05.09.2021 16:31, Andrei пишет:
> Hello,
>
> I am trying to setup an OpenVPN server on OpenBSD 6.9 that's bridged to my LAN.
> The topology looks like this: 10.70.0.1 (gateway) ----- 10.70.0.118 (server, on em1).
>
> I've set-up the em1 interface as DHCP and it get's the expected address. Next up I
> created a tap0 and bridge0 devices like this:
>
> ifconfig tap0 create
> ifconfig bridge0 create
> ifconfig bridge0 add em1
> ifconfig bridge0 add tap0
>
> The ifconfig output looks like this now:
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
> index 4 priority 0 llprio 3
> groups: lo
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> inet 127.0.0.1 netmask 0xff000000
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0c:29:0f:74:62
> index 1 priority 0 llprio 3
> groups: egress
> media: Ethernet autoselect (1000baseT full-duplex,master)
> status: active
> inet 10.20.0.108 netmask 0xffffff00 broadcast 10.20.0.255
> em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:0c:29:0f:74:6c
> index 2 priority 0 llprio 3
> media: Ethernet autoselect (1000baseT full-duplex,master)
> status: active
> inet 10.70.0.118 netmask 0xffffff00 broadcast 10.70.0.255
> enc0: flags=0<>
> index 3 priority 0 llprio 3
> groups: enc
> status: active
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
> index 5 priority 0 llprio 3
> groups: pflog
> tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> lladdr fe:e1:ba:d0:6a:1c
> index 6 priority 0 llprio 3
> groups: tap
> status: no carrier
> bridge0: flags=0<>
> index 7 llprio 3
> groups: bridge
> priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
> em1 flags=3<LEARNING,DISCOVER>
> port 2 ifpriority 0 ifcost 0
> tap0 flags=3<LEARNING,DISCOVER>
> port 6 ifpriority 0 ifcost 0
>
> In my OpenVPN config I have:
>
> port 1194
> proto udp
> dev tap0
> dev-type tap
> ca /etc/openvpn/ca.crt
> cert /etc/openvpn/vpnserver.crt
> key /etc/openvpn/vpnserver.key
> dh /etc/openvpn/dh.pem
> tls-server
> tls-auth /etc/openvpn/vpn-ta.key 0
> push "route 10.70.0.0 255.255.255.0 10.70.0.1"
> cipher AES-256-CBC
> comp-lzo
> ping-timer-rem
> keepalive 10 60
> user _openvpn
> group _openvpn
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
> explicit-exit-notify 1
>
> And the client has:
>
> client
> dev tap
> proto udp
> remote example.com 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> remote-cert-tls server
> cipher AES-256-CBC
> comp-lzo
> verb 3
>
> The client connects OK, but it never gets a DHCP address from the router that's in
> charge for 10.70.0.0/24 and running the DHCP server.
>
> Is the issue in my OpenBSD configuration, OpenVPN, or on my router? I'm having
> trouble debugging this...
>
> Thank you,
> Andrei
>
I've should correct myself in last message. You actually may try to
proxy dhcp answers to vpn, adding option
server-bridge
to server config without pool definition. Please respond if it works.
I'm really curious about it.
I use similar configuration, but with manual pool definition in
server-bridge
No comments:
Post a Comment