openvpn on fedora 14

[mathboy314]

Hello,

I have (seemingly regretfully) finally upgraded my Fedora Core 7 linux machine that has served me so well for the past decade. One of the final pieces to put in place was my Openvpn config (which was running flawlessly on my FC7) which I cannot get to work.

Here are my steps.

1. Disabled SELinux

2. Added the following entry in my iptables: (although I've stopped iptables to help troubleshoot)
-A INPUT -i tap0 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT

3. yum installed openvpn and bridge-utils (btw I'm using bridging)

4. configured my bridge-start script as such:
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="10.0.0.101"
eth_netmask="255.255.255.0"
eth_broadcast="10.0.0.255"

for t in $tap; do
openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast


5. configured my openvpn server conf as such:
proto tcp-server
port 5990
dev tap0
ca /usr/share/openvpn/easy-rsa/2.0/keys/ca.crt
cert /usr/share/openvpn/easy-rsa/2.0/keys/server.crt
key /usr/share/openvpn/easy-rsa/2.0/keys/server.key
dh /usr/share/openvpn/easy-rsa/2.0/keys/dh1024.pem
server-bridge 10.0.0.101 255.255.255.0 10.0.0.250 10.0.0.254
keepalive 10 120


When I execute my bridge-start script it creates the br0 and tap0 then all connectivity vanishes (I can only ping my gateway 10.0.0.50) - internet and any other addresses time out.

When I look at the /var/log/messages log I see:

NetworkManager[1654]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
NetworkManager[1654]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
NetworkManager[1654]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...
kernel: [ 2266.914342] device tap0 entered promiscuous mode
NetworkManager[1654]: <warn> /sys/devices/virtual/net/br0: couldn't determine device driver; ignoring...
kernel: [ 2266.914408] br0: new device tap0 does not support netpoll (disabling)
kernel: [ 2346.153921] br0: port 2(tap0) entering disabled state
kernel: [ 2346.154178] br0: port 1(eth0) entering disabled state



Any help is appreciated!

[maikcat]

hi there,

i believe there is a network manager issue...

can you try disabling network manager and try your setup again?

Michael.

[janjust]

maikcat is absolutely right: the FC14 NetworkManager is vastly different (and better, actually!) then the one used in FC7 ; either disable NetworkManager or make the bridge not controlled by the NetworkManager; this can be done by adding a line

Code: Select all

NM_CONTROLLED="no"

to the appropriate /etc/sysconfig/network-scripts/ifcfg-* file