|
|
Thanks a lot, James, for your quick reply. I've spent all morning on this, and am making some progress. James Yonan wrote: > Robert, > It sounds like you're close... don't give up yet. > A few more ideas: > > * Try 'tcpdump -i tap0' on the linux side to show packets going through tap0. > > * Make sure you don't have a firewall rule on the linux side that is > preventing the packets from coming in on tap0. Success! The issue turned out to be that, in my openvpn .conf file on the server, I had the line: dev tap which, even though I only made one tunnel: openvpn --mktun --dev tap0 was still trying to load tap1 for some reason. By changing the line in my .conf, to: dev tap0 it now works just fine. Lucky for me I was watching the startup dump on one of my many reboots. Now, when I said it works "just fine" above, I lied a little bit. I can ping across the VPN/bridge, and point-to-point comms like SSH work great. I can even lease an IP from my DHCP server. But broadcast (specifically, netbios) isn't going so well. I can see the initial, directed packets hitting, for example, my DDNS server; I can even get a browse list of Windows machines across the bridge. But I can't get a list of shares on a given Windows machine. The other desired traffic is Outlook/Exchange, now that Blaster forced us to close port 135 through the firewall. Internal network is Win2k server (i.e. Active Directory) with mostly Win2k Pro desktops. PDC is running DHCP+DDNS, and another machine is the Global Catalog server + Exchange Server 2k. Any ideas on *this* issue? Robert Brewer MIS Amor Ministries fumanchu@xxxxxxxx -----Original Message----- From: Robert Brewer Sent: Wednesday, October 01, 2003 3:22 PM To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx Subject: [Openvpn-users] One of THOSE people -- Win/Lin bridge problems I'm not having complete success creating a bridged VPN. I'm not a networking guru. I am good at reading docs (hey, I got this far), so if someone here can just point me in the right direction, I'd appreciate it. Here's the basic setup: client: Win2k laptop, running a TAP with IP 192.168.0.244 server: Debian Woody server with 2.4.18 kernel, with iptables, tunneling and bridging support built in (not as modules), running a bridge br0 with IP 192.168.0.251. I installed OpenVPN (1.4.1.4-1), bridge-utils, etc. via apt-get, if that makes any difference. The script I use to create the bridge will probably explain the setup on the server side best: channel:/etc/openvpn# cat opentuns.sh #!/bin/bash openvpn --mktun --dev tap0 brctl addbr br0 brctl addif br0 eth1 brctl addif br0 tap0 ifconfig tap0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up ifconfig br0 192.168.0.251 netmask 255.255.255.0 broadcast 192.168.0.255 # end of script AFAICT, the bridge works (I just connected from my LAN via SSH on 192.168.0.251 when I grabbed this script to paste). I don't receive any error messages at any time. When I run OpenVPN on both sides, they both appear to be working fine (they don't exit unexpectedly at least). AND, if I ping the server from the client (over the VPN), I can run "tcpdump -i eth0 udp port 5000" on the server and see the activity. If I ping some other address across the VPN from the client, same thing. But the pings time out every time; similar conversations over TCP (e.g. port 80) have the same issues. There's no firewall or anything between the two machines at this point: they're on the same subnet physically. [snip] Looks like tap0 dropped every packet. Any ideas? This is about my last chance to get an open-source VPN solution in place, before we just bite the bullet and buy something off the shelf. *gulp* I'd be happy to answer any questions or include more data if anyone would like. Robert Brewer MIS Amor Ministries fumanchu@xxxxxxxx ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |