|
|
Well I've made some progress, but it still isn't what it should be.
1. The networkbridge seems to work(at the end of this mail I've
included the script which was able to build the bridge on my server
without getting that weird error): ifconfig:
br0 Link encap:Ethernet HWaddr 00:04:76:0C:4F:75
inet addr:130.90.164.244 Bcast:130.90.191.255 Mask:255.255.224.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2483130 errors:0 dropped:0 overruns:0 frame:0
TX packets:7037 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:166617906 (158.8 MiB) TX bytes:1181139 (1.1 MiB)
eth0 Link encap:Ethernet HWaddr 00:04:76:0C:4F:75
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:8331150 errors:0 dropped:0 overruns:405 frame:0
TX packets:27984 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:747461851 (712.8 MiB) TX bytes:4354629 (4.1 MiB)
Interrupt:11 Base address:0xc000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1928 (1.8 KiB) TX bytes:1928 (1.8 KiB)
tap0 Link encap:Ethernet HWaddr 00:FF:35:3C:BC:7E
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:3256990 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
2. openvpn server.conf script:
port 1194
proto udp
dev tap
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
push "dhcp-option DNS 130.90.2.2"
push "dhcp-option DNS 130.90.2.3"
push "dhcp-option WINS 130.90.4.21"
push "dhcp-option WINS 130.90.4.22"
client-to-client
3. Clients can connect and ping each other. But still I've got some problems:
-UDP broadcasts from a client aren't forwarded to the other clients.
This is for example needed by most network games. Any idea how I can
make this happen?
-Clients are unable to reach systems on the server network. Remember
that I'm NOT allowed to assign the clients an ip in the same range the
server is in (130.90.0.0/16)(that's why I assigned the clients an ip
on the private range 10.8.0.50-10.8.0.100)! So in some sort of way if
a client wants to connect to a system on the servers' network, the
server needs to send the request and when he receives the reply, he'll
need to figure out to which client he needs to forward it. So what I'm
trying to explain is that the server is the only entrance into the
network he's on. I think you can compare it with a NAT router with 1
WAN ip and loads of clients on the LAN side. Can someone tell me how I
can achieve this or give me a direction to search?
Thnx,
Joris
#Bridge script:
#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
#get this info with: ifconfig
eth_ip="130.90.164.244"
eth_netmask="255.255.224.0"
eth_broadcast="130.90.191.255"
#gateway, get it with: netstat -rN
gw="130.90.160.1"
case "$1" in
start)
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw $gw
;;
stop)
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw $gw
;;
*)
echo "usage openvpn-bridge {start|stop}"
exit 1
;;
esac
exit 0
On 12/30/06, Dave <dev@xxxxxxxxxxxxxx> wrote:
> Oh yeah, one last thing, if perchance your tap device really is a problem,
> you might try configging up a routed VPN just to make sure all your settings
> are right, then attack the tap driver problem and switch back to bridging at
> the last moment. Just trying to divide-and-conquer the problem into smaller
> pieces....
>
> > -----Original Message-----
> > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> > [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On
> > Behalf Of Joris Kinable
> > Sent: Saturday, December 30, 2006 3:45 PM
> > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Openvpn-users] problem setting up vpn
> > bridge:internetconnectionis lost
> >
> >
> > My mistake, but even with that change, I'm still having a
> > problem. When I run the script I get this output: Sat Dec 30
> > 21:49:19 2006 Note: Cannot ioctl TUNSETIFF tap0: Device or
> > resource busy (errno=16) Sat Dec 30 21:49:19 2006 Note:
> > Attempting fallback to kernel 2.2 TUN/TAP interface Sat Dec
> > 30 21:49:19 2006 Cannot open TUN/TAP dev /dev/tap0: No such
> > file or directory (errno=2) Sat Dec 30 21:49:19 2006 Exiting
> >
> > This happens right after a reboot. No other programs are
> > started/loaded. I found in a similar thread the suggestion to run this
> > command: modprobe -v tun
> > When I run this, nothing happens nor does the script work.
> > How can I determine what goes wrong here?
