Re: openvpn server bridge.

music wrote:
music wrote:

Tauno Voipio wrote:

music wrote:


Server vpn is in dmz controlled by a netscreen 204 firewall.
Client has an adsl internet connection.
Netscreen firewall opens upd 1194 in input while output is all open.
Client has no firewall rules.
I see that, when I try to ping server to client or client to server, there are many arp requests without answer.
Sorry for my bad english.
If you need more information ask me, thank you.



A VPN is a connection of two private networks using
a public IP connection to transport the packets. To
do this, we need two IP addresses at each end of the
connection (called a tunnel): one to use the public
Internet (tunnel outside address) and another for the
private network data (tunnel inside address).

OpenVPN provides two different ways of transferring
internal network data: routing IP packets (using tun0)
or bridging link-level (Ethernet) frames (using tap0).

In your case, the inside ends of the tunnel seem to
be set up for transporting link-level (Ethernet)
frames to bridge the internal network segments
together. I do not see the necessary outside
interfaces and their addresses (for UDP port 1194)
in the setup you posted.


Do you mean the public ip?
For client side I have an adsl internet connection with dinamic public ip.
For server side the public ip is 82.85.10.18 and the netscreen firewall makes a nat between 172.16.14.14 and the public ip to allow connections from/to internet.


My vpn server has only one nic, the public ip is a NAT of the private ip.
May be a problem?

Yes - for connecting the tunnel ends together, you need
to port forward the UDP port of the public IP to the server,
and configure your client VPN to connect to the server's
public IP.

It is not a good idea to bridge the VPN segments in a setup
like this - the routing at the server may be impossible to
set up properly. Probably you should have another private
subnet for the tunnel inside addresses.

--

-Tauno Voipio
tauno voipio (at) iki fi


.

Relevant Pages

  • Re: Need help with VPN
    ... The VPN client will typically *only* speak to ... However, I can't access the internet while vpn'd in, I ... >>>The server Internal IP address appears to be 192.168.0.99 ... >>>Ethernet adapter Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW Disconnecting
    ... I have been connected from a remote site for about 3 ... DHCP server and even a wireless access ... the key codes to for Internet access. ... Client Workstations} ...
    (microsoft.public.windows.server.sbs)
  • Remote TS disconnect issues...
    ... We are using a mix of XP and Win98 machines running the RDP 5.2 client to ... to do with the server as the TS doesn't know who is ... They also report that their own internet connection remains active through ...
    (microsoft.public.win2000.termserv.clients)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: RWW Disconnecting
    ... Server to test the issue. ... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ...
    (microsoft.public.windows.server.sbs)