Bridging between different subnets (Class A & Class B) ??

[precioso77]

Hello everyone..

im trying to bridge between a server (with 2 different subnet classes) with local IP (192.168.2.45 subnet 255.255.0.0 Class B) and client with IP address (192.168.35.10 subnet 255.255.255.0 class A) and upon connection the client gets the correct IP but cant ping.. also this warning message

WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.35.0/255.255.255.0] and remote VPN [192.168.0.0/255.255.0.0]

in principal.. is there a problem with bridging different subnets in openvpn ?? i cudnt find anything about it on the documentation and when i tried tunneling instead of bridging i cud maintain a connection and ping so i doubt its the configuration
many thanks for your help.. below are the server and client configs for reference

Server

Code: Select all

local 192.168.2.45
port 1194
proto tcp
dev tap
dev-node MyTap
;dev tun
script-security 2
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\MB-server-key.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\MB-server-key.key"  # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.1 255.255.0.0 192.168.2.150 192.168.2.160
;server 10.8.0.0 255.255.255.0
;push "route 192.168.2.0 255.255.0.0"
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo

# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
log         "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
log-append  "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3

;mute 20

Client

Code: Select all

client
dev tap0
#dev tun
proto tcp
remote ********* 1194
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
ca    /etc/openvpn/keys_MB/ca.crt
cert  /etc/openvpn/keys_MB/MB-client-jumeira.crt
key   /etc/openvpn/keys_MB/MB-client-jumeira.key
#tls-auth /etc/openvpn/keys_MB/ta.key 1
comp-lzo
#ping  10
#ping-restart  60
log   /etc/openvpn/logs/client_MB_tap.log
#--explicit-exit-notify 2
verb 3

[Mimiko]

Hi.

"server 172.16.1.1 255.255.255.0 172.16.1.10 172.16.1.30" could do the trick. But even with connection extablished, computers from remote LAN will never get to the computers from local LAN 192.168.35.0, becase any address like 192.168.35.x will be addressed to to computers LAN because of mask 255.255.0.0. So you will better adjust LAN's mask.

[janjust]

in principal.. is there a problem with bridging different subnets in openvpn ??

yes, this is not possible - bridging is about making a VPN client part of the server-side subnet; most likely you'd be fine with a routing setup. 99% of the users do NOT need bridging.

[precioso77]

yes, this is not possible - bridging is about making a VPN client part of the server-side subnet;

ok that makes sense actually..

most likely you'd be fine with a routing setup. 99% of the users do NOT need bridging.

but with routing i cant access other computers on the network so easily.. i never managed to get it to ping other computers on the server network with routing for some reason


many thanks

[Mimiko]

i never managed to get it to ping other computers on the server network with routing for some reason

This is a routing problem that can be resolved. I use OpenVPN in routing mode with 8 remote LANs and every computer is accesible from everywhere. The drawback is that every LAN cant see other LANs when browsing My Networknerborhood from windows. It is not such a problem for users.