On Sat, Nov 24, 2012 at 01:29:20PM -0800, Marc Chamberlin wrote:
On 11/24/2012 9:48 AM, Lars Müller wrote:
On Fri, Nov 23, 2012 at 10:01:03PM -0800, Marc Chamberlin wrote:
From what I can grok about setting up and running an openvpn server, because I want to allow a Windoz client to connect to the server, I need to set up a tap and br interface and set up an ethernet bridge. I have a few questions which I don't seem to be finding answers for -
1. openvpn supplies a sample script for creating the tap and br interfaces. I know I need to modify it and run the bridge-start script before starting up the openvpn server. Also the bridge-stop script when shutting down the openvpn service. But where and how is this script incorporated into the boot up/server start up processes if I want the openvpn server to run as an automatic service? I don't see anything that references it in the /etc/openvpn/server.conf file or in the /etc/rc.d/openvpn file. That's not required.
Either use the YaST System Services (runlevel) module and enable the openvpn service or use on the command line
chkconfig -a openvpn Thanks Lars for your reply, but my confusion is growing! If the bridge-start script is no longer required to set up the tap0 interface, then how is it to done in openSuSE? It's all handled by the network service scripts. Since a long time. That's nothing new. Please read the man page of ifcfg-bridge
Nothing more is required. Lars - I have read the man page for ifcfg-bridge, but I am afraid it is insufficient in helping me to understand how it works and how I need to apply it to setting up a bridge interface for openVPN. For example, which ports do I actually bridge and list in the BRIDGE_PORTS variable? tap0? eth1? both? (eth1 is the name of the interface to my interior network, eth0 is the name of the interface to my exterior (internet) network. I have been fooling around with all the combinations but so far no joy in getting openVPN to work as I would expect.. That probably means I have something else wrong, but I need to know how to configure
On 11/25/2012 5:50 AM, Lars Müller wrote: this variable as a starting point in order to be able to move on to figure out what else I am doing wrong.. The openVPN website, and man pages for openvpn all describe one model for setting up openvpn, and use the scripts that I mentioned previously. I cannot find a description of the model that openSuSE is using, which is apparently some kind of a wrapper to try and make it easier to configure. That is fine, but without a description of what is really going on, how the openSuSE way of configuring openvpn and its interfaces maps to how openvpn is telling us to do it, makes it difficult for an outsider to understand how to use the openSuSE tools, methods, and model. So, my feeling about the man page for ifcfg-bridge is that it is very abbreviated and requires a deep understanding of the openSuSE network setup model which I don't have. Worse, the man page for ifcfg-bridge refers to a non-existent website - http://linux-net.osdl.org/index.php.Bridge for further information, and there is nothing that I can find in the openSuSE documentation wiki's that describe how to set up openvpn either. I have also studied the documentation included in /usr/share/doc/packages/openvpn and found nothing helpful there, in particular the document that I would expect to contain information on how to set up openvpn under openSuSE - README.SUSE contains a ridiculously small amount of near useless information. The openvpn man pages and documentation are apparently non-applicable so that just make it all the more confusing! I have also tried to read the man page on brctl, again it is proving to be inadequate in helping me to grok all this..
And doesn't this script need to be run each time the server computer is rebootedl in order to keep the tap0 and br0 interfaces persistent across reboots? As soon as you create a bridged device configuration and this device is in start mode
STARTMODE="auto"
all is done for you. This also is persistent across reboots.
And yes, I plan to enable the openvpn service in the YaST Runlevel module, but I don't fully grok how the tap0 and br0 interfaces are to be defined..... No additional define is required.
OK, this part I understand... The scripts will manage automagically to create (once defined) and start up the various interfaces....
2. Within the bridge-start script there is a parameter called eth_ip that wants to be set to some IP address. Is this the IP address of the NIC that interfaces my server to my internal LAN? I never needed to tweak with this parameter. I would start with the ifcfg-bridge(5) man page instead.
My very basic /etc/sysconfig/network/ifcfg-br0 has:
BOOTPROTO='dhcp4' BRIDGE='yes' BRIDGE_FORWARDDELAY='0' BRIDGE_PORTS='eth0' BRIDGE_STP='off' STARTMODE='onboot' NAME='Intel Ethernet controller' I think I understand that this is how to create the br0 bridge interface manually. Either with an editor or you do it via YaST. If you go via YaST you'll see as the result a file named like /etc/sysconfig/network/ifcfg-br0
Yes, I have discovered (wasn't obvious!) that YaST has the ability to configure the tap0 and br0 interfaces, but I still do not know how to set up the br0 bridge, either manually or through YaST. Creating the tap0 interface seems pretty straightforward, but what do I have to do to tie eth1 and tap0 together in this br0 interface? Or DO I tie them together here? Again, understanding exactly what has to be bridged, where, and how is not explained in any of the places that I have looked. In your example above, you refer to eth0 being bridged (I am assuming that is equivalent to my eth1 internal network interface) but I don't see any reference to the tap0 interface that the openvpn documentation is telling me is required also. Additionally, using YaST to set up my bridge interface - br0 - has brought up a new bit of confusion. If I check my eth1 interface as being one of the devices that I want bridge, I get a popup error telling me "At least one selected device is already configured. Adapt the configuration for bridge (IP address 0.0.0.0/32)?" and I have no option but to let it do so. And when I do, the IP address I had and want statically assigned to eth1 (in my case 192.168.10.100) gets removed and replaced with 0.0.0.0/32. This does NOT make any sense to me and it seems like changing the address of my eth1 interface will screw up my internal network since that is the gateway address all the other devices on my network will be looking for. I am guessing that, in the list of Bridged Devices for br0, I want to check both the tap0 and eth1 devices to be bridged? That intuitively seems to be where I can tie these two interfaces together, but I don't see you doing that in your example nor do I find any example/document telling me this is what to do.... Lastly, since I am setting up the openvpn connection on my server/gateway system (where I am also running a dhcp server) I am guessing I want to also assign the same static IP address (as I assigned to eth1) of 192.168.10.100 to the bridge (br0) interface, and set the BOOTPROTO variable to 'static'?
Good luck! Lars Thanks I need it! And again thanks for taking some time to help me... Marc..
-- "The Truth is out there" - Spooky -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org