[Solved] Problem Connecting To Bridge Mode On OpenVPN

OpenVPN tutorials ranging from configuration to hacks to compilation will be posted here.
lindylex
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 22, 2015 5:23 am

[Solved] Problem Connecting To Bridge Mode On OpenVPN

Postby lindylex » Sun Oct 25, 2015 8:53 pm

Have routing problem on my server

O.S. Debian jessie

ON THE SERVER

cat /etc/openvpn/server.conf

Code: Select all


proto udp
#proto tcp
port 1194
dev tap0
#dev tun
server-bridge 192.168.1.120 255.255.255.0 192.168.1.50 192.168.1.60
push "route 192.168.1.0 255.255.255.0"
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
log-append /var/log/openvpn
comp-lzo
keepalive 10 60

#server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
#push route 192.168.1.0 255.255.255.0



ON THE SERVER

ifconfig -a

Code: Select all


br0       Link encap:Ethernet  HWaddr 00:1b:2f:31:99:46 
          inet addr:192.168.1.120  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21b:2fff:fe31:9946/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1702 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1025 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:116916 (114.1 KiB)  TX bytes:1090568 (1.0 MiB)

eth0      Link encap:Ethernet  HWaddr 00:0d:60:6c:39:3e 
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  HWaddr 00:1b:2f:31:99:46 
          inet6 addr: fe80::21b:2fff:fe31:9946/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:58410 errors:0 dropped:25 overruns:0 frame:0
          TX packets:16943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6543330 (6.2 MiB)  TX bytes:7445492 (7.1 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:60 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3600 (3.5 KiB)  TX bytes:3600 (3.5 KiB)

tap0      Link encap:Ethernet  HWaddr fa:41:03:cb:04:bb 
          inet6 addr: fe80::f841:3ff:fecb:4bb/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17699 errors:0 dropped:9 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:1587317 (1.5 MiB)





ON THE SERVER

cat /var/log/openvpn-status.log

Code: Select all



OpenVPN CLIENT LIST
Updated,Sun Oct 25 15:49:55 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,1
END




ON THE SERVER

cat /var/log/openvpn

Code: Select all


Sun Oct 25 15:44:05 2015 Closing TUN/TAP interface
Sun Oct 25 15:44:05 2015 SIGTERM[hard,] received, process exiting
Sun Oct 25 15:44:51 2015 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Sun Oct 25 15:44:51 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Sun Oct 25 15:44:51 2015 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Sun Oct 25 15:44:51 2015 Diffie-Hellman initialized with 2048 bit key
Sun Oct 25 15:44:51 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Oct 25 15:44:51 2015 TUN/TAP device tap0 opened
Sun Oct 25 15:44:51 2015 TUN/TAP TX queue length set to 100
Sun Oct 25 15:44:51 2015 GID set to nogroup
Sun Oct 25 15:44:51 2015 UID set to nobody
Sun Oct 25 15:44:51 2015 UDPv4 link local (bound): [undef]
Sun Oct 25 15:44:51 2015 UDPv4 link remote: [undef]
Sun Oct 25 15:44:51 2015 MULTI: multi_init called, r=256 v=256
Sun Oct 25 15:44:51 2015 IFCONFIG POOL: base=192.168.1.50 size=11, ipv6=0
Sun Oct 25 15:44:51 2015 Initialization Sequence Completed
Sun Oct 25 15:45:15 2015 68.82.29.112:40056 TLS: Initial packet from [AF_INET]68.82.29.112:40056, sid=7d4c781f b19fdaac
Sun Oct 25 15:45:15 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:17 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:18 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:21 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:22 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:29 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:30 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:45 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:45:46 2015 68.82.29.112:40056 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:15 2015 68.82.29.112:40056 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 25 15:46:15 2015 68.82.29.112:40056 TLS Error: TLS handshake failed
Sun Oct 25 15:46:15 2015 68.82.29.112:40056 SIGUSR1[soft,tls-error] received, client-instance restarting
Sun Oct 25 15:46:17 2015 68.82.29.112:58556 TLS: Initial packet from [AF_INET]68.82.29.112:58556, sid=fe14b507 c3e3ba70
Sun Oct 25 15:46:17 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:19 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:20 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:23 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:25 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:31 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:33 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:46:47 2015 68.82.29.112:58556 write UDPv4: Network is unreachable (code=101)
Sun Oct 25 15:47:17 2015 68.82.29.112:58556 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 25 15:47:17 2015 68.82.29.112:58556 TLS Error: TLS handshake failed
Sun Oct 25 15:47:17 2015 68.82.29.112:58556 SIGUSR1[soft,tls-error] received, client-instance restarting




traceroute whatismyip.com

Code: Select all

traceroute to whatismyip.com (198.41.202.157), 30 hops max, 60 byte packets
 1  Linksys23160 (192.168.1.1)  0.288 ms  0.484 ms  0.269 ms
 2  10.1.10.1 (10.1.10.1)  2.533 ms  3.712 ms  4.228 ms
......
....



