[TriLUG] OpenVPN bridge-mode question
Brian Henning
brian at strutmasters.com
Wed Jun 21 09:18:02 EDT 2006
Hiya Gang,
Yous guys have been tremendously helpful (just like always) with my
recent other inquiries, so I thought I might try my luck with this one
too. (I posted it to openvpn-users a few days ago, and no one ventured
a reply)
I have a machine running OpenVPN that has two NICs in it. For
argument's sake, we'll say eth0 connects to a LAN with a 192.168.10.0/24
subnet, and eth1 connects to a separate LAN with a 192.168.20.0/24
subnet. Both subnets have their own public gateways, on different ISPs.
All of the servers I need to reach reside on .10.0/24.
OpenVPN is configured to bind to all addresses (0.0.0.0) and hand out
addresses in the 192.168.10.200 - .240 range.
If I configure my bridge device (br0) to bridge my tap device (tap0) to
the NIC on .10.0/24 (eth0), and bring inbound VPN connections in on the
same interface (via the gateway on .10), everything works as expected.
However...
If I bring an inbound VPN connection via the NIC on .20.0/24 (eth1) with
everything else above being the same, VPN negotiation never finishes and
the OpenVPN server logs get a bunch of "no route to host" messages.
My understanding of routing is still pretty cloudy at best.. and I have
some vague instinct that "this makes sense, really" but can't clear it
up in my mind. I really need to make this work, though; I need VPN
traffic itself to move in and out through eth1, but have it able to
communicate with the subnet on eth0. I also want to stick with
bridging, if at all possible.
Hopefully my verbal description is clear enough.. I'll sketch out a
picture of the layout if necessary.
Thanks in advance!
~Brian
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list