TAP interface not carrying layer 2

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
HoboSteaux
OpenVpn Newbie
Posts: 1
Joined: Thu May 27, 2010 4:34 am

TAP interface not carrying layer 2

Post by HoboSteaux » Thu May 27, 2010 4:56 am

Hey,

I have a OpenVPN server that is currently configured as a TAP device, with the intention of playing LAN games with my friends. Currently it is not bridging any broadcast packets (layer 2), but works otherwise. This is the topology:

Code: Select all

Remote Client <--> Web <-----> Router <-----> Local Client
(W/OpenVPN)     <- TAP ->  (OpenVPN Server)    (W/O OpenVPN)
192.168.2.50-99             192.168.2.1       192.168.2.100-255
My setup has it set so all members of my local network do not have to have OpenVPN installed, with my router having the OpenVPN server residing on it (dd-wrt). Both the LAN and TAP have the same subnetmask of 255.255.255.0

Here is my server config:

Code: Select all

mode server
proto udp
port 1194
dev tap0
daemon

dh /tmp/openvpn/dh.pem 
ca /tmp/openvpn/ca.crt 
cert /tmp/openvpn/cert.pem 
key /tmp/openvpn/key.pem
duplicate-cn

keepalive 10 120
client-to-client
verb 6
management localhost 5001

server-bridge 192.168.2.1 255.255.255.0 192.168.2.50 192.168.2.99
ifconfig 192.168.2.1 255.255.255.0
push "dhcp-option DNS 192.168.2.1"
push "route-gateway 192.168.2.1"
push "route 192.168.2.0 255.255.255.0 192.168.2.1"
And the client config:

Code: Select all

client
dev tap0
remote [my ip] 1194
nobind
persist-key
persist-tun
ca "C:\\Program Files (x86)\\OpenVPN\\config\\key\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\key\\client1.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\key\\client1.key"
cipher BF-CBC
verb 5
float
dev-node "Local Area Connection 2"
My startup and firewall:

Code: Select all

openvpn --mktun --dev tap0 
brctl addif br0 tap0 
ifconfig tap0 0.0.0.0 promisc up 
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
My routing table:

Code: Select all

10.36.36.1	255.255.255.255	0.0.0.0	ppp0
192.168.2.0	255.255.255.0	0.0.0.0	LAN & WLAN
192.168.2.0	255.255.255.0	0.0.0.0	tap0
169.254.0.0	255.255.0.0	0.0.0.0	LAN & WLAN
0.0.0.0	0.0.0.0	10.36.36.1	ppp0
I really appreciate and direction which you can offer me, I am still fairly new to networking and will research any topic if I know what I am looking for.

HoboSteaux
Top
User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: TAP interface not carrying layer 2

Post by krzee » Thu May 27, 2010 5:52 am

helped user in IRC

[01:22] <krzie> *shrug* what is your goal?
[01:22] <HoboSteaux> play games over the vpn
[01:22] <krzie> you need a bridge
[01:23] <krzie> !bridge
[01:23] <vpnHelper> krzie: "bridge" is (#1) http://openvpn.net/index.php/documentat ... ml#bridge1, or (#2) http://openvpn.net/index.php/documentat ... dging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for anything where the protocol uses MAC addresses instead of IP addresses.
[01:23] <vpnHelper> krzie: (but not samba, see !wins)
[01:23] <HoboSteaux> ty
[01:23] <krzie> np
[01:26] <HoboSteaux> so my config file will not have a 'server' line in it then
[01:26] <HoboSteaux> 'mode server'
[01:26] <krzie> see --server-bridge
[01:26] <krzie> !man
[01:26] <vpnHelper> krzie: "man" is (#1) http://openvpn.net/man for 2.0 manual, or (#2) http://openvpn.net/man-beta.html for 2.1 manual, or (#3) the man pages are your friend!
[01:49] <HoboSteaux> krzie: the vpn was configured perfectly and working, it just wasnt briidged on his end
[01:49] <HoboSteaux> ty
[01:50] <krzie> yw
Top
Post Reply

Return to “Configuration”