1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with openvpn to br1

Discussion in 'Tomato Firmware' started by kthaddock, Apr 28, 2012.

  1. kthaddock

    kthaddock Network Guru Member

    I must be a....... :eek:

    I'm trying to tied client to "TUN12" to my "Br1" with this ip-rules but no GO.
    Can you give me any hints?
    I can se IP-number on my Vpn-service but I can't brows internet.
    br0 = 192.168.2.1
    br1 = 192.168.3.1
    kthaddock
     
  2. kthaddock

    kthaddock Network Guru Member

    UP and GO
    The main issue is how to get openvpn Client 2 (tun0) to route to BR1, Vlan4.
     
  3. kthaddock

    kthaddock Network Guru Member

    Guy's rely need help with this.
    Incoming from VPN-provider on TUN12 and I get connected so client2 working.
    How to redict to BR1 vlan4 (ip:192.168.3.0 sub: 255.255.255.0)
    I'm rely lost now :rolleyes: ALL help appreciated.

    kthaddock
     
  4. waeking

    waeking Networkin' Nut Member

  5. kthaddock

    kthaddock Network Guru Member

    Okey. I will read and test. I think I need Route BR1 to TUN12. Haven't tested yet.
    Thank you
    kthaddock
     
  6. waeking

    waeking Networkin' Nut Member

    you need to add routes in the server config. ie:route 10.8.1.0 255.255.255.0. Then in the ccd file you can push routes and use iroute to tell what the client router is routing.
     
  7. lancethepants

    lancethepants Network Guru Member

    Hmm, I've actually been playing around with bridging in linux recently (playing around with tinc mesh vpn).
    This may be an alternate way to get things going. It looks like openvpn gui bridges everything to br0 by default. Reading up on the brctl, an interface can only be apart of one bridge (maybe iptables can help get around that).

    I would try to detach tun12 from br0, and attach it to br1. All my experience is with tap, but I think tun should work the same.

    If you run 'brctl show', you can see what interfaces are attached to which bridges.

    Try running the following code, and see if this works.

    Code:
    ifconfig tun12 down
    brctl delif br0 tun12
    brctl addif br1 tun12
    ifconfig tun12 0.0.0.0 promisc up
    edit 1: fixed typo in my code. Also, you will have to perform whatever routing is needed for tun like waeking was comenting, once it's moved over to br. The same routing that would have to be done just as if it was on br0.

    edit 2: The ifconfig commands may not be necesarry, try also without them too.

    edit 3: I removed a tap interface from br0, moved it to br1, and then back again. Once it was back, I was able to connect fine to devices from the interface. The following code should only be unnecessary then, but you test it out.

    Code:
    brctl delif br0 tun12
    brctl addif br1 tun12
    

    edit 4: this is edit 4 :)
     
  8. kthaddock

    kthaddock Network Guru Member

    Thank you Lancethepants and weaking !!
    I only need to connect TUN12 to my DHCP on BR1

    I will test that :D

    kthaddock
     
  9. kthaddock

    kthaddock Network Guru Member

    I have tested and I'm more confussed now, :eek:
    When I run this:
    I get
    Tun12 not show up there.
     
  10. lancethepants

    lancethepants Network Guru Member

    What happens when you run the second script, the one without the ifconfig commands?
     
  11. kthaddock

    kthaddock Network Guru Member

    Haven't tested that yet. I think it was strange that I don't se Tun12 when I "brctl show" but in logg Tun12 show up.
    Maby I have to use Client2 interface to set, TUN and UDP then program create TUN12.

    How do I config this: UDPv4 link local: [undef]

    kthaddock
     
  12. lancethepants

    lancethepants Network Guru Member

    Ah, I think it works different between tap and tun actually. Yes, tap is for bridging, with tun there isn't any bridging, it's done with routing, so I think this won't work for you.
    Probably then you need to delete a route, and add a new one. Run 'route', and paste here what you see.
     
  13. kthaddock

    kthaddock Network Guru Member

    Okey, I will post that later. Now I have traffic on that router.

    kthaddock
     
  14. kthaddock

    kthaddock Network Guru Member

    I have tested. and I get ipnumber when I start vpn-clinten. xx.xxx.192.1 is my gateway to ISP
    when connected. I can se ip-number from

    Code:
    Kernel IP routing table 
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
    10.99.0.209     *               255.255.255.255 UH    0      0        0 tun12 
    10.99.0.1       10.99.0.209     255.255.255.255 UGH   0      0        0 tun12 
    178.73.212.235  XX.XXX.192.1    255.255.255.255 UGH   0      0        0 vlan10 
    XX.XXX.192.1    *               255.255.255.255 UH    0      0        0 vlan10 
    XX.XXX.192.0    *               255.255.255.0   U     0      0        0 vlan10 
    192.168.3.0     *               255.255.255.0   U     0      0        0 br1 
    192.168.2.0     *               255.255.255.0   U     0      0        0 br0 
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo 
    default         10.99.0.209     128.0.0.0       UG    0      0        0 tun12 
    128.0.0.0       10.99.0.209     128.0.0.0       UG    0      0        0 tun12 
    default         XX.XXX.192.1    0.0.0.0         UG    0      0        0 vlan10   
    Not connected
    Code:
    Kernel IP routing table 
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
    172.19.0.1      *               255.255.255.255 UH    0      0        0 ppp4 
    XX.XXX.192.1    *               255.255.255.255 UH    0      0        0 vlan10 
    XX.XXX.192.0    *               255.255.255.0   U     0      0        0 vlan10 
    192.168.3.0     *               255.255.255.0   U     0      0        0 br1 
    192.168.2.0     *               255.255.255.0   U     0      0        0 br0 
    192.168.2.0     *               255.255.255.0   U     0      0        0 tap11 
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo 
    default         gw1.a148.priv.b 0.0.0.0         UG    0      0        0 vlan10  
     

Share This Page