OPENVPN ethernet bridge on virtual debian HELP

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Fri May 28, 2021 8:06 pm

Hello , i tried for a number of days various tutorials how to set this up but without succes i always get to the point where no connection is made and a timeout TLS negotiation error occurs .

My Setup is as follows:
Hardware: Lenovo TS140
Software:Xenserver 7.5 64bit with one physical network interface connected on this run various Virtual maschines ,one of which is a fresh Debian 10.9 install (i also tried ubuntu 20 .04 lts with same result ) , the Debian has one virtual interface assigned .

I set up port forwarding for 1194 on my routers.
I set up promiscuous mode according to this tutorial : https://support.citrix.com/article/CTX121729 i also added promiscous flag to the debian interface in the vm.
I have opened port 1194 on my notebook client windows firewall for outbound and inbound traffic .

I installed openvpn according to this tutorial :
https://www.cyberciti.biz/faq/debian-10 ... 5-minutes/

It worked with the basic configuration i could connect without problem.

I tried this tutorials for bridging :
https://www.emaculation.com/doku.php/br ... rver_setup
https://openvpn.net/community-resources ... -bridging/
https://openvpn.net/community-resources ... -bridging/

I edited the client configuration according to the tutorial.

Notes: after the bridging tutorial complete there is no internet connection on the debian server, which i did not understand why.

I tried it multiple times on ubuntu and debian , i had a tought that the tutorials may not be uptodate and adjusted accordingly and sourced from multiple tutorials of course on a fresh try all with no avail always the same error. I Also consequently tried each of the tutorials seperate with the same result .

Current Server Configuration:
Image
Landscape for which i need layer 2 vpn acces from the internet trought the routers .
Image
Log with tls error on the client which is not a part of the landscape (from internet ).
Image
This is my SERVER /var/log/syslog for the relevant time period :

Code: Select all

May 28 21:52:02 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 86.59.80.170:123 (0.debian.pool.ntp.org).
May 28 21:52:12 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 193.171.23.163:123 (0.debian.pool.ntp.org).
May 28 21:52:22 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 83.137.41.12:123 (0.debian.pool.ntp.org).
May 28 21:52:33 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 141.255.175.253:123 (0.debian.pool.ntp.org).
May 28 21:52:48 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.70:123 (1.debian.pool.ntp.org).
May 28 21:52:58 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 131.130.251.107:123 (1.debian.pool.ntp.org).
May 28 21:53:08 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 144.76.197.108:123 (1.debian.pool.ntp.org).
May 28 21:53:19 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 85.237.30.84:123 (1.debian.pool.ntp.org).
May 28 21:53:29 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.36:123 (2.debian.pool.ntp.org).
May 28 21:53:39 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.70:123 (2.debian.pool.ntp.org).
May 28 21:53:49 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 83.68.137.76:123 (2.debian.pool.ntp.org).
May 28 21:54:00 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.34:123 (2.debian.pool.ntp.org).
May 28 21:54:13 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.36:123 (3.debian.pool.ntp.org).
May 28 21:54:23 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 91.206.8.34:123 (3.debian.pool.ntp.org).
May 28 21:54:33 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 86.59.113.124:123 (3.debian.pool.ntp.org).
May 28 21:54:44 ovpn systemd-timesyncd[314]: Timed out waiting for reply from 185.144.161.170:123 (3.debian.pool.ntp.org).
May 28 21:55:03 ovpn ovpn-server[1464]: 91.115.153.105:51782 TLS: Initial packet from [AF_INET]91.115.153.105:51782, sid=93c7d7c1 603601dd
May 28 21:56:03 ovpn ovpn-server[1464]: 91.115.153.105:51782 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 28 21:56:03 ovpn ovpn-server[1464]: 91.115.153.105:51782 TLS Error: TLS handshake failed
May 28 21:56:03 ovpn ovpn-server[1464]: 91.115.153.105:51782 SIGUSR1[soft,tls-error] received, client-instance restarting
May 28 21:56:08 ovpn ovpn-server[1464]: 91.115.153.105:65355 TLS: Initial packet from [AF_INET]91.115.153.105:65355, sid=9fae4b73 9a5325d4
May 28 21:57:08 ovpn ovpn-server[1464]: 91.115.153.105:65355 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 28 21:57:08 ovpn ovpn-server[1464]: 91.115.153.105:65355 TLS Error: TLS handshake failed
May 28 21:57:08 ovpn ovpn-server[1464]: 91.115.153.105:65355 SIGUSR1[soft,tls-error] received, client-instance restarting
May 28 22:00:04 ovpn org.gnome.Shell.desktop[815]: libinput error: client bug: timer event5 debounce: offset negative (-11ms)
May 28 22:00:04 ovpn org.gnome.Shell.desktop[815]: libinput error: client bug: timer event5 debounce short: offset negative (-25ms)
May 28 22:00:08 ovpn org.gnome.Shell.desktop[815]: libinput error: client bug: timer event5 debounce short: offset negative (-2ms)
->91.115.153.105 is my public adress from which im trying to connect to the server

Im have completly given up hope to do this on my own and i beg for assitance.
I have snapshots of the debian maschine with basic configuration openvpn working and before so i can revert to any state necessary
and im willing to to provide all information necessary and do all what is asked of me. I really would like and need to get this to working as im a student working for a small company which cannot afford any paid local VPN software.

Marek Stepan

MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

Re: [oconf] OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Sun Jun 06, 2021 1:01 pm

bumping please someone assist

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by TinCanTech » Sun Jun 06, 2021 7:12 pm

Your issue is not with Openvpn, it is with your operating system.

