OpenVPN bridge. Can't access machines on local network

networking openvpn bridge
7,470

Solution 1

Is the openvpn server a vmware virtual machine on a ESX/ESXi/VSphere server?

If yes, you may need to enable the promiscuous mode in the vmswitch.

The problem is that vmware ESX virtual switch will not "learn" new mac address by default, it just accept the VM mac address and nothing more.

In bridge mode the client TAP mac address is used in the openvpn server network and if the vmswitch is not setup correctly it will never work (tcpdump will show the ARP request, but no ARP reply for the vpn requests on the eth0 network. Until a tcpdump dont show the arp replies arriving for the vpn requests, the vmware vmswitch is still not correctly setup (on some setups, it's needed to setup the promiscuous to enable on two places)

switch the promiscuous mode by following this url

Finally, the openvpn bridge mode DO NOT require the ip_forward to be enable. a correctly setup bridge openvpn require a linux bridge (say br0) with the eth0 and tap0. BOTH are require to be in promiscuous mode (usually setup the eth0 on the machine network setup and the tap0 on the up.sh script). If setup like this, the vpn packages are simply bridge and the linux ip_forward is never called.

Solution 2

  • The server (the VPN endpoint) must act as a router to forward packets between the local and the VPN network - or rephrased: you got to enable IP forwarding on the server

  • Either the server announces himself as a router to the local network (if any routing protocol is active) or all clients have to be configured that the server is a gateway to the VPN network (best set up in a DHCP configuration if there is one)

Share:
7,470

Related videos on Youtube

laleshii
Author by

laleshii

Updated on September 18, 2022

Comments

  • laleshii
    laleshii over 1 year

    Followed this guide: https://wiki.archlinux.org/index.php/OpenVPN_Bridge

    This is my setup: I have a wireless router(192.168.2.1) which connects to the Internet through a PPPoE connection and acts as a gateway and DHCP server for the local network. I'm trying to make a VPN on a machine(192.168.2.201).

    I bridged the VPN tap0 with eth0 through br0 like in the guide. Connecting works ok and the client receives the proper IP but I cannot access other machines on the local network (ping works only server and client).

    This is my server.conf:

    port 1194
proto tcp
dev tap0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.1 255.255.255.0 192.168.2.202 192.168.2.210
push "route 192.168.2.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 6

    This is my client.conf:

    client
dev tap
proto tcp
remote hostname.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 6

    If you need any more info just ask. Thank you.

  • laleshii
    laleshii over 12 years
    Tried IP forwarding on a debian machine with the same setup. Ran iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE and iptables -A FORWARD -i br0 -j ACCEPT with no luck. IP forwarding is enabled.sysctl net.ipv4.ip_forward returns 1.
  • laleshii
    laleshii over 12 years
    Also isn't the bridge I have created between eth0 and tap0 suppose to auto forward the packages between those 2 networks?
  • ktf
    ktf over 12 years
    Before tampering with the server configuration (OpenVPN may have set up things already correctly for you) I'd check if the other network clients know, that to reach your system they have to use the server as gateway. A simple traceroute (from the other network client to your local VPN interface) would be the fastet solution to get an idea where things may need to be fixed. I suppose you can ssh to the server and from there ssh to an other network client.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting up bridged OpenVPN server with single public IP NIC
Tcpdump/Iptables on bridge interface without assigned IP address
Docker on CentOS with bridge to LAN network
How to support multicast network in Docker
Send all OpenVPN traffic through proxy or TOR proxy?
Connection issue after installing NordVPN on Lubuntu 20.04
Generating .ovpn Config for android phone
OpenVPN setup with PIA - Connects but no internet
AEAD Decrypt error: bad packet ID on openvpn using UDP
How to auto(re)connect to openvpn connection?