Re: [CentOS] openvpn + bridge utils in CentOS 6
hmmm, it should be the exact problem i got, thank you very much. On Tue, Nov 8, 2011 at 10:30 PM, Минтаиров Михаил mikxal...@yandex.ruwrote: This situation with pings is really strange...But in my case the solution was much easier . CentOS 6 was installed on VmWare virtual machine and the problem was in it network device configuration. The most hardly thing was to guess to that. After this I quickly found a solution: http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/ So, to my experience, the CentOS(or RedHat) work correctly, and may be you should try to look for errors in somewhere else (as in my case it was VmWare configuration). Hello, I did not have read this issue before, but I have seen this problem also. Whenever I restart the bridge (with tap0 interfaces also) I have to make a first ping to the physical interface related to the tap0 module. I also ping another machine on the same physical network. After that, I am able to reach the bridged one. Extrange behaviour but this works for me in this way now. I look forward RedHat fixed this bug soon. El 07/11/11 06:39, 唐建伟 escribió: thank you very much for your follow up. wish to get good news from you soon. On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаилmikxal...@yandex.ru wrote: 28.09.2011, 04:58, 唐建伟myh...@gmail.com: Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions? I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets. tcpdump on all devices (tap0, eth1, br0) give me the same: 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts// and no APR REPLY. Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly. no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: I can't remember a reason, but at one moment I stop to use openvpn --mktun --dev [dev name] command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br=br0 # Define list of TAP interfaces to be bridged, # for example tap=tap0 tap1 tap2. tap=tap0 # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth=eth1 eth_ip=192.168.119.1 eth_netmask=255.255.255.0 eth_broadcast=192.168.119.255 for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands? 27.09.2011, 12:01, 唐建伟myh...@gmail.com: Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, 唐建伟myh...@gmail.com: Hi the routing table in the remote hosts are OK. tcpdump -n -i [device
Re: [CentOS] openvpn + bridge utils in CentOS 6
thank you very much for your follow up. wish to get good news from you soon. On Sat, Nov 5, 2011 at 12:26 AM, Минтаиров Михаил mikxal...@yandex.ruwrote: 28.09.2011, 04:58, 唐建伟 myh...@gmail.com: Hello, I didn't find what to answer to you mounth ago. But now I also have an installation of centos 6 (at past I used centos 5.7) , and I have the same problems as you. First of all, did you find any solutions? I only found that the problem is in br0 device. I can't guess why but it not recive ARP REPLY packets. tcpdump on all devices (tap0, eth1, br0) give me the same: 20:12:22.012270 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:23.027897 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 20:12:24.027951 ARP, Request who-has 192.168.11.3 tell 192.168.11.33, length 28 //192.158.11.33 is remoute PC ip-address, and 192.168.11.3 is one of my local hosts// and no APR REPLY. Intresting that on other hand I have the same configs files on Centos 5.7. and everything work perfectly. no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: I can't remember a reason, but at one moment I stop to use openvpn --mktun --dev [dev name] command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br=br0 # Define list of TAP interfaces to be bridged, # for example tap=tap0 tap1 tap2. tap=tap0 # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth=eth1 eth_ip=192.168.119.1 eth_netmask=255.255.255.0 eth_broadcast=192.168.119.255 for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands? 27.09.2011, 12:01, 唐建伟 myh...@gmail.com: Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, 唐建伟 myh...@gmail.com: Hi the routing table in the remote hosts are OK. tcpdump -n -i [device name] cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: 27.09.2011, 09:52, 唐建伟 myh...@gmail.com: Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by tcpdump -n -i [device name]. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hi the routing table in the remote hosts are OK. tcpdump -n -i [device name] cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxal...@yandex.ruwrote: 27.09.2011, 09:52, 唐建伟 myh...@gmail.com: Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by tcpdump -n -i [device name]. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxal...@yandex.ruwrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, 唐建伟 myh...@gmail.com: Hi the routing table in the remote hosts are OK. tcpdump -n -i [device name] cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: 27.09.2011, 09:52, 唐建伟 myh...@gmail.com: Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by tcpdump -n -i [device name]. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br=br0 # Define list of TAP interfaces to be bridged, # for example tap=tap0 tap1 tap2. tap=tap0 # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth=eth1 eth_ip=192.168.119.1 eth_netmask=255.255.255.0 eth_broadcast=192.168.119.255 for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxal...@yandex.ruwrote: Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands? 27.09.2011, 12:01, 唐建伟 myh...@gmail.com: Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, 唐建伟 myh...@gmail.com: Hi the routing table in the remote hosts are OK. tcpdump -n -i [device name] cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: 27.09.2011, 09:52, 唐建伟 myh...@gmail.com: Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by tcpdump -n -i [device name]. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openvpn + bridge utils in CentOS 6
no, i removed the commands you mentioned, but it still doesn't work. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 6:01 PM, Минтаиров Михаил mikxal...@yandex.ruwrote: I can't remember a reason, but at one moment I stop to use openvpn --mktun --dev [dev name] command. May be it's becouse openvpn create tap0 by it self. So try to comment this lines: for t in $tap; do openvpn --mktun --dev $t done then restart a network, after then start openvpn and after it start bridge script openvpn configure file *port 1194 proto udp dev tap0 ca ca.crt cert VPN_Server.crt key VPN_Server.key # This file should be kept secret dh dh1024.pem server-bridge 192.168.119.1 255.255.255.0 192.168.119.221 192.168.119.225 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3 mute 20 * the script for bring up the bridge *# Define Bridge Interface br=br0 # Define list of TAP interfaces to be bridged, # for example tap=tap0 tap1 tap2. tap=tap0 # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth=eth1 eth_ip=192.168.119.1 eth_netmask=255.255.255.0 eth_broadcast=192.168.119.255 for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast* On Tue, Sep 27, 2011 at 5:20 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: Hm... It's very hard to guess without config files. Can you post your server and client openvpn configs... and also can your show a br0 creation commands? 27.09.2011, 12:01, 唐建伟 myh...@gmail.com: Hi no, i don't think so. anyway, i can and only can the vpn server from the remote hosts. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 3:59 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: So, something stop packets from remote hosts. May be firewall on remote PC...? and can you run tcpdump on same remote host, to check that it's tap0 device. 27.09.2011, 11:06, 唐建伟 myh...@gmail.com: Hi the routing table in the remote hosts are OK. tcpdump -n -i [device name] cannot capture any packages from remote. no mater br0 nor tap0. Best Regards Tang Jianwei On Tue, Sep 27, 2011 at 2:44 PM, Минтаиров Михаил mikxal...@yandex.ru wrote: 27.09.2011, 09:52, 唐建伟 myh...@gmail.com: Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? First of all you should check routing table of remote hosts. If everything is correct, try to monitor br0, and other devises(ethX) by tcpdump -n -i [device name]. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] openvpn + bridge utils in CentOS 6
Hi all, I just intalled openvpn + bridge in CentOS 6, but i get strange problems: the remote PCs cannot get the local PCs' MACs and also, the local PCs cannot get the remote PCs' MACs but when i run brctl showmacs br0 it will list all the MACs and also brctl show will show that all the correct adapters are in br0 SELinux disabled any ideas? -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] what is the best RPM finder?
rpmforge 在 2011-2-15 上午8:08,Larry Vaden va...@texoma.net写道: thanks/ldv ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrade adivce
Well, I also suggest you do a fresh installation. And, win7 can access the samba in centerOS. On 12/31/09, Barry Brimer li...@brimer.org wrote: I have a new client that is running a fedora 4 system. Can i upgrade that box to centos 5 with a reasonable expectation of success or should i just back it up and do it from scratch? Also will the samba version in centos 5 natively support windows 7 clients? I would strongly suggest backing it up and building a fresh CentOS 5. Red Hat doesn't encourage you to upgrade from RHEL 4 to RHEL 5, I certainly wouldn't try it from Fedora 4. I do not have any Windows 7 systems connecting to my Samba servers, so I can not help you with that. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Tang Jianwei System Administrator ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos