Ubuntu 17.10 - OpenVPN TAP - Help
You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:
$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]
Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.
You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.
The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on
. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher
package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge
(owned by root, marked executable):
#!/bin/sh
set -e
if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi
Related videos on Youtube
nickyung
Updated on September 18, 2022Comments
-
nickyung over 1 year
I am desperate at this point. I have been trying to configure a bridge networking on Ubuntu 17.10 and it has been hell. I can’t find any documents online to assist with install. All of the ones I have found are written for 16.04 and below. Can someone please help me. With this Net plan implementation instead of interfaces everything seems to be a headache. Below are my configurations.
Info:
router: 10.0.1.1 ip address 10.0.1.100 network 10.0.1.0 gateway 10.0.1.1 dns: 10.0.1.1 netmask 255.255.255.0
admin@SKYNET:~$ cat /etc/netplan/01-netcfg.yaml This file describes the network interfaces available on your system For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: enp0s31f6: dhcp4: yes bridges: br0: interfaces: [enp0s31f6] dhcp4: true optional: true
admin@SKYNET:~$ cat /etc/openvpn/server.conf port 1194 proto udp dev tap ca ca.crt cert server.crt key server.key dh dh2048.pem ifconfig-pool-persist ipp.txt server-bridge 10.0.1.100 255.255.255.0 10.0.1.230 10.0.1.254 push "route 10.0.1.0 255.255.255.0 10.0.1.1" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.0.1.1" client-to-client keepalive 10 120 tls-auth ta.key 0 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1
admin@SKYNET:~$ cat /etc/openvpn/easy-rsa/keys/client.ovpn client dev tap proto udp remote 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca ca.crt cert client.crt key client.key remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 3
I followed the steps from this page on the Ubuntu help wiki but the Prepare interface config for bridging on server step doesn’t seem to work since interfaces isn't there any more. Not sure how to bring
tap0
up/down. I seem to be having a routing issue when the clients connect.[admin@SKYNET:~$ ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.1.100 netmask 255.255.255.0 broadcast 10.0.1.255 inet6 fe80::c96:daff:feda:65b8 prefixlen 64 scopeid 0x20 ether 0e:96:da:da:65:b8 txqueuelen 1000 (Ethernet) RX packets 1327461 bytes 2776343355 (2.7 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 953269 bytes 1907343180 (1.9 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[admin@SKYNET:~$ ifconfig tap0 tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 0a:82:dd:10:85:4d txqueuelen 100 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Also I added the firewall rules
iptables -A INPUT -i tap0 -j ACCEPT iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -j ACCEPT
What am I doing wrong?
-
slangasek almost 6 yearsPlease check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
-
nickyung almost 6 yearsThe indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
-
nickyung almost 6 yearsI think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
-
-
nickyung almost 6 yearsThanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…