Re: openvpn + bridge utils in CentOS 6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



hmmm, it should be the exact problem i got, thank you very much.

On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил <mikxalich@xxxxxxxxx>wrote:

> This situation with pings is really strange...But in  my case the solution
> was much easier . CentOS 6 was installed on VmWare virtual machine and the
> problem was in it network device configuration. The most hardly thing was
> to guess to that. After this I quickly found a solution:
>
> http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/
>
> So, to my experience, the CentOS(or RedHat) work correctly, and may be you
> should try to look for errors in somewhere else (as in my case it was
> VmWare configuration).
>
> > Hello,
> >
> > I did not have read this issue before, but I have seen this problem
> > also. Whenever I restart the bridge (with tap0 interfaces also) I have
> > to make a first ping to the physical interface related to the tap0
> > module. I also ping another machine on the same physical network. After
> > that, I am able to reach the bridged one.
> >
> > Extrange behaviour but this works for me in this way now.
> >
> > I look forward RedHat fixed this bug soon.
> >
> > El 07/11/11 06:39, 唐建伟 escribió:
> >
> >>  thank you very much for your follow up. wish to get good news from you
> soon.
> >>
> >>  On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил<mikxalich@xxxxxxxxx
> >wrote:
> >>>  28.09.2011, 04:58, "唐建伟"<myhnet@xxxxxxxxx>:
> >>>  Hello, I didn't find what to answer to you mounth ago. But now I also
> have
> >>>  an installation of centos 6 (at past I used centos 5.7) , and I have
> the
> >>>  same problems as you. First of all, did you find any solutions?
> >>>
> >>>  I only found that the problem is in br0 device. I can't guess why but
> it
> >>>  not recive ARP REPLY packets.
> >>>
> >>>  tcpdump on all devices (tap0, eth1, br0) give me the same:
> >>>
> >>>  20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33,
> >>>  length 28
> >>>  //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of
> my
> >>>  local hosts//
> >>>
> >>>  and no APR REPLY.
> >>>
> >>>  Intresting that on other hand I have the same configs files on Centos
> 5.7.
> >>>  and everything work perfectly.
> >>>>  no, i removed the commands you mentioned, but it still doesn't work.
> >>>>
> >>>>  Best Regards
> >>>>  Tang Jianwei
> >>>>
> >>>>  On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил<
> mikxalich@xxxxxxxxx
> >>>>  wrote:
> >>>>>    I can't remember a reason, but at one moment I stop to use
>  "openvpn
> >>>>>    --mktun --dev [dev name]" command. May be it's becouse openvpn
> create
> >>>  tap0
> >>>>>    by it self. So try to comment this lines:
> >>>>>
> >>>>>     for t in $tap; do
> >>>>>        openvpn --mktun --dev $t
> >>>>>     done
> >>>>>
> >>>>>    then restart a network, after then start openvpn and after it
> start
> >>>  bridge
> >>>>>    script
> >>>>>>    openvpn configure file
> >>>>>>
> >>>>>>    *port 1194
> >>>>>>    proto udp
> >>>>>>    dev tap0
> >>>>>>    ca ca.crt
> >>>>>>    cert VPN_Server.crt
> >>>>>>    key VPN_Server.key  # This file should be kept secret
> >>>>>>    dh dh1024.pem
> >>>>>>    server-bridge 192.168.119.1 255.255.255.0 192.168.119.221
> >>>  192.168.119.225
> >>>>>>    keepalive 10 120
> >>>>>>    comp-lzo
> >>>>>>    user nobody
> >>>>>>    group nobody
> >>>>>>    persist-key
> >>>>>>    persist-tun
> >>>>>>    status openvpn-status.log
> >>>>>>    log-append  /var/log/openvpn.log
> >>>>>>    verb 3
> >>>>>>    mute 20
> >>>>>>    *
> >>>>>>
> >>>>>>    the script for bring up the bridge
> >>>>>>    *# Define Bridge Interface
> >>>>>>    br="br0"
> >>>>>>
> >>>>>>    # Define list of TAP interfaces to be bridged,
> >>>>>>    # for example tap="tap0 tap1 tap2".
> >>>>>>    tap="tap0"
> >>>>>>
> >>>>>>    # Define physical ethernet interface to be bridged
> >>>>>>    # with TAP interface(s) above.
> >>>>>>    eth="eth1"
> >>>>>>    eth_ip="192.168.119.1"
> >>>>>>    eth_netmask="255.255.255.0"
> >>>>>>    eth_broadcast="192.168.119.255"
> >>>>>>
> >>>>>>    for t in $tap; do
> >>>>>>        openvpn --mktun --dev $t
> >>>>>>    done
> >>>>>>
> >>>>>>    brctl addbr $br
> >>>>>>    brctl addif $br $eth
> >>>>>>
> >>>>>>    for t in $tap; do
> >>>>>>        brctl addif $br $t
> >>>>>>    done
> >>>>>>
> >>>>>>    for t in $tap; do
> >>>>>>        ifconfig $t 0.0.0.0 promisc up
> >>>>>>    done
> >>>>>>
> >>>>>>    ifconfig $eth 0.0.0.0 promisc up
> >>>>>>
> >>>>>>    ifconfig $br $eth_ip netmask $eth_netmask broadcast
> $eth_broadcast*
> >>>>>>
> >>>>>>    On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил<
> >>>  mikxalich@xxxxxxxxx
> >>>>>>  wrote:
