No DCHP passing through tap bridge
Posted: Fri Jul 12, 2019 6:18 pm
Hello,
I want to achieve a topology like this:
The remote client is a raspberry 3b with a LTE dongle, which should create a wifi network that is the same as my home network.
It's working (local network and internet access from the remote network) when I assign a static IP to the clients on the remote network.
Why is the DHCP on the local network not serving the clients on the remote network?
Should this even work?
How I want it to work is that the DHCP on the local network, also serves clients on the remote network. I don't want to use a second DCHP server.
The server is a Exsi VM running debian 10, and the client a raspberry 3b running raspbian.
Thanks in advance,
Martin
Here are my configs and bridge scripts
Server config:
port 1195
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
auth SHA512
mode server
tls-server
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Server bridge script:
Client config:
client
dev tap0
proto udp
remote ramaschaf.de
port 1195
resolv-retry infinite
nobind
persist-tun
persist-key
auth SHA512
tls-client
ca ca.crt
cert wlan_pi.crt
key wlan_pi.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
redirect-gateway autolocal
script-security 2
client bridge (in /etc/network/interfaces):
I want to achieve a topology like this:
Code: Select all
+-----------+ +-------------------------+ +--------------------+ remote network
|dhcp-server+---+ +vpn-server | |client(rpi 3b) | (hostapd)
|192.168.1.1| | | | | | \ | /
internet +-----------+ | | br0 | | br0 | \|/
+ | | 192.168.1.10 | | (ip from dhcp) | |
| +-------------+ | | + + | | + + | |
+----+gateway +-------+ens192+---+ +---+tap0|........|tap0+-+ +-+wlan0+----+
|192.168.1.254| | | | | | internet(lte)
+-------------+ | +-------------------------+ | | +
| | eth1+---------+
| | |
local network+---+ +--------------------+
It's working (local network and internet access from the remote network) when I assign a static IP to the clients on the remote network.
Why is the DHCP on the local network not serving the clients on the remote network?
Should this even work?
How I want it to work is that the DHCP on the local network, also serves clients on the remote network. I don't want to use a second DCHP server.
The server is a Exsi VM running debian 10, and the client a raspberry 3b running raspbian.
Thanks in advance,
Martin
Here are my configs and bridge scripts
Server config:
server
port 1195
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
auth SHA512
mode server
tls-server
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Server bridge script:
Code: Select all
#!/bin/bash
eth="ens192"
eth_ip="192.168.1.10"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
eth_gateway="192.168.1.254"
eth_mac="00:0c:29:76:1b:6e"
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged together
tap="tap0"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl setageing $br 0
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
iptables -A INPUT -i $t -j ACCEPT
done
iptables -A INPUT -i $br -j ACCEPT
iptables -A FORWARD -i $br -j ACCEPT
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ip link set $br address $eth_mac
route add default gw $eth_gateway $br
client
client
dev tap0
proto udp
remote ramaschaf.de
port 1195
resolv-retry infinite
nobind
persist-tun
persist-key
auth SHA512
tls-client
ca ca.crt
cert wlan_pi.crt
key wlan_pi.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
redirect-gateway autolocal
script-security 2
client bridge (in /etc/network/interfaces):
Code: Select all
iface br0 inet dhcp
bridge_ports tap0 wlan0 # build bridge
bridge_fd 0 # no forwarding delay
bridge_stp off # disable Spanning Tree Protocol