05.09.2021 16:31, Andrei пишет:
Hello,
I am trying to setup an OpenVPN server on OpenBSD 6.9 that's bridged to my LAN.
The topology looks like this: 10.70.0.1 (gateway) ----- 10.70.0.118 (server, on
em1).
I've set-up the em1 interface as DHCP and it get's the expected address. Next
up I
created a tap0 and bridge0 devices like this:
ifconfig tap0 create
ifconfig bridge0 create
ifconfig bridge0 add em1
ifconfig bridge0 add tap0
The ifconfig output looks like this now:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0c:29:0f:74:62
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 10.20.0.108 netmask 0xffffff00 broadcast 10.20.0.255
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu
1500
lladdr 00:0c:29:0f:74:6c
index 2 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 10.70.0.118 netmask 0xffffff00 broadcast 10.70.0.255
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 5 priority 0 llprio 3
groups: pflog
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:6a:1c
index 6 priority 0 llprio 3
groups: tap
status: no carrier
bridge0: flags=0<>
index 7 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
em1 flags=3<LEARNING,DISCOVER>
port 2 ifpriority 0 ifcost 0
tap0 flags=3<LEARNING,DISCOVER>
port 6 ifpriority 0 ifcost 0
In my OpenVPN config I have:
port 1194
proto udp
dev tap0
dev-type tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpnserver.crt
key /etc/openvpn/vpnserver.key
dh /etc/openvpn/dh.pem
tls-server
tls-auth /etc/openvpn/vpn-ta.key 0
push "route 10.70.0.0 255.255.255.0 10.70.0.1"
cipher AES-256-CBC
comp-lzo
ping-timer-rem
keepalive 10 60
user _openvpn
group _openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
And the client has:
client
dev tap
proto udp
remote example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
The client connects OK, but it never gets a DHCP address from the router that's
in
charge for 10.70.0.0/24 and running the DHCP server.
Is the issue in my OpenBSD configuration, OpenVPN, or on my router? I'm having
trouble debugging this...
Thank you,
Andrei
I've should correct myself in last message. You actually may try to
proxy dhcp answers to vpn, adding option
server-bridge
to server config without pool definition. Please respond if it works.
I'm really curious about it.
I use similar configuration, but with manual pool definition in
server-bridge
