Re: [Openvpn-users] Routed VPN cannot connect to bridge on same host

[Jan J. K. <ja...@ni...>]

Hi,

Schley Andrew Kutz wrote:
> Hi everyone. I'm having a problem, and I hope you can help. I've got a fairly basic, routed, OpenVPN configuration, and it works perfectly -- I can access my home network remotely and all of the devices on it. My home network is 192.168.0.0/24 and my VPN network is 192.168.1.0/24 However, I've recently set up my home server (which runs my OpenVPN server) as a KVM server as well. I'm using bridging to connect the KVM guests to my home network (and the internet). The bridging for KVM works fine -- my guests can see my network and the world, and hosts on my network can see the guests. However, I cannot see my KVM guests when I connect to my home network via VPN. I'm sure it has to do with the fact that I'm coming in via OpenVPN onto the same box that has the bridge on it. I'm at home now and can access my KVM guests just fine from my laptop over my wireless network...
>
>   
Which IPs are assigned to the KVM guests?
Can you ping all interfaces on the vpn server from the client, i.e. 
192.168.0.2,3,5 ?
Make sure there are no firewalls/iptables rules blocking forwarding 
between tun+ , br+ and/or ethX
Does the LAN gateway (192.168.0.1) have a route for network 
192.168.1.0/24 pointing back at the VPN server?

If this is set up correctly I'd run tcpdump on eth0 and ping a KVM guest 
from the client - follow the flow of the packets.

HTH,

JJK

> I'm running Ubuntu 9.10 server. My /etc/network/interfaces is:
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> auto eth0
> iface eth0 inet static
>         address 192.168.0.2
>         netmask 255.255.255.0
>         network 192.168.0.0
>         broadcast 192.168.0.255
>         gateway 192.168.0.1
>         # dns-* options are implemented by the resolvconf package, if installed
>         dns-nameservers 192.168.0.1
>         dns-search lostcreations.local
>
> auto eth1
> iface eth1 inet static
>         address 192.168.0.5
>         netmask 255.255.255.0
>         network 192.168.0.0
>
> auto br0
> iface br0 inet static
>         address 192.168.0.3
>         netmask 255.255.255.0
>         network 192.168.0.0
>         bridge_ports eth2
>         bridge_fd 0
>         bridge_maxwait 0
>         bridge_stp off
>
>
>
>
> My ifconfig output is:
>
> br0       Link encap:Ethernet  HWaddr 00:22:3f:f4:c9:f2  
>           inet addr:192.168.0.3  Bcast:192.168.0.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:3927 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:515380 (515.3 KB)  TX bytes:0 (0.0 B)
>
> eth0      Link encap:Ethernet  HWaddr 00:0e:a6:f4:ec:4e  
>           inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:4842 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1877 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:539832 (539.8 KB)  TX bytes:346829 (346.8 KB)
>           Interrupt:16 
>
> eth1      Link encap:Ethernet  HWaddr 00:0e:a6:f4:ea:58  
>           inet addr:192.168.0.5  Bcast:192.168.0.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:2241 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:301819 (301.8 KB)  TX bytes:0 (0.0 B)
>           Interrupt:17 
>
> eth2      Link encap:Ethernet  HWaddr 00:22:3f:f4:c9:f2  
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:6466 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1232 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:798340 (798.3 KB)  TX bytes:176003 (176.0 KB)
>           Interrupt:20 Base address:0x8c00 
>
> lo        Link encap:Local Loopback  
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:113 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:9468 (9.4 KB)  TX bytes:9468 (9.4 KB)
>
> tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
>           inet addr:192.168.1.1  P-t-P:192.168.1.2  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100 
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> vnet0     Link encap:Ethernet  HWaddr fa:ed:79:c7:5c:4f  
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:1210 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:6403 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:500 
>           RX bytes:174551 (174.5 KB)  TX bytes:786517 (786.5 KB)
>
> Please note that vnet0 - vnetX-1 is created for each KVM guest that is connected to a bridged network.
>
>