OpenVPN Support Forum

Hello all,

I am configuring openvpn in bridge mode

#########################################################
server config file.

local 192.168.1.138

port 1194

proto udp

dev tap0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.26 255.255.255.0 192.168.2.40 192.168.2.50
keepalive 10 120

user openvpn
group openvpn

persist-key
persist-tun
status openvpn-status.log
verb 5


#########################################################################


my local network is 192.168.2.x on eth0
and server is listening on 192.168.1.138 on eth1


client is on 192.168.101.113 eth1
and pc behind client is on 192.168.3.100

================= tunnel ======================================
network behind server || server 192.168.1.138 <================> client 192.168.101.113 || network behind client
192.168.2.x || <=================> tap ip 192.168.2.40 || 192.168.3.x
=============== ======================================
I have created bridge on server side between tap0 and eth0 i.e local network and setup openvpn

Problem is I can ping from client to pc behind server, but unable to ping from pc behind client to pc behind server. in bridge mode.

Please Help Me in solving my problem.



==========================================

Tushar

this is a routing question, not an openvpn question.
how are packets routed to the VPN client? is the client itself in bridged mode (this is normally an "advanced user" setup) ? is the client configured to support ip forwarding/routing? what OS is running on the VPN client?

Thanks JanJust For Reply.

Packets are routed to vpn-client through tunnel Only.

Both server and client are on Linux Os.

I have configured openvpn and able to access pc behind server as well as client in routing mode, using push route option and client-config-dir and other related options.

But now i want to configure it in Bridge Mode so that i can assign ip to client, same as local subnet of server or using dhcp. I just want to ask that do i need to add push route and client-config dir option in bridge or do i need to do something with iptables.

I have created ethernet bridge using start script given on openvpn.net/bridge site.
Also replaced server by server-bridge 192.168.2.26 255.255.255.0 192.168.2.40 192.168.2.50
dev tun by dev tap0
and on client side dev tap.

I am able to ping and access services from pc behind openvpn-server from client, but not able to ping or access from pc behind client.
Do i need to create on client-side as well ??


Thank You

===========================================================

Tushar

Sorry for *Do i need to create on client-side as well ??

Do i need to create bridge on client-side as well ?

Is it Possible with routing mode the following Scenario.

1) If dhcp server option is enabled -- Assigning connecting client IP Using dhcp server running on server from the subnet same as local subnet.

2) If dhcp server option is disabled then client can set their tun ip manually ? as doing in bridge mode in windows ?

Please Help Me.

==============================================================

Tushar Sharma

I have done it.

I have added one rule on client side using iptables
iptables -t nat -I POSTROUTNG -o tap0 -j SNAT --to-source client-tap-ip.

For this i have used server-bridge with specified range.

Now i want to assign IP's to client using DHCP server running on my server so i do i need
to add/make some changes in dhcp server or are there some options in openvpn bridge mode. using dhcp?


Tushar.

which client needs to be assigned an address from the server side DHCP server? the VPN client or other clients behind it? the VPN client is easy: simply change

server-bridge <address> <netmask> ....

to this will break Linux clients, unless you run an external DHCP client such as 'dhclient tap0' when the tunnel comes up.

Thanks J.J.K for reply.
I need to assign i.p to vpn client using server side DHCP Server.

I changed it from server-bridge <add> <netmask> .. to server-bridge but client is not broadcasting DHCP request and hence tap0 doesn't get
any ip.

Do i need to run external client dhclient tap0 on client side ?

i will try today n if got working will post entire thing.

Thanking You,

=============================================

Tushar

I have done dhclient tap0 on client side and it get ip from dhcp server.
But i created other problem.
Before Getting IP i can ping another local network, but after getting ip on tap0
whenever i ping to another local network, i doesnt get reply.

I have using wireshark it tries to forward all packets through tap0.

when the external DHCP server assigns an IP it will also assign a gateway - if dhclient picks this up then the default gw on the system might be overwritten. If this not what you want then adjust the DHCP server (or modify dhclient to NOT overwrite the default gw) - do a 'man dhclient.conf' for details.

Thanks Jan Just for reply.

What i have observed is while connecting to server using windows client it get ip from dhcp server and
when i ping to local network it tries to go from "eth" i have checked this using wireshark.

But when i connect to openvpn server using linux-client it get ip when i run "dhclient tap0" i can ping to server, pc's behind server
but when i ping to local network it tries to send traffic through "tap0" its strange and i have checked this using wireshark. When i ping to local network 192.168.1.x it shows source ip of "tap0" which it is getting from dhcp server.

Will check today dhclient.conf, and will update soon.

Thanking You

==========================

Tushar