ON SEVRER

cat /var/log/messages

Code: Select all

Oct 25 15:43:48 umdgcvpn kernel: [ 8459.688171] br0: port 2(tap0) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.688220] br0: port 1(eth1) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.697169] br0: port 2(tap0) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.697309] br0: port 1(eth1) entered disabled state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726523] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726546] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726554] br0: port 1(eth1) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726559] br0: port 1(eth1) entered forwarding state
Oct 25 15:44:38 umdgcvpn kernel: [ 8509.668092] br0: port 2(tap0) entered disabled state
Oct 25 15:44:51 umdgcvpn kernel: [ 8522.269311] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:51 umdgcvpn kernel: [ 8522.269340] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:52 umdgcvpn kernel: [ 8523.744034] br0: port 1(eth1) entered forwarding state
Oct 25 15:45:06 umdgcvpn kernel: [ 8537.312036] br0: port 2(tap0) entered forwarding state


ON SERVER

cat /var/log/syslog

Code: Select all


Oct 25 15:43:48 umdgcvpn kernel: [ 8459.688171] br0: port 2(tap0) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.688220] br0: port 1(eth1) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.697169] br0: port 2(tap0) entered disabled state
Oct 25 15:43:48 umdgcvpn kernel: [ 8459.697309] br0: port 1(eth1) entered disabled state
Oct 25 15:43:48 umdgcvpn dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Oct 25 15:43:48 umdgcvpn dhclient: DHCPACK from 192.168.1.1
Oct 25 15:43:49 umdgcvpn smbd[2692]: Reloading /etc/samba/smb.conf: smbd.
Oct 25 15:43:49 umdgcvpn dhclient: bound to 192.168.1.120 -- renewal in 36343 seconds.
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726523] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726546] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726554] br0: port 1(eth1) entered forwarding state
Oct 25 15:44:37 umdgcvpn kernel: [ 8508.726559] br0: port 1(eth1) entered forwarding state
Oct 25 15:44:38 umdgcvpn kernel: [ 8509.668092] br0: port 2(tap0) entered disabled state
Oct 25 15:44:51 umdgcvpn kernel: [ 8522.269311] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:51 umdgcvpn kernel: [ 8522.269340] br0: port 2(tap0) entered forwarding state
Oct 25 15:44:52 umdgcvpn kernel: [ 8523.744034] br0: port 1(eth1) entered forwarding state
Oct 25 15:45:06 umdgcvpn kernel: [ 8537.312036] br0: port 2(tap0) entered forwarding state



ON SERVER

cat /var/log/daemon.log

Code: Select all




Oct 25 14:04:06 myvpn dhclient: No broadcast interfaces found - exiting.
Oct 25 14:04:19 myvpn dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Oct 25 14:04:19 myvpn dhclient: DHCPACK from 192.168.1.1
Oct 25 14:04:19 myvpn smbd[1535]: Reloading /etc/samba/smb.conf: smbd.
Oct 25 14:04:19 myvpn dhclient: bound to 192.168.1.120 -- renewal in 34594 seconds.
Oct 25 14:34:20 myvpn dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Oct 25 14:34:20 myvpn dhclient: DHCPACK from 192.168.1.1
Oct 25 14:34:21 myvpn smbd[2109]: Reloading /etc/samba/smb.conf: smbd.
Oct 25 14:34:21 myvpn dhclient: bound to 192.168.1.120 -- renewal in 38613 seconds.
Oct 25 15:43:48 myvpn dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Oct 25 15:43:48 myvpn dhclient: DHCPACK from 192.168.1.1
Oct 25 15:43:49 myvpn smbd[2692]: Reloading /etc/samba/smb.conf: smbd.
Oct 25 15:43:49 myvpn dhclient: bound to 192.168.1.120 -- renewal in 36343 seconds.


User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: Problem Connecting To Bridge Mode On OpenVPN

Postby Traffic » Tue Oct 27, 2015 2:01 pm

How do you create your bridge ?

lindylex
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 22, 2015 5:23 am

Re: Problem Connecting To Bridge Mode On OpenVPN

Postby lindylex » Fri Oct 30, 2015 10:29 pm

I create the bridge with the following code.

I use code in this file "bridge-start". I can connect now.

Here is my situation. I need to get the hostname to display in the network neighborhood. I setup Samba as a WINS server. And modified my

Code: Select all


#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"
eth_ip="192.168.1.120"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"

for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast




# cat server.conf

Code: Select all


proto udp
#proto tcp
port 1194
dev tap0
#dev tun
server-bridge 192.168.1.120 255.255.255.0 192.168.1.50 192.168.1.60
push "route 192.168.1.0 255.255.255.0"
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
log-append /var/log/openvpn
comp-lzo
keepalive 10 60

#server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
#push route 192.168.1.0 255.255.255.0


User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: Problem Connecting To Bridge Mode On OpenVPN

Postby Traffic » Sat Oct 31, 2015 8:34 pm

Have you configured a gateway for your bridge .. ?


Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 2 guests