> >>>>>>>     Hm... It's very hard to guess without config files. Can you
> post
> >>>  your
> >>>>>>>     server and client openvpn configs... and also can your show  a
> br0
> >>>>>    creation
> >>>>>>>     commands?
> >>>>>>>
> >>>>>>>     27.09.2011, 12:01, "唐建伟"<myhnet@xxxxxxxxx>:
> >>>>>>>>     Hi
> >>>>>>>>
> >>>>>>>>     no, i don't think so. anyway, i can and only can the vpn
> server
> >>>  from
> >>>>>    the
> >>>>>>>>     remote hosts.
> >>>>>>>>
> >>>>>>>>     Best Regards
> >>>>>>>>     Tang Jianwei
> >>>>>>>>
> >>>>>>>>     On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил<
> >>>>>    mikxalich@xxxxxxxxx
> >>>>>>>>    wrote:
> >>>>>>>>>      So, something stop packets from remote hosts. May be
> firewall on
> >>>>>    remote
> >>>>>>>>>      PC...? and can you run tcpdump on same remote host, to
> check that
> >>>>>    it's
> >>>>>>>     tap0
> >>>>>>>>>      device.
> >>>>>>>>>
> >>>>>>>>>      27.09.2011, 11:06, "唐建伟"<myhnet@xxxxxxxxx>:
> >>>>>>>>>>      Hi
> >>>>>>>>>>
> >>>>>>>>>>      the routing table in the remote hosts are OK. "tcpdump -n
> -i
> >>>>>    [device
> >>>>>>>>>      name]"
> >>>>>>>>>>      cannot capture any packages from remote. no mater br0 nor
> tap0.
> >>>>>>>>>>
> >>>>>>>>>>      Best Regards
> >>>>>>>>>>      Tang Jianwei
> >>>>>>>>>>
> >>>>>>>>>>      On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил<
> >>>>>>>     mikxalich@xxxxxxxxx
> >>>>>>>>>>     wrote:
> >>>>>>>>>>>       27.09.2011, 09:52, "唐建伟"<myhnet@xxxxxxxxx>:
> >>>>>>>>>>>>       Hi all,
> >>>>>>>>>>>>
> >>>>>>>>>>>>       I just intalled openvpn + bridge in CentOS 6, but i get
> >>>  strange
> >>>>>>>>>      problems:
> >>>>>>>>>>>>       the remote PCs cannot get the local PCs'  MACs and
> also, the
> >>>>>    local
> >>>>>>>     PCs
> >>>>>>>>>>>>       cannot get the remote PCs' MACs
> >>>>>>>>>>>>
> >>>>>>>>>>>>       but when i run "brctl showmacs br0"  it will list all
> the
> >>>  MACs
> >>>>>    and
> >>>>>>>>>      also "
> >>>>>>>>>>>>       brctl show" will show that all the correct adapters are
> in
> >>>  br0
> >>>>>>>>>>>>       SELinux disabled
> >>>>>>>>>>>>
> >>>>>>>>>>>>       any ideas?
> >>>>>>>>>>>       First of all you should check routing table of remote
> hosts.
> >>>  If
> >>>>>>>>>       everything
> >>>>>>>>>>>       is correct, try to monitor br0, and other devises(ethX)
> by
> >>>>>    "tcpdump
> >>>>>>>     -n
> >>>>>>>>>      -i
> >>>>>>>>>>>       [device name]".
> >>>>>>>>>>>       _______________________________________________
> >>>>>>>>>>>       CentOS mailing list
> >>>>>>>>>>>       CentOS@xxxxxxxxxx
> >>>>>>>>>>>       http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>>>>      --
> >>>>>>>>>>      Tang Jianwei
> >>>>>>>>>>      System Administrator
> >>>>>>>>>>      _______________________________________________
> >>>>>>>>>>      CentOS mailing list
> >>>>>>>>>>      CentOS@xxxxxxxxxx
> >>>>>>>>>>      http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>>>      _______________________________________________
> >>>>>>>>>      CentOS mailing list
> >>>>>>>>>      CentOS@xxxxxxxxxx
> >>>>>>>>>      http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>>     --
> >>>>>>>>     Tang Jianwei
> >>>>>>>>     System Administrator
> >>>>>>>>     _______________________________________________
> >>>>>>>>     CentOS mailing list
> >>>>>>>>     CentOS@xxxxxxxxxx
> >>>>>>>>     http://lists.centos.org/mailman/listinfo/centos
> >>>>>>>     _______________________________________________
> >>>>>>>     CentOS mailing list
> >>>>>>>     CentOS@xxxxxxxxxx
> >>>>>>>     http://lists.centos.org/mailman/listinfo/centos
> >>>>>>    --
> >>>>>>    Tang Jianwei
> >>>>>>    System Administrator
> >>>>>>    _______________________________________________
> >>>>>>    CentOS mailing list
> >>>>>>    CentOS@xxxxxxxxxx
> >>>>>>    http://lists.centos.org/mailman/listinfo/centos
> >>>>>    _______________________________________________
> >>>>>    CentOS mailing list
> >>>>>    CentOS@xxxxxxxxxx
> >>>>>    http://lists.centos.org/mailman/listinfo/centos
> >>>>  --
> >>>>  Tang Jianwei
> >>>>  System Administrator
> >>>>  _______________________________________________
> >>>>  CentOS mailing list
> >>>>  CentOS@xxxxxxxxxx
> >>>>  http://lists.centos.org/mailman/listinfo/centos
> >>>  _______________________________________________
> >>>  CentOS mailing list
> >>>  CentOS@xxxxxxxxxx
> >>>  http://lists.centos.org/mailman/listinfo/centos
> > --
> >
> > Lorenzo Martinez Rodriguez
> >
> > Visit me:   http://www.lorenzomartinez.es
> > Mail me to: lorenzo@xxxxxxxxxxxxxxxxxx
> > My blog: http://www.securitybydefault.com
> > My twitter: @lawwait
> > PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tang Jianwei
System Administrator
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux