Bridging OpenVPN and LAN

Sun, 05 Sep 2021 10:32:48 -0700 

Hello,

I am trying to setup an OpenVPN server on OpenBSD 6.9 that's bridged to my LAN.
The topology looks like this: 10.70.0.1 (gateway) ----- 10.70.0.118 (server, on 
em1).

I've set-up the em1 interface as DHCP and it get's the expected address. Next 
up I
created a tap0 and bridge0 devices like this:

ifconfig tap0 create
ifconfig bridge0 create
ifconfig bridge0 add em1
ifconfig bridge0 add tap0

The ifconfig output looks like this now:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
        index 4 priority 0 llprio 3
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0c:29:0f:74:62
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex,master)
        status: active
        inet 10.20.0.108 netmask 0xffffff00 broadcast 10.20.0.255
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 
1500
        lladdr 00:0c:29:0f:74:6c
        index 2 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex,master)
        status: active
        inet 10.70.0.118 netmask 0xffffff00 broadcast 10.70.0.255
enc0: flags=0<>
        index 3 priority 0 llprio 3
        groups: enc
        status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
        index 5 priority 0 llprio 3
        groups: pflog
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr fe:e1:ba:d0:6a:1c
        index 6 priority 0 llprio 3
        groups: tap
        status: no carrier
bridge0: flags=0<>
        index 7 llprio 3
        groups: bridge
        priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
        em1 flags=3<LEARNING,DISCOVER>
                port 2 ifpriority 0 ifcost 0
        tap0 flags=3<LEARNING,DISCOVER>
                port 6 ifpriority 0 ifcost 0

In my OpenVPN config I have:

port 1194
proto udp
dev tap0
dev-type tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpnserver.crt
key /etc/openvpn/vpnserver.key
dh /etc/openvpn/dh.pem
tls-server
tls-auth /etc/openvpn/vpn-ta.key 0
push "route 10.70.0.0 255.255.255.0 10.70.0.1"
cipher AES-256-CBC
comp-lzo
ping-timer-rem
keepalive 10 60
user _openvpn
group _openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

And the client has:

client
dev tap
proto udp
remote example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3

The client connects OK, but it never gets a DHCP address from the router that's 
in
charge for 10.70.0.0/24 and running the DHCP server.

Is the issue in my OpenBSD configuration, OpenVPN, or on my router? I'm having
trouble debugging this...

Thank you,
Andrei

Reply via email to