please help client bridging issues

[paranoidsystems]

Hi All,

I am losing the vpn when ever I bridge the clients connections...so the vpn works until I bridge o the client side.

let me give you details.

network A
at the moment I have the lan my vpn server sits on. this network is 192.168.1.x. server is WHS/server 2003 and it's static address is 192.168.1.65. my router is 192.168.1.254 and I have a static public ip

Network B
192.168.0.x router is .1 with dynamic public ip and clients are on dhcp from this router.

server has it's connections bridged. also has ip forwarding on (as do the clients)

I have even tried using point-to-point and again ths works perfectly until i bridge te connections on the client....

here are my configs
client

Code: Select all

client
dev tap
dev-node ttt
proto udp
remote mypublicip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key"
ns-cert-type server
comp-lzo
verb 9
mute 20

server

Code: Select all

proto udp
dev tap
;ifconfig 192.168.1.100 255.255.255.0
server-bridge 192.168.1.65 255.255.255.0 192.168.1.200 192.168.1.210 
;push "route 192.168.0.0 255.255.255.0"
max-clients 10
client-to-client
keepalive 10 120
comp-lzo
mute 3
dh "c:\\program files\\openvpn\\easy-rsa\\keys\\dh1024.pem"
ca "c:\\program files\\openvpn\\easy-rsa\\keys\\ca.crt"
cert "c:\\program files\\openvpn\\easy-rsa\\keys\\server.crt"
key "c:\\program files\\openvpn\\easy-rsa\\keys\\server.key"  # This file should be kept secret
verb 3

now the server is bridged and client is not and it works...I can browse the shares and ping the server and other machines on it's lan....but ofcourse I cant do anything like say play lan games or anything that requires udp broadcasts.....so I bridge the connections on the client....reconnect the vpn...it connects but now I cant ping the server or anyting on it's lan.......I have been working at this for days and days and it's driving my crazy.....please cansomeone point me in th eright direction as I have tried everything........


I have rewritten this thread so that it's upto date....

[paranoidsystems]

ok so as above it's all still the same except if I have IPV6 enabled then I can ping some of the machines on either side from eother side but not the server

[paranoidsystems]

double post

[paranoidsystems]

friendly bump to the top

[janjust]

I'm not sure this is an OpenVPN issue - when you bridge 2 adapters on Windows , Windows immediately switches to static IP mode, that is, it assigns the same static IP to both interfaces. The OpenVPN client wants to assign a dynamic address to the tap interface. If you can assign the VPN IP address to both interfaces prior to starting OpenVPN this might work, but then which interface will you use to set up the connection to the server? or do you have 2 LAN interfaces on the VPN client?

[paranoidsystems]

Thanks very much for the reply. I think you are right.....on the client I have eth0(wireless card) and tap01 as examples......when you create the bridge (vpn is disconnected) then they combine to make brigde1.....now that gets an IP from my clients router on 192.168.0.1.....so that is the gateway dns etc....and address is in that range....so i could manually assign it the ip the VPN adaptor wishes to use (say 192.168.200 as per server config pool) but with the gateway as my router on 192.168.0.1.....but this would conflict and not get a network connection then?

sorry if I am repeating myself I am just trying to et a better understanding......seems odd to me that ipv6 works once connected but not ipv4? I presume this is as openvpn isnt trying to give the tap adaptor a ipv6 address and windows somehow sorts it's sefl out?

[janjust]

indeed - bridging will work via IPv6 as openvpn does not (by default) try to assign an address.

the big question is: why do you need bridging on the client side anyways? look at the UDPForwarding tool to see if that enables gaming .

[paranoidsystems]

I wanted it purely to be able to do some lan gamming here and there......I have done a quick google for the UDPforwarding tool and I havent come up with anything yet..is there a link you could provide?

The IPV6 issues makes sense......basically the IPV6 is not concered with the happenings of IPV4 static addresses and sorts it's self out.....So there is not a way to get the same behaviour from IPV4....perhaps if the if the ip address and subnet where the same for the 2 adaptors in the bridge?

So If I change say network b's router to a matching subnet and get openvpn to issue it the same IP (say 192.168.1.200) and give the bridge the same IP plus the new gateway in matching subnet....but then I guess I am back to the first problem where windows doesnt know witch interface to send packets down?

Thanks very much for the replies and the help in understanding it a bit more! As soon as I sort it out to my liking I will post in all the details in here to help others hopefully.

[janjust]

see topic7319.html