $eth 0.0.0.0 promisc up
>
> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>
> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:
>
>> *Hm... It's very hard to guess without config files. Can you post your
>> *server and client openvpn configs... and also can your show *a br0 creation
>> *commands?
>>
>> *27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
>>> *Hi
>>>
>>> *no, i don't think so. anyway, i can and only can the vpn server from the
>>> *remote hosts.
>>>
>>> *Best Regards
>>> *Tang Jianwei
>>>
>>> *On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <mikxalich@yandex.ru
>>> wrote:
>>>> **So, something stop packets from remote hosts. May be firewall on remote
>>>> **PC...? and can you run tcpdump on same remote host, to check that it's
>> *tap0
>>>> **device.
>>>>
>>>> **27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
>>>>> **Hi
>>>>>
>>>>> **the routing table in the remote hosts are OK. "tcpdump -n -i [device
>>>> **name]"
>>>>> **cannot capture any packages from remote. no mater br0 nor tap0.
>>>>>
>>>>> **Best Regards
>>>>> **Tang Jianwei
>>>>>
>>>>> **On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
>> *mikxalich@yandex.ru
>>>>> *wrote:
>>>>>> ***27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
>>>>>>> ***Hi all,
>>>>>>>
>>>>>>> ***I just intalled openvpn + bridge in CentOS 6, but i get strange
>>>> **problems:
>>>>>>> ***the remote PCs cannot get the local PCs' *MACs and also, the local
>> *PCs
>>>>>>> ***cannot get the remote PCs' MACs
>>>>>>>
>>>>>>> ***but when i run "brctl showmacs br0" *it will list all the MACs and
>>>> **also "
>>>>>>> ***brctl show" will show that all the correct adapters are in br0
>>>>>>>
>>>>>>> ***SELinux disabled
>>>>>>>
>>>>>>> ***any ideas?
>>>>>> ***First of all you should check routing table of remote hosts. If
>>>> ***everything
>>>>>> ***is correct, try to monitor br0, and other devises(ethX) by "tcpdump
>> *-n
>>>> **-i
>>>>>> ***[device name]".
>>>>>> ***____________________________________________ ___
>>>>>> ***CentOS mailing list
>>>>>> ***CentOS@centos.org
>>>>>> ***http://lists.centos.org/mailman/listinfo/centos
>>>>> **--
>>>>> **Tang Jianwei
>>>>> **System Administrator
>>>>> **______________________________________________ _
>>>>> **CentOS mailing list
>>>>> **CentOS@centos.org
>>>>> **http://lists.centos.org/mailman/listinfo/centos
>>>> **______________________________________________ _
>>>> **CentOS mailing list
>>>> **CentOS@centos.org
>>>> **http://lists.centos.org/mailman/listinfo/centos
>>> *--
>>> *Tang Jianwei
>>> *System Administrator
>>> *_______________________________________________
>>> *CentOS mailing list
>>> *CentOS@centos.org
>>> *http://lists.centos.org/mailman/listinfo/centos
>> *_______________________________________________
>> *CentOS mailing list
>> *CentOS@centos.org
>> *http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

唐建伟 09-28-2011 12:58 AM

openvpn + bridge utils in CentOS 6
 
no, i removed the commands you mentioned, but it still doesn't work.

Best Regards
Tang Jianwei

On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

> I can't remember a reason, but at one moment I stop to use "openvpn
> --mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
> by it self. So try to comment this lines:
>
> for t in $tap; do
> openvpn --mktun --dev $t
> done
>
> then restart a network, after then start openvpn and after it start bridge
> script
>
>
> > openvpn configure file
> >
> > *port 1194
> > proto udp
> > dev tap0
> > ca ca.crt
> > cert VPN_Server.crt
> > key VPN_Server.key # This file should be kept secret
> > dh dh1024.pem
> > server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > log-append /var/log/openvpn.log
> > verb 3
> > mute 20
> > *
> >
> > the script for bring up the bridge
> > *# Define Bridge Interface
> > br="br0"
> >
> > # Define list of TAP interfaces to be bridged,
> > # for example tap="tap0 tap1 tap2".
> > tap="tap0"
> >
> > # Define physical ethernet interface to be bridged
> > # with TAP interface(s) above.
> > eth="eth1"
> > eth_ip="192.168.119.1"
> > eth_netmask="255.255.255.0"
> > eth_broadcast="192.168.119.255"
> >
> > for t in $tap; do
> > openvpn --mktun --dev $t
> > done
> >
> > brctl addbr $br
> > brctl addif $br $eth
> >
> > for t in $tap; do
> > brctl addif $br $t
> > done
> >
> > for t in $tap; do
> > ifconfig $t 0.0.0.0 promisc up
> > done
> >
> > ifconfig $eth 0.0.0.0 promisc up
> >
> > ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >
> > On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru
> >wrote:
> >
> >> Hm... It's very hard to guess without config files. Can you post your
> >> server and client openvpn configs... and also can your show a br0
> creation
> >> commands?
> >>
> >> 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
> >>> Hi
> >>>
> >>> no, i don't think so. anyway, i can and only can the vpn server from
> the
> >>> remote hosts.
> >>>
> >>> Best Regards
> >>> Tang Jianwei
> >>>
> >>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> mikxalich@yandex.ru
> >>> wrote:
> >>>> So, something stop packets from remote hosts. May be firewall on
> remote
> >>>> PC...? and can you run tcpdump on same remote host, to check that
> it's
> >> tap0
> >>>> device.
> >>>>
> >>>> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
> >>>>> Hi
> >>>>>
> >>>>> the routing table in the remote hosts are OK. "tcpdump -n -i
> [device
> >>>> name]"
> >>>>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>
> >>>>> Best Regards
> >>>>> Tang Jianwei
> >>>>>
> >>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >> mikxalich@yandex.ru
> >>>>> wrote:
> >>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> >>>>>>> Hi all,
> >>>>>>>
> >>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get strange
> >>>> problems:
> >>>>>>> the remote PCs cannot get the local PCs' MACs and also, the
> local
> >> PCs
> >>>>>>> cannot get the remote PCs' MACs
> >>>>>>>
> >>>>>>> but when i run "brctl showmacs br0" it will list all the MACs
> and
> >>>> also "
> >>>>>>> brctl show" will show that all the correct adapters are in br0
> >>>>>>>
> >>>>>>> SELinux disabled
> >>>>>>>
> >>>>>>> any ideas?
> >>>>>> First of all you should check routing table of remote hosts. If
> >>>> everything
> >>>>>> is correct, try to monitor br0, and other devises(ethX) by
> "tcpdump
> >> -n
> >>>> -i
> >>>>>> [device name]".
> >>>>>> _______________________________________________
> >>>>>> CentOS mailing list
> >>>>>> CentOS@centos.org
> >>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>> --
> >>>>> Tang Jianwei
> >>>>> System Administrator
> >>>>> _______________________________________________
> >>>>> CentOS mailing list
> >>>>> CentOS@centos.org
> >>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS@centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Минтаиров Михаил 11-04-2011 03:26 PM

openvpn + bridge utils in CentOS 6
 
28.09.2011, 04:58, "唐建伟" <myhnet@gmail.com>:
Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions?

I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets.

tcpdump on all devices (tap0, eth1, br0) give me the same:

20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28
//192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts//

and no APR REPLY.

Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly.


