Problems with ethernet bridging Vpn

[shinji76]

Hi all,
I'm trying to configure an ethernet bridging vpn and I'm having some problems. Is the first time that I'm trying to configure a vpn.

Here is my configuration.

server.conf [Centos]
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.120.235 255.255.255.0 192.168.120.236 192.168.120.239
push "route 192.168.0.0 255.255.0.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

client.ovpn [Windows 7]
dev tap
dev-node OpenVPN_Tap
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert server.crt
key server.key
ns-cert-type server
comp-lzo
verb 3

On Windows 7, I created the tap and I'm running the vpn as Administrator.

The connection is estabilished and the server assign 192.168.120.236 to the client, but I'm not able to ping the server 192.168.120.235 and I'm not able to reach the other server on the network 192.168.120.0/24.

Where could be the error?

Thanks for the support!

Shinji

[maikcat]

hi there,

did you bridged the tap and the eth0 interface?
did you enabled ip forwarding?
what is your selinux status?
what is your firewall status?

cheers,

michael.

[shinji76]

Hi Micheal,
first of all thanks for the reply.

Firewall and selinux was disabled, but I didn't enable ip forwarding, now I did it, but isn't working yet.

I bridged the tap and interface in this way:
openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ifconfig eth0 0.0.0.0 promisc up
ifconfig br0 192.168.120.235 netmask 255.255.255.0 up
route add default gw 192.168.120.254 br0

Openvpn log file don't show any particular error.

Cheers!

Shinji

[maikcat]

hi there,

i noticed that you bridging tap0 interface
but in your config you use tap

>dev tap

use

dev tap0

also remove this

>push "route 192.168.0.0 255.255.0.0"

cheers,

michael.

[shinji76]

Hi Micheal,
thanks a lot, in this way is working and I'm able to be an address of the network 192.168.120.0/24 and I'm able to reach other machines on that network.

My last step should be to reach other networks inside the range 192.168.0.0/16 that the vpn server already see, but with the current configuration, also if I have an address of the network 192.168.120.0/24, I can't reach other networks that a real address of that network can reach.

The "push" command don't seems solve my problem.

Shinji

[shinji76]

Hi Micheal,
thanks a lot, in this way is working and I'm able to be an address of the network 192.168.120.0/24 and I'm able to reach other machines on that network.

My last step should be to reach other networks inside the range 192.168.0.0/16 that the vpn server already see, but with the current configuration, also if I have an address of the network 192.168.120.0/24, I can't reach other networks that a real address of that network can reach.

The "push" command don't seems solve my problem.

Shinji

Solved, there was some routing problems on my Windows PC...Thanks a lot again...you save me at least 1 or 2 days of test, trying to find the problem.

Shinji

[maikcat]

hi shinji76

Glad to help you...

SOLVED

closing topic.

michael.