First, since it's my first post here - hello everyone
Now to the point.
(freebsd7.2, ipfw, openvpn server 2.0.6_9, client 2.0.9)
I've installed and configured openvpn, bridged. After struggle, i'm able to connect XP/Vista openvpn client. And that's all
No pings, no netbios communication
Firewall is not an issue - checked even with switched off on both sides, without any effect.
After checking packet flaw with tcpdump on tap devices, on both sides (freebsd server and windows xp client) i can see traffic from machines on ma bridged LAN /192.168.1.xxx/, so bridging on server works fine.
BUT ! Strange is, that on server tap0 I cant't see any packets originating from my vpn client /192.168.1.100/! Yet on client i can see packets from lan and server !
My config files :
loader.conf
rc.conf
openvpn.conf
up.sh
down.sh
on firewall just at the beginning i pass :
allow all from any to any via vr0
allow all from any to any via bridge0
allow all from any to any via tap0
On vpn port (xyz ) i skip before nat to check-state, then i pass in setup tcp and all udp with keep-state.
Like i said, client connects fine on vpn port, so i think firewall is ok.
and on windows client
client.ovpn
Now to the point.
(freebsd7.2, ipfw, openvpn server 2.0.6_9, client 2.0.9)
I've installed and configured openvpn, bridged. After struggle, i'm able to connect XP/Vista openvpn client. And that's all
No pings, no netbios communication
Firewall is not an issue - checked even with switched off on both sides, without any effect.
After checking packet flaw with tcpdump on tap devices, on both sides (freebsd server and windows xp client) i can see traffic from machines on ma bridged LAN /192.168.1.xxx/, so bridging on server works fine.
BUT ! Strange is, that on server tap0 I cant't see any packets originating from my vpn client /192.168.1.100/! Yet on client i can see packets from lan and server !
My config files :
loader.conf
Code:
ipfw_load="YES"
ipdivert_load="YES"
net.inet.ip.forwarding=1
snd_via8233_load="YES"
ext2fs_load="YES"
if_tap_load="YES"
if_bridge_load="YES"
rc.conf
Code:
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
gateway_enable="YES"
dhcpd_enable="YES"
dhcpd_ifaces="vr0"
keymap="pl_PL.ISO8859-2"
linux_enable="YES"
sshd_enable="YES"
named="YES"
sendmail_enable="NONE"
#konfig. interfejsow
#inet
ifconfig_rl0="inet xx.xx.xx.xx netmask xx.xx.xx.xx"
defaultrouter="xx.xx.xx.xx"
hostname="S0"
#lan
ifconfig_vr0="inet 192.168.1.1 netmask 255.255.255.0"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /usr/local/etc/nat.conf"
nmbd_enable="YES"
smbd_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_if="tap bridge"
openvpn.conf
Code:
cd /usr/local/etc/openvpn
up /usr/local/etc/openvpn/up.sh
down /usr/local/etc/openvpn/down.sh
dev tap0
local xx.xx.xx.xx
port xyz
proto udp
keepalive 10 120
comp-lzo
daemon
client-to-client
verb 3
log-append /var/log/openvpn.log
#push "route-gateway 192.168.1.1"
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option WINS 192.168.1.1"
#mode server
#dhcp on lan assigns up to 192.168.1.14
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.105
tls-server
tls-auth ta.key 0
dh dh2048.pem
ca ca.crt
cert server.crt
key server.key
up.sh
Code:
#!/bin/sh
ifconfig bridge0 create
ifconfig bridge0 addm vr0 addm $dev up
down.sh
Code:
#!/bin/sh
ifconfig bridge0 deletem $dev
ifconfig bridge0 destroy
on firewall just at the beginning i pass :
allow all from any to any via vr0
allow all from any to any via bridge0
allow all from any to any via tap0
On vpn port (xyz ) i skip before nat to check-state, then i pass in setup tcp and all udp with keep-state.
Like i said, client connects fine on vpn port, so i think firewall is ok.
and on windows client
client.ovpn
Code:
client
dev tap
dev-node vpn
proto udp
remote xx.xx.xx.xx xyz
resolv-retry infinite
nobind
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
comp-lzo
verb 6