Menu
▾
▴
Re: [Openvpn-users] Routed VPN cannot connect to bridge on same host
|
From: Schley A. K. <sa...@gm...> - 2009-12-10 14:08:15
|
Jan, The KVM guests are on the 192.168.0.0/24 network (the first and only guest has 192.168.0.50). From the VPN client I can ping EVERY IP address in my home network, including those on the VPN server (the KVM host), JUST NOT the Guest IPs. From the KVM Guests I can ping every IP in my home network except the VPN client IPs (on the 192.168.1.0/24) network. The LAN gateway (my DD-WRT router) does not have a route for 192.168.1.0/24 -- it's never needed one. Everything works fine except for the KVM Guest<-->VPN Client connectivity. Oh, and I have no IP tables enabled. Do you think I need to make br0 and tun0 aware of each other through FORWARDing rules? It's the weirdest thing. KVM guests work PERFECTLY. VPN clients work PERFECTLY. The only problem is that the VPN clients cannot see the KVM guests and vice versa. Both of them see everyone/everything else just fine. -- -a "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." --Einstein On Dec 10, 2009, at 4:46 AM, Jan Just Keijser wrote: > Hi, > > Schley Andrew Kutz wrote: >> Hi everyone. I'm having a problem, and I hope you can help. I've got a fairly basic, routed, OpenVPN configuration, and it works perfectly -- I can access my home network remotely and all of the devices on it. My home network is 192.168.0.0/24 and my VPN network is 192.168.1.0/24 However, I've recently set up my home server (which runs my OpenVPN server) as a KVM server as well. I'm using bridging to connect the KVM guests to my home network (and the internet). The bridging for KVM works fine -- my guests can see my network and the world, and hosts on my network can see the guests. However, I cannot see my KVM guests when I connect to my home network via VPN. I'm sure it has to do with the fact that I'm coming in via OpenVPN onto the same box that has the bridge on it. I'm at home now and can access my KVM guests just fine from my laptop over my wireless network... >> >> > Which IPs are assigned to the KVM guests? > Can you ping all interfaces on the vpn server from the client, i.e. 192.168.0.2,3,5 ? > Make sure there are no firewalls/iptables rules blocking forwarding between tun+ , br+ and/or ethX > Does the LAN gateway (192.168.0.1) have a route for network 192.168.1.0/24 pointing back at the VPN server? > > If this is set up correctly I'd run tcpdump on eth0 and ping a KVM guest from the client - follow the flow of the packets. > > HTH, > > JJK > >> I'm running Ubuntu 9.10 server. My /etc/network/interfaces is: >> >> # This file describes the network interfaces available on your system >> # and how to activate them. For more information, see interfaces(5). >> >> # The loopback network interface >> auto lo >> iface lo inet loopback >> >> # The primary network interface >> auto eth0 >> iface eth0 inet static >> address 192.168.0.2 >> netmask 255.255.255.0 >> network 192.168.0.0 >> broadcast 192.168.0.255 >> gateway 192.168.0.1 >> # dns-* options are implemented by the resolvconf package, if installed >> dns-nameservers 192.168.0.1 >> dns-search lostcreations.local >> >> auto eth1 >> iface eth1 inet static >> address 192.168.0.5 >> netmask 255.255.255.0 >> network 192.168.0.0 >> >> auto br0 >> iface br0 inet static >> address 192.168.0.3 >> netmask 255.255.255.0 >> network 192.168.0.0 >> bridge_ports eth2 >> bridge_fd 0 >> bridge_maxwait 0 >> bridge_stp off >> >> >> >> >> My ifconfig output is: >> >> br0 Link encap:Ethernet HWaddr 00:22:3f:f4:c9:f2 inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:3927 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 RX bytes:515380 (515.3 KB) TX bytes:0 (0.0 B) >> >> eth0 Link encap:Ethernet HWaddr 00:0e:a6:f4:ec:4e inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:4842 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:1877 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 RX bytes:539832 (539.8 KB) TX bytes:346829 (346.8 KB) >> Interrupt:16 >> eth1 Link encap:Ethernet HWaddr 00:0e:a6:f4:ea:58 inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0 >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:2241 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 RX bytes:301819 (301.8 KB) TX bytes:0 (0.0 B) >> Interrupt:17 >> eth2 Link encap:Ethernet HWaddr 00:22:3f:f4:c9:f2 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:6466 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:1232 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 RX bytes:798340 (798.3 KB) TX bytes:176003 (176.0 KB) >> Interrupt:20 Base address:0x8c00 >> lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 >> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> RX packets:113 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:113 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 RX bytes:9468 (9.4 KB) TX bytes:9468 (9.4 KB) >> >> tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.1.1 P-t-P:192.168.1.2 Mask:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) >> >> vnet0 Link encap:Ethernet HWaddr fa:ed:79:c7:5c:4f UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:1210 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:6403 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:500 RX bytes:174551 (174.5 KB) TX bytes:786517 (786.5 KB) >> >> Please note that vnet0 - vnetX-1 is created for each KVM guest that is connected to a bridged network. >> >> > |
