What does this OpenVPN message mean?

Discussion in 'Tomato Firmware' started by fyellin, Dec 6, 2008.

  1. fyellin

    fyellin LI Guru Member

    I've noticed that OpenVPN, when starting, now writes the following to the log:

    English is my native language, and I'm fairly network savvy, but I still have no idea what this cryptic message is trying to tell me. Could someone translate?

  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You can safely ignore this message. It is directed at people who would be creating a new bridge device to set up their TAP VPN. For us, however, the LAN adapter is already a member of an existing bridge, and we just add the VPN adapter to the existing bridge (br0).

    If this were not the case, adding the LAN adapter to the bridge would lose all of the settings (IP address, etc) that were attributed to it, and you would have to manually configure the bridge to the desired address.

    But, again, this isn't applicable to our situation.
  3. fyellin

    fyellin LI Guru Member

    Okay. This (maybe) explains why the option
    management localhost 7505
    works, but the option
    management tunnel 7505
    doesn't seem to do anything. The former lets you telnet to "localhost", but only from the router itself. The latter lets you telnet to the IP of the tap from anywhere on the VPN, but the tap isn't assigned an IP address.

    (This isn't a bug report. Don't fix anything. I was just playing around with the management port because I wanted to see the effect of various verbosities.)
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The TAP adapter should be addressable at the IP address of the bridge (the router's LAN IP), so I don't think that would be an issue. However, if connecting to the management interface (I've never used it so I don't know) is limited to IPs on the VPN, it will only be accessible to the server router and any direct clients (if you are doing a site-to-site, only the endpoint routers - not the attached LAN devices). However, if you are connecting a PC to the VPN directly (no site-to-site), I would expect it to be able to use the management interface.
