VPN BRIDGING

[joseuzin1976]

hi, i´m setting up a VPN in a LAn with adress 192.168.1.x, the router has ip 192.168.1.1 and the server 192.168.1.60, has a static IP, i want to use bridgin so i bridged my NIC with TAP adaptader but when i did that i losed my internet conection, i test the server conection and the tap and are OK, i set the bridge with the static IP of my NIC card and I opened the port 1194 in my router, but i can´t surf the WEB, anybody can help me.

Thanks a Lot
Jose U.

[janjust]

post your server config and especially your bridge configuration; without it, it is impossible to tell what is going on.

[joseuzin1976]

i send you the configuration file of the server in windows and the images of my bridge and IP configuration in a zip file at rapidshare, thanks a lot

jose.
http://rapidshare.com/files/449839698/VPN.zip
port 1194
;proto tcp
proto udp
dev tap
;dev tun
dev-node TAP
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
;server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.60 255.255.255.0 192.168.1.100 192.168.1.150
server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES


comp-lzo


;max-clients 100

;user nobody
;group nobody


persist-key
persist-tun

status openvpn-status.log


;log openvpn.log
;log-append openvpn.log


verb 3


;mute 20

[joseuzin1976]

there is no solution ????

[maikcat]

hi there,

as a rule ,i always remove comments so i can read easily a config file
(1 page is always easy to read than 10 pages..)
they also keep you away from having the same parameter twice inside your config.

i noticed the following

server-bridge 192.168.1.60 255.255.255.0 192.168.1.100 192.168.1.150
server-bridge

remove the second line...


cheers,

michael.

[joseuzin1976]

ok thanks i will try your answer and sorry for the config file.

thanks a lot
jose

[joseuzin1976]

in the manual says that the server-bridge command is for the activation of the bridge, i want that the server gives ip´s to the clients so i have to activate the server in the tunnel, the server has a ip 192.168.1.60 the LAN clients from 192.168.1.70 to 1.90 and the ip´s of the tunel from 1.120 to 1.150 so that the
server-bridge 192.168.1.60 255.255.255.0 192.168.1.120 192.168.1.150 command.
Do I to add a route in the router or in windows where is the server

[joseuzin1976]

it doesn´t work, i don´t know if i have to change something in the router is wrt54g with ddwrt firmware

[joseuzin1976]

no answers thanks anyway

[janjust]

the line

Code: Select all

server-bridge 192.168.1.60 255.255.255.0 192.168.1.100 192.168.1.150

is fine for your server config; when a client connects which IP is handed out?
Is bridging enabled on the server? how is bridging setup ? what is the server IP address?

[joseuzin1976]

the router has 192.168.1.1, the pc with the nic atached to the router has a static ip 192.168.1.60, the dhcp server for the router from 192.168.1.70 to 192.168.1.90 and the vpn clients from 192.168.1.100 to 1.150, the images of the bridge are in the link oh rapidshare, the lines of the bridge are
dev tap
server-bridge 192.168.1.60 255.255.255.0 192.168.1.100 192.168.1.150
and
server-bridge to activate the bridge link.
I try in the tun mode and i can connect to the server but i want to try with the bridge-ethernet mode

[janjust]

the second

server-bridge

statement must be removed - the first one already should activate the bridge.

[joseuzin1976]

ok, thanks, i´ll try it, do I have to add to add a route to my router ???