Re: bridge with tap - trying to set up openvpn server

To: "Manuel Bouyer" <bouyer%antioche.eu.org@localhost>
Subject: Re: bridge with tap - trying to set up openvpn server
From: yancm%sdf.lonestar.org@localhost
Date: Tue, 5 Apr 2011 08:00:17 -0400

> On Mon, Apr 04, 2011 at 08:42:18PM -0400, yancm%sdf.lonestar.org@localhost 
> wrote:
>> But I get the same result, if I add wm1 to bridge0, I loose wm1
>> connectivity.
>
> Hum. How long did you wait after adding wm1 to bridge0 ?

Just for good measure I just gave it 5 minutes. It never came back.

> Adding an interface to a bridge cause it to be switched to
> promiscous mode.

This I can confirm. I captured an ifconfig wm1 on the console
after I added it to bridge0:
wm1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,
                SIMPLEX,MULTICAST> mtu 1500
        address: 00:1b:21:95:00:1a
        media: Ethernet autoselect (1000baseT
               full-duplex,flowcontrol,rxpause,txpause)
        status: active
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255

Once I delete it from bridge0 I have:
wm1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:1b:21:95:00:1a
        media: Ethernet autoselect (1000baseT
               full-duplex,flowcontrol,rxpause,txpause)
        status: active
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255


> On some interfaces (and wm has been one of them until recently, it's
> possible you're in this case), switching to promisc cause the
> link to be down/up, which cause a spanning tree renegotiation on
> the other end if STP is enabled. While the spanning tree renegotiation
> is taking place no traffic is switched on this link, and the
> negotiation can take some time (it's usually 30s in my case).

Based on the forgoing, I attempted to disable stp on bridge0/wm1 via:
brconfig bridge0 -stp wm1

This had no noticeable effect (this was after the 5 minute wait)...

> I have, in the exact setup you describe. It worked for me without
> problems.

That at least gives me hope. I'm kinda fumbling around on this...
were you running NetBSD5? or a --current?

Could I have something munged in the kernel config?

Do I need to do something in ipf (more than I have already done)?

Suggestions for further diagnostics?

Thanks,
gene

Follow-Ups:
- Re: bridge with tap - trying to set up openvpn server
  - From: David Young
- Re: bridge with tap - trying to set up openvpn server
  - From: Manuel Bouyer

References:
- bridge with tap - trying to set up openvpn server
  - From: yancm
- Re: bridge with tap - trying to set up openvpn server
  - From: Manuel Bouyer
- Re: bridge with tap - trying to set up openvpn server
  - From: yancm
- Re: bridge with tap - trying to set up openvpn server
  - From: Manuel Bouyer

Prev by Date: Re: bridge with tap - trying to set up openvpn server
Next by Date: Re: bridge with tap - trying to set up openvpn server
Previous by Thread: Re: bridge with tap - trying to set up openvpn server
Next by Thread: Re: bridge with tap - trying to set up openvpn server
Indexes:

Home | Main Index | Thread Index | Old Index