i set up my OPENVPN server (bridged mode) on my ESXI.
I can connect to my vpn and ping the openvpn server but i can't ping the gateway and other server :/
The openvpn server can ping all.
SERVER
# Config ecoute
port 443
proto tcp
dev tap0
mode server
tls-server
persist-key
persist-tun
# Certificats SSL/TLS
ca cert/cacert.pem
cert cert/Serveur-VPN11.crt
key cert/Serveur-VPN11.key
# Chiffrement statique
dh cert/dh2048.pem
tls-auth cert/ta.key 0
# Configuration fournie aux clients
server-bridge 192.168.1.70 255.255.255.0 192.168.1.211 192.168.1.230
# Gestion de la connexion avec le client
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.11"
keepalive 10 120
tun-mtu 1500
mssfix
cipher AES-256-CBC
max-clients 5
client-to-client
comp-lzo
# Debug ?
verb 4
status /var/log/openvpn-status-server.log
port 443
proto tcp
dev tap0
mode server
tls-server
persist-key
persist-tun
# Certificats SSL/TLS
ca cert/cacert.pem
cert cert/Serveur-VPN11.crt
key cert/Serveur-VPN11.key
# Chiffrement statique
dh cert/dh2048.pem
tls-auth cert/ta.key 0
# Configuration fournie aux clients
server-bridge 192.168.1.70 255.255.255.0 192.168.1.211 192.168.1.230
# Gestion de la connexion avec le client
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.11"
keepalive 10 120
tun-mtu 1500
mssfix
cipher AES-256-CBC
max-clients 5
client-to-client
comp-lzo
# Debug ?
verb 4
status /var/log/openvpn-status-server.log
start_bridge
#!/bin/bash
br="br0"
tap="tap0"
eth="eth0"
eth_ip="192.168.1.70"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
openvpn --mktun --dev $tap
brctl addbr $br
brctl addif $br $tap
brctl addif $br $eth
ifconfig $tap 0.0.0.0 promisc up
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw 192.168.1.1
#route add -net 192.168.1.0 netmask 255.255.255.0
br="br0"
tap="tap0"
eth="eth0"
eth_ip="192.168.1.70"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
openvpn --mktun --dev $tap
brctl addbr $br
brctl addif $br $tap
brctl addif $br $eth
ifconfig $tap 0.0.0.0 promisc up
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw 192.168.1.1
#route add -net 192.168.1.0 netmask 255.255.255.0
stop_bridge
#!/bin/bash
br="br0"
tap="tap0"
eth="eth0"
ifconfig $br down
brctl delbr $br
ifconfig $tap 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up
ifconfig $eth 192.168.1.70 netmask 255.255.255.0 broadcast 192.168.1.255 up
br="br0"
tap="tap0"
eth="eth0"
ifconfig $br down
brctl delbr $br
ifconfig $tap 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up
ifconfig $eth 192.168.1.70 netmask 255.255.255.0 broadcast 192.168.1.255 up
IPTABLES
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A FORWARD -i tap0 -j ACCEPT
iptables -A FORWARD -o tap0 -j ACCEPT
iptables -A OUTPUT -o tap0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A INPUT -i tap+ -p icmp -m limit --limit 10/sec -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -A OUTPUT -o br0 -j ACCEPT
iptables -A FORWARD -i tap0 -j ACCEPT
iptables -A FORWARD -o tap0 -j ACCEPT
iptables -A OUTPUT -o tap0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A INPUT -i tap+ -p icmp -m limit --limit 10/sec -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -A OUTPUT -o br0 -j ACCEPT
client
dev tap
persist-key
persist-tun
cipher AES-256-CBC
client
resolv-retry infinite
remote ##### ### tcp-client
redirect-gateway def1
route-delay
tun-mtu 1500
ca cacert.pem
cert Mathieu.crt
key Mathieu.key
tls-auth ta.key 1
tls-client
comp-lzo
verb 5
proto tcp
persist-key
persist-tun
cipher AES-256-CBC
client
resolv-retry infinite
remote ##### ### tcp-client
redirect-gateway def1
route-delay
tun-mtu 1500
ca cacert.pem
cert Mathieu.crt
key Mathieu.key
tls-auth ta.key 1
tls-client
comp-lzo
verb 5
proto tcp
Thanks!