[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] RH9 - RH9 Config.

  • Subject: [Openvpn-users] RH9 - RH9 Config.
  • From: "Mike Hendrickson" <mike@xxxxxxxxxx>
  • Date: Tue, 13 Jan 2004 16:30:53 -0700

By following the instructions on the openvpn website, I was able to get two

redhat9 boxes to initiate peer connections to eachother.  Both boxes have 2 ethernet cards, eth0 and eth1, as well as one tap0 device for the VPN connection.  We're using an rc.openvpn script very similar to the one that is posted in the howto to start the bridge after the machine boots, but the internal network interface, eth1, shows up as disabled once the script is run.  Because it's disabled, all traffic from the linux box out through the router and to the internet flows normally, from both boxes in both directions but no traffic from the local network can get out at all.  Setting the eth1 to "up" causes the VPN connection to halt, and the lights on the "LAN side" network card stay off.  We would like to use each box as a simple iptables firewall and a VPN Bridge between sites, if possible.  For now, however, IPtables and IPforwarding are disabled for troubleshooting purposes.  The rc.openvpn files is as

follows:

 

_______rc.openvpn______

#!/bin/sh

 

# OpenVPN startup script: rc.openvpn

 

/sbin/modprobe tun

/sbin/modprobe bridge

 

/etc/openvpn/openvpn --mktun --dev tap0

 

/usr/sbin/brctl addbr br0

/usr/sbin/brctl addif br0 tap0

/usr/sbin/brctl addif br0 eth1

 

/sbin/ifconfig tap0 0.0.0.0 promisc up

/sbin/ifconfig eth1 0.0.0.0 promisc up

 

# local

/sbin/ifconfig br0 10.10.10.9 netmask 255.255.255.0 broadcast 10.10.10.255 up

 

/etc/openvpn/openvpn --tun-mtu 1500 --tun-mtu-extra 64 --dev tap0 --secret /etc/openvpn/key --ping 40 --float --comp-lzo --daemon ______rc.openvpn______

 

The rc.openvpn on the opposing redhat machine differs in that the local ifconfig br0 sets the address to

10.10.10.6 and the switch "--remote xxx.xxx.xxx.xxx"

is added to the last openvpn command between the --comp-lzo and --daemon switches.

 

Am I supposed to leave eth1 alone so it can connect to the local network and bridge tap0 with a dummy interface, or with the WAN interface, eth0, instead?

I'm confused as to how eth1 can be part of the bridge and connected to a switch to the rest of the lan at the same time.

 

Any help or direction would be greatly appreciated.

 

Thankyou in advance