Josh, I owe you a beer! That's the *key* piece I was missing:
setup the default gateway, since it gets lost when eth0 is deconfigured (this step I had to add myself, since it is not mentioned in the ethernet bridging howto): > route add default gw $gw I've set this up on my laptop at home and it works. Now to implement in production. However, I think I'll go onsite, just to be safe. ;) Thanks for your help! -- Paul @ Thy Service > You can assign an IP to a bridge interface in linux, this makes it not > exactly a bridge, but its what I did to get bridge mode working with > OpenVPN with a single NIC. > > I wrote up a nice HOWTO and stuck in on the OpenVPN wiki, but their > wiki has now been down for months. You can get my (hard to read) > notes here: > > http://vickeryj.freeshell.org/notes/ > > In short, I brought up the tap device like so: > >> openvpn --mktun --dev tap0 > > and bridge it with the ethernet device like this: > >> brctl addbr br0 >> brctl addif br0 eth0 >> brctl addif br0 tap0 > > then stick everything in promiscuous mode: > >> ifconfig tap0 0.0.0.0 promisc up >> ifconfig eth0 0.0.0.0 promisc up > > then assign the ip that eth0 used to have to the bridge device (this > might be what is missing if you are loosing network connectivity to > the box): > >> ifconfig br0 $eth_ip netmask $eth_netmask broadcast $eth_broadcast > > setup the default gateway, since it gets lost when eth0 is > deconfigured (this step I had to add myself, since it is not mentioned > in the ethernet bridging howto): >> route add default gw $gw > > if you want to do this remotely, all those lines need to be in a > script, as you will lose network connectivity to the box until the > last ifconfig line is run. > > Josh > > On 11/18/05, Paul G. Szabady <[EMAIL PROTECTED]> wrote: >> Jim, >> >> Done that, but note, I'm not even at the point of connecting a client >> yet. >> >> -- >> Paul >> @ Thy Service >> >> > make sure source and destination IP addresses are *not* on the same >> > network address. >> > >> > regards, >> > >> > jim >> > >> > Jim Ray, President >> > Neuse River Network, Inc. >> > >> > tel: 919-838-1672 x111 >> > toll free: 800-617-7652 >> > cell: 919-606-1772 >> > http://www.Neuse.Net >> > >> > Ask about our Clean Technologies. Established in the Carolinas 1997. >> > >> > >> > >> > Paul G. Szabady wrote: >> > >> >>Greetings, >> >> >> >>I am trying to set up a TAP style VPN but I'm apparently missing a key >> >>piece of information and was hoping someone could clarify this for me. >> >> >> >>I have a linux (CentOS 4.2) server w/OpenVPN (openvpn-2.1_beta7-1 >> >>installed from RPM built from src), and a windows 2000 server behind a >> >>linksys router. I need to be able to access the windows server on the >> >>local LAN from the internet, with an IP address in the same subnet as >> the >> >>windows server, hence the desire to set up using TAP/bridge mode. >> >>(Setting up TUN was easy, but didn't work as I needed it to.) The >> linux >> >>machine has a single NIC, which is why this is so confusing to me. >> When >> >> I >> >>set up OpenVPN w/TAP, I lose all network access to the linux server. >> >>Having had a "home grown linux switch" (old pc w/6 NICs running in >> bridge >> >>mode), this makes sense. I believe I have followed all the >> >>instructions/notes/suggestions from the openVPN howto as well as the >> >>Ethernet-Bridge-netfilter howto. But I'm still missing something. >> >> >> >>The big question: If I am apparently invisible to the network, how >> does >> >>one make a connection (VPN or other) to the linux server? >> >> >> >> >> >> >> > -- >> > TriLUG mailing list : >> http://www.trilug.org/mailman/listinfo/trilug >> > TriLUG Organizational FAQ : http://trilug.org/faq/ >> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ >> >> -- >> TriLUG mailing list : >> http://www.trilug.org/mailman/listinfo/trilug >> TriLUG Organizational FAQ : http://trilug.org/faq/ >> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ >> > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
