|
|
Hi Paul,
You know, I never actually tested a bridge with the Windows side acting as the
bridge server -- all my previous testing was with a Linux box playing this role.
So I just set up a quick test to try to replicate your setup and possibly
reproduce your problem -- I'm actually rather interested to see if this XP
bridging thing really works. I did most of what you did, though the remote
machine was a linux box... still, the side of the connection actually doing
the briding was XP, and to add to that, it is running on a private subnet
behind a linux server doing NAT. So it's a rather interesting configuration,
considering the fact that the bridge server only has a single NIC, is on a
private subnet behind a firewall, is not authoritative in any sense for the
subnet (it is not a gateway, and does not have any routes pointing to it from
other machines on the subnet), and is communicating with the remote host
through a NAT server, on the same subnet that is actually being bridged.
Okay, here is what I did:
* Made a TAP-Win32 adapter ("tap-bridge") without setting any TCP/IP properties.
* Selected tap-bridge and my ethernet adapter (DHCP client, gets address out
of 10.0.0.0/24 pool) in Network Connections, then right clicked and selected
Bridge Connections.
* Was temporarily thrown off balance because this caused my ethernet adapter
to get a new IP address from my local DHCP server, closing all my X windows.
Perhaps the new bridge adapter is using a different MAC address than the
slaved ethernet adapter, causing the DHCP server to treat it as a new client?
* Used this config on the XP side (the side doing the bridging):
dev tap
dev-node tap-bridge
# the up script contains one line: arp -d *
up up.bat
remote [single-machine]
ping 5
secret key
* Used this config on the remote linux box:
dev tap
# up script has one line: ifconfig $1 10.0.0.7 netmask 255.255.255.0 mtu $2
up ./bridge.up
ping 5
secret key
Once the tunnel came up, I tried pinging each OpenVPN machine from the other.
It worked. Then I tried big pings (ping -s 2000) to make sure fragmenting
was working. It also worked.
Then I tried the same between the remote linux box and another linux box on my
LAN, through the XP bridge. That worked, including the big pings. Then I
tried a big FTP between the same machines. Also worked. All this meant that
the XP machine was properly answering ARP who-has messages on behalf of the
remote machine (BTW, this ARP magic is really what makes the routing work,
without needing to explictly set up routes on either side of the connection).
Conclusion: Everything worked, so I'm not sure exactly what your problem is.
I would try running tcpdump if possible on the bridged LAN (a windows port
also exists called WinDump). Linux tcpdump works on tap devices, though I
think that WinDump may only work on physical ethernet devices (at least that's
what the docs say, if I recall correctly). Also, if you install WinDump, you
also need the winpcap library/kernel-driver.
Once you get tcpdump/windump working, make sure that broadcasts are flowing in
both directions and that ARP who-has queries for the remote machine are being
properly answered by the XP bridge server.
James
Paul Sykes <ms004839@xxxxxxxxxxx> said:
> Hi,
>
> I have successfully set up a VPN between two WinXP computers across the
> internet using standard key encryption. However, the remote computer
> establishes the VPN connection fine and can ping/view shared folders of
> all the PCs in the LAN behind the VPN server. However, the computers on
> the LAN are not able to ping/access the remote computer.
>
> My network set up is as follows:
> LAN PCs are on 192.168.1.x
> Router is 192.168.1.1
> VPN server is 192.168.1.100
> Remote node is 192.168.1.150
>
> The router forwards all information on my specified port to the VNP
> server and as I say the VPN seems to be working fine.
>
> I have then set up a bridge between the LAN nic and the TAP device on
> windows, very easy to do in WinXP, you just select both adapters and
> tell it to bridge them. I don't understand why this only appears to be
> working in one direction, but I suspect it has something to do with
> routing but I don't know enough about it to fix it.
>
> If any one can help me I would be most grateful, plus if there is any
> further information you need, ie route tables I will provide them.
>
> Thanks
>
> Paul
>
--
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|