Hi all,
We are having problems getting bridged OpenVPN to work on FreeBSD 9.1. We used to run bridged mode OpenVPN on a FreeBSD 5.4 machine and everything was fine, but the machine died recently, and now we are trying to install bridged OpenVPN on FreeBSD 9.1 (32 bit).
OpenVPN was able to start, and the client was able to connect to the server. But the client cannot ping anything in the server network, including the OpenVPN server itself. We suspect it is the bridging in FreeBSD that is causing the problem. Here is how we installed OpenVPN bridged mode on the FreeBSD 9.1 machine.
Is this a FreeBSD 9.2 bridging issue? Is there something we had missed in our setup? Or is it an OpenVPN 2.3.2 problem?
These are the last few lines of a client connection to the server in the log file (IP changed):
In /etc/rc.conf, we also added
(and later we tried openvpn_if = "tap bridge")
Note that on our old FreeBSD 5.4 machine and FreeBSD 6.2 machine, we didn't have to add
to /etc/rc.conf - and bridged Openvpn worked fine.
Thank you.
We are having problems getting bridged OpenVPN to work on FreeBSD 9.1. We used to run bridged mode OpenVPN on a FreeBSD 5.4 machine and everything was fine, but the machine died recently, and now we are trying to install bridged OpenVPN on FreeBSD 9.1 (32 bit).
OpenVPN was able to start, and the client was able to connect to the server. But the client cannot ping anything in the server network, including the OpenVPN server itself. We suspect it is the bridging in FreeBSD that is causing the problem. Here is how we installed OpenVPN bridged mode on the FreeBSD 9.1 machine.
- We rebuilt and reinstalled the kernel to include these:
Code:device if_bridge device tap
- In /etc/rc.conf
Code:gateway_enable="YES" openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/bridgedvpn/bridgedserver.conf" openvpn_dir="/usr/local/etc/openvpn"
Code:cloned_interfaces="bridge0" ifconfig_bridge0="addm bge0 addm tap0 up"
- In /etc/sysctl.conf
Code:net.link.ether.bridge.enable=1 (probably redundant since we have [FILE]gateway_enable[/FILE] in [FILE]rc.conf[/FILE]) net.link.ether.bridge.config=bge0,tap0
- We copied the openvpn folder containing the keys, certifications, and configuration files from the old server. When we copied them to a FreeBSD 6.2 machine with OpenVPN 2.2.0, we were able to get bridged OpenVPN working. But it didn't work on the FreeBSD 9.1 machine with OpenVPN 2.3.2. I don't think there is any problem with the OpenVPN configuration files.
Is this a FreeBSD 9.2 bridging issue? Is there something we had missed in our setup? Or is it an OpenVPN 2.3.2 problem?
These are the last few lines of a client connection to the server in the log file (IP changed):
Code:
Jul 30 13:49:24 fxtemp03 openvpn[1467]: 74.102.175.251:51069 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 13:49:24 fxtemp03 openvpn[1467]: 74.102.175.251:51069 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 13:49:25 fxtemp03 openvpn[1467]: 74.102.175.251:51069 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 13:49:25 fxtemp03 openvpn[1467]: 74.102.175.251:51069 [brdgedclient80] Peer Connection Initiated with [AF_INET]74.102.175.251:51069
Jul 30 13:49:25 fxtemp03 openvpn[1467]: MULTI: new connection by client 'brdgedclient80' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Jul 30 13:49:25 fxtemp03 openvpn[1467]: MULTI_sva: pool returned IPv4=192.168.5.166, IPv6=(Not enabled)
Jul 30 13:49:26 fxtemp03 openvpn[1467]: brdgedclient80/74.102.175.251:51069 PUSH: Received control message: 'PUSH_REQUEST'
Jul 30 13:49:26 fxtemp03 openvpn[1467]: brdgedclient80/74.102.175.251:51069 send_push_reply(): safe_cap=940
Jul 30 13:49:26 fxtemp03 openvpn[1467]: brdgedclient80/74.102.175.251:51069 SENT CONTROL [brdgedclient80]: 'PUSH_REPLY,route 192.168.6.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 192.168.3.0 255.255.255.0,route 192.168.21.0 255.255.255.0,route 192.168.7.0 255.255.255.0,route 192.168.9.0 255.255.255.0,route-gateway 192.168.5.46,ping 10,ping-restart 120,ifconfig 192.168.5.166 255.255.255.0' (status=1)
Jul 30 13:49:27 fxtemp03 openvpn[1467]: brdgedclient80/74.102.175.251:51069 MULTI: Learn: 00:ff:6e:ed:10:cd -> brdgedclient80/74.102.175.251:51069
In /etc/rc.conf, we also added
Code:
openvpn_if = "tap"
Note that on our old FreeBSD 5.4 machine and FreeBSD 6.2 machine, we didn't have to add
Code:
cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0 addm tap0 up"
Thank you.