OpenWrt Forum Archive

Topic: openvpn bridge

The content of this topic has been archived on 16 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
waldo
26 Jun 2006, 05:11

I've been trying to follow the steps laid out by Bill_MI to set up a bridged OpenVPN server, but i'm not having much luck.

The fly in the ointment, I think, is that I'm running a split LAN and WirelessLAN setup, that is to say that wired users get a 172.16/12 IP and wireless users a 10/8 IP.  This means I don't have a br0 interface by default and instead of simply running 

openvpn --mktun --dev tap0
brctl addif br0 tap0

i have to create the bridge first, and add my wired interface, since that is the subnet I would like VPN'd users to appear as coming from.

openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 vlan0

The problem:  I lose network connectivity to my router as soon as I run the last line, brctl addif br0 vlan0

I'm pretty comfortable with both OpenWRT and OpenVPN, but this is a combination I've never tried before.  Any help would be greatly appreciated, and I'll be happy to add more information about config files and interface setups as needed.  Thanks!

Post #2
Puncher
26 Jun 2006, 06:29

test this,

killall -q openvpn
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 up

Gruß Puncher

Post #3
waldo
26 Jun 2006, 06:36

As I said in my original post, I have no br0 interface any more and, predictably, this fails.

root@gw-dsrw-iastate:~# openvpn --mktun --dev tap0
Mon Jun 26 05:30:11 2006 TUN/TAP device tap0 opened
Mon Jun 26 05:30:11 2006 Persist state set to: ON
root@gw-dsrw-iastate:~# brctl addif br0 tap0
interface tap0 does not exist!
root@gw-dsrw-iastate:~# ifconfig tap0
tap0      Link encap:Ethernet  HWaddr 00:FF:7E:70:D8:51
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@gw-dsrw-iastate:~# ifconfig br0
ifconfig: br0: error fetching interface information: Device not found

root@gw-dsrw-iastate:~#
Post #4
Bill_MI
26 Jun 2006, 12:37

Hi Waldo,

I would figure the docs would cover your case.  It's been a while since I went through them but br0 was getting in the way with the step-by-steps.  I couldn't bridge tap0 to vlan0 using newly created br1 because vlan0 was already in br0.  So... can't beat 'em... join 'em. smile  Yes, it only works with stock bridged br0 of vlan0/eth1 which the docs seemed to ignore.

I think Puncher's suggestion was to add ifconfig (interface) up for tap0 and maybe vlan1 and br0 after creating br0 like you already tried.  You may have to do it in a script since you loose connectivity to test it via commandline.  You may want to use br1 just to avoid any other system scripts involving br0.

My own confusion starts when standard system scripts, like ifup, uses the ifname/ifnames variables - you may be fighting these, too.  I'd welcome a good overview of this.

(Last edited by Bill_MI on 26 Jun 2006, 12:47)

The discussion might have continued from here.