setup issue in TAP bridge interface

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
hiten_pr
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 16, 2020 1:30 pm

setup issue in TAP bridge interface

Post by hiten_pr » Thu Jul 16, 2020 1:46 pm

Hi team,

I'm new to the openvpn configuration. I want to setup the openvpn with bridge (TAP) interface.

I follow the step from the link : https://community.openvpn.net/openvpn/w ... nd-routing

I created the bridge (TAP) interface on gateway, openvpn server is running and the client is connected from PC. Client is able to connect the server as but not able to access or ping the server , saying that unable to reach the destination.

I enable the option net.ipv4.ip_forward=1.

My server.conf file :

Server config

port 1194
proto udp
dev tap0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem

server-bridge 192.168.1.10 255.255.255.0 192.168.1.50 192.168.1.70
tls-server
client-to-client
keepalive 60 120

cipher AES-256-CBC # AES
auth SHA256

script-security 2
down-pre
up "/etc/openvpn_old/openvpn-bridge start br0 eth0"
down "/etc/openvpn_old/openvpn-bridge stop br0 eth0"
persist-key
persist-tun
verb 3


my client conf :
Client config


client
dev tap
proto udp
float
remote 192.168.1.10 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/alpha.crt
key /etc/openvpn/keys/alpha.key

tls-client
cipher AES-256-CBC
auth SHA256
remote-cert-tls server
comp-lzo no
route-delay 4
verb 3


my bridge script is :

Code: Select all

#!/bin/bash
br="$2"
tap="$4"
eth="$3"
eth_ip="192.168.1.10"
eth_netmask="255.255.255.0"
eth_broadcast="0.0.0.0"

case "$1" in
start)
        brctl addbr $br
        brctl addif $br $eth

        for t in $tap; do
                brctl addif $br $t
        done

        for t in $tap; do
                ifconfig $t 0.0.0.0 promisc up
        done

        ifconfig $eth 0.0.0.0 promisc up
        ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
    ;;
stop)  
ifconfig $br down                     
        brctl delbr $br                       
    ;;                                            
*)                                            
    echo "Usage:  openvpn-bridge {start|stop}"
    exit 1            
    ;;                     
esac                   
exit 0
I got the below error at client side.

Code: Select all

hu Jul 16 16:29:37 2020 OPTIONS IMPORT: peer-id set
Thu Jul 16 16:29:37 2020 OPTIONS IMPORT: adjusting link_mtu to 1605
Thu Jul 16 16:29:37 2020 WARNING: --remote address [192.168.1.10] conflicts with --ifconfig subnet [192.168.1.50, 255.255.255.0] -- local and remote addresses cannot be inside of the --ifconfig subnet. (silence this warning with --ifconfig-nowarn)
Thu Jul 16 16:29:37 2020 TUN/TAP device tap0 opened
Thu Jul 16 16:29:37 2020 TUN/TAP TX queue length set to 100
Thu Jul 16 16:29:37 2020 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jul 16 16:29:37 2020 /sbin/ip link set dev tap0 up mtu 1500
Thu Jul 16 16:29:37 2020 /sbin/ip addr add dev tap0 192.168.1.50/24 broadcast 192.168.1.255
Thu Jul 16 16:29:41 2020 Initialization Sequence Completed
Thu Jul 16 16:31:37 2020 [HP-server] Inactivity timeout (--ping-restart), restarting
Thu Jul 16 16:31:37 2020 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 16 16:31:37 2020 Restart pause, 2 second(s)
Thu Jul 16 16:31:39 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jul 16 16:31:39 2020 UDPv4 link local: [undef]
Thu Jul 16 16:31:39 2020 UDPv4 link remote: [AF_INET]192.168.1.10:1194
Thu Jul 16 16:32:39 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul 16 16:32:39 2020 TLS Error: TLS handshake failed
Thu Jul 16 16:32:39 2020 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 16 16:32:39 2020 Restart pause, 2 second(s)
Thu Jul 16 16:32:41 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jul 16 16:32:41 2020 UDPv4 link local: [undef]
Thu Jul 16 16:32:41 2020 UDPv4 link remote: [AF_INET]192.168.1.10:1194

Code: Select all

hitendra.prajapati.483@CI5LUB051720:~/vpn_may$ ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
From 192.168.1.50 icmp_seq=1 Destination Host Unreachable
can you help me what is the issue here.
Last edited by Pippin on Thu Jul 16, 2020 2:56 pm, edited 1 time in total.
Reason: Formatting

hiten_pr
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 16, 2020 1:30 pm

Re: setup issue in TAP bridge interface

Post by hiten_pr » Fri Jul 17, 2020 3:37 am

Hi,
I have router which is run on 192.168.1.1 , and WAN IP is 192.168.0.110.\
The gateway on which i run openvpn server have 2 Ethernet interface . Eth0 have 192.168.1.10 and eth1 192.168.1.118 -for internet .

I want to configure TAP bridge bro with the eth0 interface.

As above mention i tried butnot able to access the server .

can you help in that ? can send any working example / tutorial
for the TAP interface connection ?

Regards,
Hiten

hiten_pr
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 16, 2020 1:30 pm

Re: setup issue in TAP bridge interface

Post by hiten_pr » Fri Jul 17, 2020 1:16 pm

HI team,
any help on this ?

hiten_pr
OpenVpn Newbie
Posts: 4
Joined: Thu Jul 16, 2020 1:30 pm

Re: setup issue in TAP bridge interface

Post by hiten_pr » Tue Jul 21, 2020 4:40 am

Hi team,
can anyone help me on this ?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7584
Joined: Fri Jun 03, 2016 1:17 pm

Re: setup issue in TAP bridge interface

Post by TinCanTech » Tue Jul 21, 2020 10:53 am

The problems you are having are due to not understanding networking ..

Openvpn is working normally.

For your network support you can contact me privately: tincanteksup <at> gmail dot com

Post Reply