05.09.2021 16:31, Andrei пишет:
Hello,I am trying to setup an OpenVPN server on OpenBSD 6.9 that's bridged to my LAN. The topology looks like this: 10.70.0.1 (gateway) ----- 10.70.0.118 (server, on em1). I've set-up the em1 interface as DHCP and it get's the expected address. Next up I created a tap0 and bridge0 devices like this: ifconfig tap0 create ifconfig bridge0 create ifconfig bridge0 add em1 ifconfig bridge0 add tap0 The ifconfig output looks like this now: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768 index 4 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0c:29:0f:74:62 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex,master) status: active inet 10.20.0.108 netmask 0xffffff00 broadcast 10.20.0.255 em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0c:29:0f:74:6c index 2 priority 0 llprio 3 media: Ethernet autoselect (1000baseT full-duplex,master) status: active inet 10.70.0.118 netmask 0xffffff00 broadcast 10.70.0.255 enc0: flags=0<> index 3 priority 0 llprio 3 groups: enc status: active pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136 index 5 priority 0 llprio 3 groups: pflog tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr fe:e1:ba:d0:6a:1c index 6 priority 0 llprio 3 groups: tap status: no carrier bridge0: flags=0<> index 7 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp em1 flags=3<LEARNING,DISCOVER> port 2 ifpriority 0 ifcost 0 tap0 flags=3<LEARNING,DISCOVER> port 6 ifpriority 0 ifcost 0 In my OpenVPN config I have: port 1194 proto udp dev tap0 dev-type tap ca /etc/openvpn/ca.crt cert /etc/openvpn/vpnserver.crt key /etc/openvpn/vpnserver.key dh /etc/openvpn/dh.pem tls-server tls-auth /etc/openvpn/vpn-ta.key 0 push "route 10.70.0.0 255.255.255.0 10.70.0.1" cipher AES-256-CBC comp-lzo ping-timer-rem keepalive 10 60 user _openvpn group _openvpn persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1
You should add ip pool for bridge in server config. like this: server-bridge 10.70.0.1 255.225.255.0 10.70.0.100 10.70.0.110 Your dhcpd will not write ip's to vpn even it is on bridge
And the client has: client dev tap proto udp remote example.com 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo verb 3 The client connects OK, but it never gets a DHCP address from the router that's in charge for 10.70.0.0/24 and running the DHCP server. Is the issue in my OpenBSD configuration, OpenVPN, or on my router? I'm having trouble debugging this... Thank you, Andrei