> >
> > Joris
> >
> > On 12/30/06, Dave <dev@xxxxxxxxxxxxxx> wrote:
> > > Is your netmask in your bridge script correct? It is /24, but your
> > > ifconfig you listed prior to the bridge script is /19
> > >
> > > > -----Original Message-----
> > > > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> > > > [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
> > > > Joris Kinable
> > > > Sent: Saturday, December 30, 2006 2:19 PM
> > > > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > > > Subject: [Openvpn-users] problem setting up vpn bridge:
> > > > internetconnectionis lost
> > > >
> > > >
> > > > Hey,
> > > > I've got some problems setting up a bridged vpn server.
> > > >
> > > > Some info about my server and the system I would like to set
> > > > up: -debian 2.4.27-3-686 -openvpn v2
> > > >
> > > > Server ip:
> > > >
> > > > eth0 Link encap:Ethernet HWaddr 00:04:76:0C:4F:75
> > > > inet addr:130.90.164.244 Bcast:130.90.191.255
> > > > Mask:255.255.224.0
> > > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> > > > RX packets:872989 errors:0 dropped:0
> > overruns:185 frame:0
> > > > TX packets:1905 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:1000
> > > > RX bytes:79085802 (75.4 MiB) TX bytes:509318
> > (497.3 KiB)
> > > > Interrupt:11 Base address:0xc000
> > > >
> > > > lo Link encap:Local Loopback
> > > > inet addr:127.0.0.1 Mask:255.0.0.0
> > > > UP LOOPBACK RUNNING MTU:16436 Metric:1
> > > > RX packets:12 errors:0 dropped:0 overruns:0 frame:0
> > > > TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
> > > > collisions:0 txqueuelen:0
> > > > RX bytes:840 (840.0 b) TX bytes:840 (840.0 b)
> > > >
> > > > The ip 130.90.164.244 is both used to identify the server on the
> > > > internet and on the LAN.
> > > >
> > > > Target: Allow connecting clients to connect to all
> > computers on the
> > > > server network (130.90.0.0/16) as if they were on the
> > same network.
> > > > Therefore a bridged vpn seems the best option.
> > > >
> > > > Problem 1:
> > > > 1. I have difficulties setting up a network bridge using
> > the sample
> > > > bridge script when I enter this: # Define Bridge
> > Interface br="br0"
> > > >
> > > > # Define list of TAP interfaces to be bridged,
> > > > # for example tap="tap0 tap1 tap2".
> > > > tap="tap0"
> > > >
> > > > # Define physical ethernet interface to be bridged
> > > > # with TAP interface(s) above.
> > > > eth="eth0"
> > > > eth_ip="130.90.164.244"
> > > > eth_netmask="255.255.255.0"
> > > > eth_broadcast="130.90.191.255"
> > > >
> > > > As soon as I start the bridge-start script with the above
> > > > information, the server becomes unreachable. The server
> > looses all
> > > > network connections. What am I doing wrong?
> > > >
> > > > Problem 2:
> > > > In the server.conf I've got to set a parameter
> > "server-bridge [ip]
> > > > [subnet] [ip range start] [ip range stop] The ip's the clients
> > > > receive, aren't allowed to be anywhere in the
> > 130.90.0.0/16 range,
> > > > so I chose the default: server-bridge 10.8.0.4 255.255.255.0
> > > > 10.8.0.50 10.8.0.100 is this ok, or is it mandatory to have the
> > > > clients get an ip in the range where the server is in?
> > > >
> > > > Thnx in advance,
> > > >
> > > > Joris
> > > >
> > > > --------------------------------------------------------------
> > > > -----------
> > > > Take Surveys. Earn Cash. Influence the Future of IT
> > > > Join SourceForge.net's Techsay panel and you'll get the chance to
> > > > share your opinions on IT & business topics through brief
> > surveys -
> > > > and earn cash
> > > > http://www.techsay.com/default.php?page=join.php&p=sourceforge
> > > &CID=DEVDEV
> > > _______________________________________________
> > > Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > >
> > >
> >
> > --------------------------------------------------------------
> > -----------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the
> > chance to share your
> > opinions on IT & business topics through brief surveys - and earn cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge
> &CID=DEVDEV
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|