Try setting up a standard tunnel and I bet you money Openvpn works perfectly.

MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Sun Jun 06, 2021 7:24 pm

TinCanTech wrote:
Sun Jun 06, 2021 7:12 pm
Your issue is not with Openvpn, it is with your operating system.

Try setting up a standard tunnel and I bet you money Openvpn works perfectly.
what do you mean with standard tunnel ? do you mean like basic configuration as in not a ethernet bridge ? with the basic configuration it worked .

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by TinCanTech » Sun Jun 06, 2021 7:35 pm

MarekTbf wrote:
Sun Jun 06, 2021 7:24 pm
what do you mean with standard tunnel ? do you mean like basic configuration as in not a ethernet bridge ? with the basic configuration it worked .
Exactly .. Openvpn works.

My very first post ever on this Forum was regarding a bridge setup and I did not get one single answer, ever.
And now I am a moderator... and I fixed my problem myself.

MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Sun Jun 06, 2021 10:18 pm

TinCanTech wrote:
Sun Jun 06, 2021 7:35 pm
MarekTbf wrote:
Sun Jun 06, 2021 7:24 pm
what do you mean with standard tunnel ? do you mean like basic configuration as in not a ethernet bridge ? with the basic configuration it worked .
Exactly .. Openvpn works.

My very first post ever on this Forum was regarding a bridge setup and I did not get one single answer, ever.
And now I am a moderator... and I fixed my problem myself.
You are a very skillfull and accomplished human being.
Thank you for your feedback , but sadly it was not useful.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by Pippin » Mon Jun 07, 2021 12:33 pm

General remark, let's be nice and try to behave.

Did a cleanup of the topic.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by 300000 » Mon Jun 07, 2021 3:39 pm

MarekTbf wrote:
Sun Jun 06, 2021 10:18 pm
TinCanTech wrote:
Sun Jun 06, 2021 7:35 pm
MarekTbf wrote:
Sun Jun 06, 2021 7:24 pm
what do you mean with standard tunnel ? do you mean like basic configuration as in not a ethernet bridge ? with the basic configuration it worked .
Exactly .. Openvpn works.

My very first post ever on this Forum was regarding a bridge setup and I did not get one single answer, ever.
And now I am a moderator... and I fixed my problem myself.
You are a very skillfull and accomplished human being.
Thank you for your feedback , but sadly it was not useful.

Your client cant get ip from openvpn server. There are trouble for Linux client on brigde to work so your try not going to work. . it is more easy to more to tun than tap to make it work for linux .

If you use windows as client bridge it will work but Linux is not .


I can help you get it working if you move it to use tun and one thing can you tell why do you want to use bridge? Openvpn bridge make it slow down a lot when it have full broadcast inside tunnel and difficult to makeit work in all kind of client.

When you set up over tun it can do what you want so why need bridge?

MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Tue Jun 08, 2021 12:14 pm

300000 wrote:
Mon Jun 07, 2021 3:39 pm
MarekTbf wrote:
Sun Jun 06, 2021 10:18 pm
TinCanTech wrote:
Sun Jun 06, 2021 7:35 pm
Exactly .. Openvpn works.

My very first post ever on this Forum was regarding a bridge setup and I did not get one single answer, ever.
And now I am a moderator... and I fixed my problem myself.
You are a very skillfull and accomplished human being.
Thank you for your feedback , but sadly it was not useful.

Your client cant get ip from openvpn server. There are trouble for Linux client on brigde to work so your try not going to work. . it is more easy to more to tun than tap to make it work for linux .

If you use windows as client bridge it will work but Linux is not .


I can help you get it working if you move it to use tun and one thing can you tell why do you want to use bridge? Openvpn bridge make it slow down a lot when it have full broadcast inside tunnel and difficult to makeit work in all kind of client.

When you set up over tun it can do what you want so why need bridge?
First of all i want to thank you for your constructive feedback.

As far as my researched got me i think i need tap to bridge layer 2 , and i need layer 2 so windows network discovery is working , SMB fileshares are my primary concern , secondary concern is exchange (2013) autodiscovery for outlook clients .

I have read some information about slowness concerns but wanted to test it out how it would perform perhaps it would be "good enough".

Is there another option to make SMB windows network discovery / exchange discovery work which does not entail bridging ethernet (layer 2 ) ?
If so do you know any recommended tutorial/manual you can point me to ?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by 300000 » Wed Jun 09, 2021 5:04 pm

You can use windows file share over vpn but not able to use network browser. user must input address then can save it for later use. on exchange about autodiscover it work base on DNS so as soon as you are inside vpn it can work for you. autodiscover exchange need san certificate to make it work .if you think about multi people use bridge openvpn . you will have more time to support them as it bring the whole system down .

MarekTbf
OpenVpn Newbie
Posts: 6
Joined: Fri May 28, 2021 12:00 am

Re: OPENVPN ethernet bridge on virtual debian HELP

Post by MarekTbf » Wed Jun 09, 2021 11:52 pm

300000 wrote:
Wed Jun 09, 2021 5:04 pm
You can use windows file share over vpn but not able to use network browser. user must input address then can save it for later use. on exchange about autodiscover it work base on DNS so as soon as you are inside vpn it can work for you. autodiscover exchange need san certificate to make it work .if you think about multi people use bridge openvpn . you will have more time to support them as it bring the whole system down .
Yes i need to use network browser. So i guess i need bridge like i said .

Post Reply