> no, i removed the commands you mentioned, but it still doesn't work.
>
> Best Regards
> Tang Jianwei
>
> On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:
>
>> *I can't remember a reason, but at one moment I stop to use *"openvpn
>> *--mktun --dev [dev name]" command. May be it's becouse openvpn create tap0
>> *by it self. So try to comment this lines:
>>
>> **for t in $tap; do
>> *****openvpn --mktun --dev $t
>> **done
>>
>> *then restart a network, after then start openvpn and after it start bridge
>> *script
>>> *openvpn configure file
>>>
>>> **port 1194
>>> *proto udp
>>> *dev tap0
>>> *ca ca.crt
>>> *cert VPN_Server.crt
>>> *key VPN_Server.key *# This file should be kept secret
>>> *dh dh1024.pem
>>> *server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225
>>> *keepalive 10 120
>>> *comp-lzo
>>> *user nobody
>>> *group nobody
>>> *persist-key
>>> *persist-tun
>>> *status openvpn-status.log
>>> *log-append */var/log/openvpn.log
>>> *verb 3
>>> *mute 20
>>> **
>>>
>>> *the script for bring up the bridge
>>> **# Define Bridge Interface
>>> *br="br0"
>>>
>>> *# Define list of TAP interfaces to be bridged,
>>> *# for example tap="tap0 tap1 tap2".
>>> *tap="tap0"
>>>
>>> *# Define physical ethernet interface to be bridged
>>> *# with TAP interface(s) above.
>>> *eth="eth1"
>>> *eth_ip="192.168.119.1"
>>> *eth_netmask="255.255.255.0"
>>> *eth_broadcast="192.168.119.255"
>>>
>>> *for t in $tap; do
>>> *****openvpn --mktun --dev $t
>>> *done
>>>
>>> *brctl addbr $br
>>> *brctl addif $br $eth
>>>
>>> *for t in $tap; do
>>> *****brctl addif $br $t
>>> *done
>>>
>>> *for t in $tap; do
>>> *****ifconfig $t 0.0.0.0 promisc up
>>> *done
>>>
>>> *ifconfig $eth 0.0.0.0 promisc up
>>>
>>> *ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
>>>
>>> *On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <mikxalich@yandex.ru
>>> wrote:
>>>> **Hm... It's very hard to guess without config files. Can you post your
>>>> **server and client openvpn configs... and also can your show *a br0
>> *creation
>>>> **commands?
>>>>
>>>> **27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
>>>>> **Hi
>>>>>
>>>>> **no, i don't think so. anyway, i can and only can the vpn server from
>> *the
>>>>> **remote hosts.
>>>>>
>>>>> **Best Regards
>>>>> **Tang Jianwei
>>>>>
>>>>> **On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
>> *mikxalich@yandex.ru
>>>>> *wrote:
>>>>>> ***So, something stop packets from remote hosts. May be firewall on
>> *remote
>>>>>> ***PC...? and can you run tcpdump on same remote host, to check that
>> *it's
>>>> **tap0
>>>>>> ***device.
>>>>>>
>>>>>> ***27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
>>>>>>> ***Hi
>>>>>>>
>>>>>>> ***the routing table in the remote hosts are OK. "tcpdump -n -i
>> *[device
>>>>>> ***name]"
>>>>>>> ***cannot capture any packages from remote. no mater br0 nor tap0.
>>>>>>>
>>>>>>> ***Best Regards
>>>>>>> ***Tang Jianwei
>>>>>>>
>>>>>>> ***On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
>>>> **mikxalich@yandex.ru
>>>>>>> **wrote:
>>>>>>>> ****27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
>>>>>>>>> ****Hi all,
>>>>>>>>>
>>>>>>>>> ****I just intalled openvpn + bridge in CentOS 6, but i get strange
>>>>>> ***problems:
>>>>>>>>> ****the remote PCs cannot get the local PCs' *MACs and also, the
>> *local
>>>> **PCs
>>>>>>>>> ****cannot get the remote PCs' MACs
>>>>>>>>>
>>>>>>>>> ****but when i run "brctl showmacs br0" *it will list all the MACs
>> *and
>>>>>> ***also "
>>>>>>>>> ****brctl show" will show that all the correct adapters are in br0
>>>>>>>>>
>>>>>>>>> ****SELinux disabled
>>>>>>>>>
>>>>>>>>> ****any ideas?
>>>>>>>> ****First of all you should check routing table of remote hosts. If
>>>>>> ****everything
>>>>>>>> ****is correct, try to monitor br0, and other devises(ethX) by
>> *"tcpdump
>>>> **-n
>>>>>> ***-i
>>>>>>>> ****[device name]".
>>>>>>>> ****__________________________________________ _____
>>>>>>>> ****CentOS mailing list
>>>>>>>> ****CentOS@centos.org
>>>>>>>> ****http://lists.centos.org/mailman/listinfo/centos
>>>>>>> ***--
>>>>>>> ***Tang Jianwei
>>>>>>> ***System Administrator
>>>>>>> ***____________________________________________ ___
>>>>>>> ***CentOS mailing list
>>>>>>> ***CentOS@centos.org
>>>>>>> ***http://lists.centos.org/mailman/listinfo/centos
>>>>>> ***____________________________________________ ___
>>>>>> ***CentOS mailing list
>>>>>> ***CentOS@centos.org
>>>>>> ***http://lists.centos.org/mailman/listinfo/centos
>>>>> **--
>>>>> **Tang Jianwei
>>>>> **System Administrator
>>>>> **______________________________________________ _
>>>>> **CentOS mailing list
>>>>> **CentOS@centos.org
>>>>> **http://lists.centos.org/mailman/listinfo/centos
>>>> **______________________________________________ _
>>>> **CentOS mailing list
>>>> **CentOS@centos.org
>>>> **http://lists.centos.org/mailman/listinfo/centos
>>> *--
>>> *Tang Jianwei
>>> *System Administrator
>>> *_______________________________________________
>>> *CentOS mailing list
>>> *CentOS@centos.org
>>> *http://lists.centos.org/mailman/listinfo/centos
>> *_______________________________________________
>> *CentOS mailing list
>> *CentOS@centos.org
>> *http://lists.centos.org/mailman/listinfo/centos
> --
> Tang Jianwei
> System Administrator
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

