NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bridge with tap - trying to set up openvpn server



I'm running on i386, NetBSD 5_Stable branch.

I'm trying to set up an openvpn server on my home network
(<10 vpn devices).

I am wanting to use bridged mode because I want the vpn
connections to see the internal network resources.

My internal network was 192.168.1.0/24 (main server/gateway/
NAT/DHCP/firewall/DNS is on 192.168.1.1).

I have recompiled the kernel with bridging support.

The internal interface, wm1, was specified with 192.168.1.1
netmask 255.255.255.0.

To allow some of this subnet for the tap0 interface, I changed
the wm1 netmask to 255.255.255.128. I set up the tap0 interface
to 192.168.1.193 netmask 255.255.255.192.

With this setup the internal network operates fine before I try
to turn on bridging.

Next I added the following to my ipf.conf:
# Let bridge run free
pass out quick on bridge0
pass in quick on bridge0

# Let tap interface loose also
pass in quick on tap0
pass out quick on tap0

Now I try to set up bridging"
brconfig create bridge0
brconfig bridge0 add wm1 add tap0 up

But then my local network, on wm1, seizes and all I can do is
go to the console and remove wm1 from the bridge to get things
up again.

Here is the (reduced) output of ifconfig:
wm1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        status: active
        inet 192.168.1.1 netmask 0xffffff80 broadcast 192.168.1.127
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.193 netmask 0xffffffc0 broadcast 192.168.1.255
bridge0: flags=41<UP,RUNNING> mtu 1500

and brconfig (after I removed wm1 - it was in there also from console):
bridge0: flags=41<UP,RUNNING>
        Configuration:
                priority 32768 hellotime 2 fwddelay 15 maxage 20
                ipfilter disabled flags 0x0
        Interfaces:
                tap0 flags=3<LEARNING,DISCOVER>
                        port 4 priority 128
        Address cache (max cache: 100, timeout: 1200):

I've tried looking at the man pages, guides and openvpn help and
resorted to google searches. Either direct suggestions or further
reading suggestions are very welcome.







Home | Main Index | Thread Index | Old Index