Topic: OpenVPN - in bridge mode, not routed (as in the howto)

[gavincowie]

Having followed the most excellent howto (http://sme.swerts-knudsen.dk/howtos/howto_30.htm - cheers Jesper!) I have a working OpenVPN. It works very well, better than PPTP, better than the commercial IPSEC firewalls/clients I've tried.

But there's always something.

In this case, I'd like to make a bridge of the OpenVPN (tap0) and the internal interface (eth0).

Why? Well, silly really - to be able to play LAN-based net games with some friends. With the routed implementation, the VPN clients get given IP addresses on a different subnet than "local" machines. As a result, the kind of "LAN broadcasts" that some games make to find local servers don't travel across different subnets.

So actually, I'm looking at either a method to make LAN broadcasts go "across" both the local and vpn subnets, or build a bridge so the vpn clients get dhcp leases on the same subnet.

I've had a google around and checked out the entry on the openvpn page (http://openvpn.net/bridge.html) it mentions installing "bridge-utils" and it began to dawn on me that maybe subsuming eth0 into a bridge might do Bad Things to SME.

So I wondered if anyone here might have a thought to share about this?

G

[gavincowie]

http://forums.contribs.org/index.php?topic=25366.msg102590#msg102590

Wow, openvpn is a popular topic, had to go to results 101-120 to find this link.

Still, questions about making a bridge and its affect on SME stand - hey Appesteijn, did you eventually have any luck getting your bridged OpenVPN working, the DHCP troubles solved and the multiplayer lan gaming working?

G

[janil_kumar]

My network setup is
LAN 192.168.0.0/24
Public IP

Remote Network setup
192.168.254.0/24
Speedstar DSL modem with dynamic IP
only one pC with static IP

I followed Swerts-Knudsen.dk for vpn setup

The server is in gateway and server mode means it is working as a proxy and web and mail server
When I start the openvpn service at server I get the following error

Starting openvpn: SIOCDELRT: No such process
&
I am getting this error while running opnvpn client

Wed Apr 26 23:20:31 2006 us=69452 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Wed Apr 26 23:20:36 2006 us=966358 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 26 23:20:36 2006 us=970083 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Apr 26 23:20:36 2006 us=971579 Exiting

[RvLardin]

We use OpenVPN in bridge mode on several servers (to have a correct use of Asterisk@home, for example).

You can find our how-to on : sme.firewall-services.com
It is heavely based on swert's one, with just some little change to have a 'br0' iface ...

enjoy.

Promise, next version of this how-to will use templates for the conf files.


RV.

[groutley]

When I start the openvpn service at server I get the following error

Starting openvpn: SIOCDELRT: No such process
&
I am getting this error while running opnvpn client

Wed Apr 26 23:20:31 2006 us=69452 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Wed Apr 26 23:20:36 2006 us=966358 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 26 23:20:36 2006 us=970083 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Apr 26 23:20:36 2006 us=971579 Exiting

I had exactly the same problem..
I resolved the client side issue, by defining the 'client.crt' correctly.
i.e.  I noticed that my 'client.crt' had 0 byte size.
Something was going wrong in the Build..
It was me !  I can't read !
An easily overlooked instruction in the swert's howto  is:
"Use "Client" as "Common Name" and "VPN" for "Organizational Unit
Name"."