唐建伟 11-07-2011 04:39 AM

openvpn + bridge utils in CentOS 6
 
thank you very much for your follow up. wish to get good news from you soon.

On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил <mikxalich@yandex.ru>wrote:

>
>
> 28.09.2011, 04:58, "唐建伟" <myhnet@gmail.com>:
> Hello, I didn't find what to answer to you mounth ago. But now I also have
> an installation of centos 6 (at past I used centos 5.7) , and I have the
> same problems as you. First of all, did you find any solutions?
>
> I only found that the problem is in br0 device. I can't guess why but it
> not recive ARP REPLY packets.
>
> tcpdump on all devices (tap0, eth1, br0) give me the same:
>
> 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> length 28
> //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my
> local hosts//
>
> and no APR REPLY.
>
> Intresting that on other hand I have the same configs files on Centos 5.7.
> and everything work perfectly.
>
>
> > no, i removed the commands you mentioned, but it still doesn't work.
> >
> > Best Regards
> > Tang Jianwei
> >
> > On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил <mikxalich@yandex.ru
> >wrote:
> >
> >> I can't remember a reason, but at one moment I stop to use "openvpn
> >> --mktun --dev [dev name]" command. May be it's becouse openvpn create
> tap0
> >> by it self. So try to comment this lines:
> >>
> >> for t in $tap; do
> >> openvpn --mktun --dev $t
> >> done
> >>
> >> then restart a network, after then start openvpn and after it start
> bridge
> >> script
> >>> openvpn configure file
> >>>
> >>> *port 1194
> >>> proto udp
> >>> dev tap0
> >>> ca ca.crt
> >>> cert VPN_Server.crt
> >>> key VPN_Server.key # This file should be kept secret
> >>> dh dh1024.pem
> >>> server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> 192.168.119.225
> >>> keepalive 10 120
> >>> comp-lzo
> >>> user nobody
> >>> group nobody
> >>> persist-key
> >>> persist-tun
> >>> status openvpn-status.log
> >>> log-append /var/log/openvpn.log
> >>> verb 3
> >>> mute 20
> >>> *
> >>>
> >>> the script for bring up the bridge
> >>> *# Define Bridge Interface
> >>> br="br0"
> >>>
> >>> # Define list of TAP interfaces to be bridged,
> >>> # for example tap="tap0 tap1 tap2".
> >>> tap="tap0"
> >>>
> >>> # Define physical ethernet interface to be bridged
> >>> # with TAP interface(s) above.
> >>> eth="eth1"
> >>> eth_ip="192.168.119.1"
> >>> eth_netmask="255.255.255.0"
> >>> eth_broadcast="192.168.119.255"
> >>>
> >>> for t in $tap; do
> >>> openvpn --mktun --dev $t
> >>> done
> >>>
> >>> brctl addbr $br
> >>> brctl addif $br $eth
> >>>
> >>> for t in $tap; do
> >>> brctl addif $br $t
> >>> done
> >>>
> >>> for t in $tap; do
> >>> ifconfig $t 0.0.0.0 promisc up
> >>> done
> >>>
> >>> ifconfig $eth 0.0.0.0 promisc up
> >>>
> >>> ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast*
> >>>
> >>> On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил <
> mikxalich@yandex.ru
> >>> wrote:
> >>>> Hm... It's very hard to guess without config files. Can you post
> your
> >>>> server and client openvpn configs... and also can your show a br0
> >> creation
> >>>> commands?
> >>>>
