OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Script running on VPN creation not behaving as expected

https://forums.openvpn.net/viewtopic.php?t=20945

Page 1 of 1

Script running on VPN creation not behaving as expected

Posted: Sat Feb 06, 2016 5:27 pm
by dbrb2
I have openVPN configured between a server with a static IP and a client on a remote LAN. Both machines have two network interfaces, and are to be configured as a transparent L2 bridge - so that the second network interface on the client machine becomes just another port on the local LAN

This works fine - the VPN comes up, and if I then manually run the below on the client machine, once the VPN is up, then a bridge interface br0 is created, and I have exactly the setup I need.

However, if I run this script automatically once the VPN is up by adding:

script-security 2
up "/etc/openvpn/up.sh"

To the client config, then although there are apparently no errors, and the bridge interface is created, I loose all connectivity of any kind across the VPN. This is the case even if I add an arbitrary delay to the "up.sh" script. Can anyone suggest what it is that differs between me running this bridge script manually (which works) as opposed to as part of the openvpn config file (which doesn't)

Code: Select all

#!/bin/bash

bridge="br0"    # The bridge we want to create
tap="tap0"       # The VPN endpoint
eth="eth1"       # The physical interface we want to bridge

if [[ ! $(/sbin/ifconfig $tap 2>/dev/null) ]]; then
        echo TAP is not active, quitting...
        exit
fi

default_route=$(/bin/ip r | /usr/bin/awk '/^default/ {print $3}')
default_if=$(/bin/ip r | /usr/bin/awk '/^default/ {print $5}')

echo Creating bridge interface $bridge...
/sbin/ifconfig $bridge down 2>/dev/null
/sbin/brctl delbr $bridge 2>/dev/null
/sbin/brctl addbr $bridge

echo Adding TAP interface $eth to bridge $bridge...
/sbin/brctl addif $bridge $tap

echo Adding Ethernet interface $eth to bridge $bridge...
/sbin/brctl addif $bridge $eth

echo Creating interface down symbolic link...
ln -s /sbin/bridge-stop /etc/sysconfig/network/scripts/ifdown-$bridge 2>/dev/null

exit 0

Re: Script running on VPN creation not behaving as expected

Posted: Sat Feb 06, 2016 6:52 pm
by dbrb2
Ok - to some extent I have answered my own question...with caveats:

The up/down directives did in fact work as expected. Any machine connected to the physical bridged port on the remote client machine did indeed appear as if it were on the local server LAN, which is what I intended.

What was happening, which I still don't quite follow, is that if I set up the bridge manually from the command line on the client, then, once it was set up, I was still able to see the bridged LAN from the client machine itself.

If however I let openVPN start set the bridge up on the client, the bridge worked as expected for any machines connected to it locally, but local users, at the command line of the client itself, could no longer see the bridged LAN.

This isn't really a problem, since in this scenario the client shouldn't have any local users...but I would like to try to understanmd why behaviour differed in the two scenarios!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/