My OpenVPN (installed via PiVPN) on a Raspbian (2016-09-23-raspbian-jessie kernel 4.4) works perfect. Now, I tried to use the bridging mode as I need to access files in my home network (the OpenVPN FAQ is clear that my need requires bridging. Plus, I have extensively read threads and websites regarding this issue before posting this message. So I followed the steps in:
https://openvpn.net/index.php/open-sour ... dging.html
Firstly, as I mentioned, I used PiVPN to create my OpenVPN. So I did not have to follow the HOWTO from the link but actually began in the "Bridge Server on Linux" section:
local gateway 192.168.100.1
local server 192.168.100.100
pool from 192.168.100.110 to 192.168.100.120
So I created bridge-start.sh
cat bridge-start.sh
Code: Select all
#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.100.100"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.100.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
Code: Select all
# dev tun
dev tap0
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/pivpnserver.crt
key /etc/openvpn/easy-rsa/keys/pivpnserver.key
dh /etc/openvpn/easy-rsa/keys/dh4096.pem
# server 10.8.0.0 255.255.255.0
server-bridge 192.168.100.100 255.255.255.0 192.168.100.110 192.168.100.120
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.100.100 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
Code: Select all
sudo iptables -A INPUT -i tap0 -j ACCEPT
sudo iptables -A INPUT -i br0 -j ACCEPT
sudo iptables -A FORWARD -i br0 -j ACCEPT
run bridge-start, which I did with sudo bash bridge-start.sh
run openvpn, but why? openvpn is running from boot time... so I did nothing here
So after running the script, it created the br0 interface. From my android mobile (already properly set up to access my home OpenVPN network to which I would connect regularly with no problem, success 100%) this time I followed the stame process by opening the official OpenVPN app, tap on Connect and done, the connection is established (green icon). However, a few seconds later an error message is displayed in my mobile reporting that the current WiFi connection (from a different WiFi network, obviously, say Cafe internet) is established but leads to to internet traffic, so there is a connection with my OpenVPN but no traffic flows.
I run the following commands:
ip addr
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:86:81:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::723e:2840:ab2f:22da/64 scope link
valid_lft forever preferred_lft forever
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/ether 92:97:54:61:b5:52 brd ff:ff:ff:ff:ff:ff
inet 10.8.0.1/4 brd 255.255.255.253 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::9097:54ff:fe61:b552/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
default via 192.168.100.1 dev eth0 metric 202
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.100 metric 202
Code: Select all
Wed Oct 19 12:04:32 2016 ERROR: Cannot ioctl TUNSETIFF tap0: Device or resource busy (errno=16)
Wed Oct 19 12:04:32 2016 Exiting due to fatal error
ip addr - eth0 and tap0 show less output, and br0 shows a duplicate line
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:86:81:21 brd ff:ff:ff:ff:ff:ff
inet6 fe80::723e:2840:ab2f:22da/64 scope link
valid_lft forever preferred_lft forever
3: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 92:97:54:61:b5:52 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9097:54ff:fe61:b552/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 92:97:54:61:b5:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global br0
inet 192.168.100.100/24 brd 192.168.100.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::9097:54ff:fe61:b552/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
192.168.100.0/24 dev br0 proto kernel scope link src 192.168.100.100
https://ubuntuforums.org/showthread.php?t=1331580
which seem to have been successful to fix the issue and run:
Code: Select all
sudo ifconfig br0 up
sudo ifconfig tap0 up
sudo route add default gw 192.168.100.1
Now, in order to compare I run again ip addr - the only difference seems the duplicate line in br0 is gone
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:86:81:21 brd ff:ff:ff:ff:ff:ff
inet6 fe80::723e:2840:ab2f:22da/64 scope link
valid_lft forever preferred_lft forever
3: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 92:97:54:61:b5:52 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9097:54ff:fe61:b552/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 92:97:54:61:b5:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::9097:54ff:fe61:b552/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
default via 192.168.100.1 dev br0
192.168.100.0/24 dev br0 proto kernel scope link src 192.168.100.100
Code: Select all
Tun interface setup failed: tun_prop_error: ifconfig addresses are not in the same /30 subnet (topology net30)
Code: Select all
client
dev tun
proto udp
Code: Select all
client
dev tap0
proto udp
Code: Select all
TAP-based tunnels are not supported: OSI layer 2 tunnels are not currently supported
Problem creating TAP tunnel
Sorry, but the Android VPN API doesn't currently support TAP-based tunnels
I appreciate your reading time. Any tip of advice will be welcome!