> >>>> 27.09.2011, 12:01, "唐建伟" <myhnet@gmail.com>:
> >>>>> Hi
> >>>>>
> >>>>> no, i don't think so. anyway, i can and only can the vpn server
> from
> >> the
> >>>>> remote hosts.
> >>>>>
> >>>>> Best Regards
> >>>>> Tang Jianwei
> >>>>>
> >>>>> On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил <
> >> mikxalich@yandex.ru
> >>>>> wrote:
> >>>>>> So, something stop packets from remote hosts. May be firewall on
> >> remote
> >>>>>> PC...? and can you run tcpdump on same remote host, to check that
> >> it's
> >>>> tap0
> >>>>>> device.
> >>>>>>
> >>>>>> 27.09.2011, 11:06, "唐建伟" <myhnet@gmail.com>:
> >>>>>>> Hi
> >>>>>>>
> >>>>>>> the routing table in the remote hosts are OK. "tcpdump -n -i
> >> [device
> >>>>>> name]"
> >>>>>>> cannot capture any packages from remote. no mater br0 nor tap0.
> >>>>>>>
> >>>>>>> Best Regards
> >>>>>>> Tang Jianwei
> >>>>>>>
> >>>>>>> On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил <
> >>>> mikxalich@yandex.ru
> >>>>>>> wrote:
> >>>>>>>> 27.09.2011, 09:52, "唐建伟" <myhnet@gmail.com>:
> >>>>>>>>> Hi all,
> >>>>>>>>>
> >>>>>>>>> I just intalled openvpn + bridge in CentOS 6, but i get
> strange
> >>>>>> problems:
> >>>>>>>>> the remote PCs cannot get the local PCs' MACs and also, the
> >> local
> >>>> PCs
> >>>>>>>>> cannot get the remote PCs' MACs
> >>>>>>>>>
> >>>>>>>>> but when i run "brctl showmacs br0" it will list all the
> MACs
> >> and
> >>>>>> also "
> >>>>>>>>> brctl show" will show that all the correct adapters are in
> br0
> >>>>>>>>>
> >>>>>>>>> SELinux disabled
> >>>>>>>>>
> >>>>>>>>> any ideas?
> >>>>>>>> First of all you should check routing table of remote hosts.
> If
> >>>>>> everything
> >>>>>>>> is correct, try to monitor br0, and other devises(ethX) by
> >> "tcpdump
> >>>> -n
> >>>>>> -i
> >>>>>>>> [device name]".
> >>>>>>>> _______________________________________________
> >>>>>>>> CentOS mailing list
> >>>>>>>> CentOS@centos.org
> >>>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>>> --
> >>>>>>> Tang Jianwei
> >>>>>>> System Administrator
> >>>>>>> _______________________________________________
> >>>>>>> CentOS mailing list
> >>>>>>> CentOS@centos.org
> >>>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>>> _______________________________________________
> >>>>>> CentOS mailing list
> >>>>>> CentOS@centos.org
> >>>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>>> --
> >>>>> Tang Jianwei
> >>>>> System Administrator
> >>>>> _______________________________________________
> >>>>> CentOS mailing list
> >>>>> CentOS@centos.org
> >>>>> http://lists.centos.org/mailman/listinfo/centos
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS@centos.org
> >>>> http://lists.centos.org/mailman/listinfo/centos
> >>> --
> >>> Tang Jianwei
> >>> System Administrator
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS@centos.org
> >>> http://lists.centos.org/mailman/listinfo/centos
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS@centos.org
> >> http://lists.centos.org/mailman/listinfo/centos
> > --
> > Tang Jianwei
> > System Administrator
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 12:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.