Posted: Thu Jan 29, 2015 22:58 Post subject: OpenVPN Bridge assistance
I am trying to configure an openvpn bridge similar to the one discussed in the link below (using 2 Buffalo whr-300hp2 routers with the latest brainslayer build installed), I want the bridge to issue an ip to the external router and all clients of the router and then connect them to a vlan on my local network. I have setup the vlan with all rules required and no dhcp, currently only the server router sits on this vlan. The idea here is that I want to setup the client, export the settings and reimport them into new routers so I can ship these to people and give them a small gateway into the network (this means no manually set IPs if possible). Ill be upgrading the server router once I have a proof of concept. The problem is, the server and client connect successfully but the PC connected to the client doesnt get an IP address and cant communicate over the network. If I manually set the PC's IP then it can ping the client router only on its router address (not its assigned bridge address nor can it ping the bridge gateway). Whats even wierder is that the server lists both the client router and PC as connected with IPs issued. Can anyone please help me and tell me what am I doing wrong?
eibgrad, I started out with nothing added into the additional config field and added those entries durring troubleshooting based on posts I found in other forums trying to get it to work, even clearing these does not help. Your implementation is very similar to what I am trying to do however I dont think it resolves my problem. After some further troubleshooting I found out some more about the problem. The bridge is forwarding broadcast and arp packets only, not addressed traffic so the clients fail to get an IP address. The server router has entries in the openvpn log for addresses issued to the client router and PC but they dont actually receive them for some reason. I have firewall disabled on both so I dont know what is causing this behavior.
eibgrad, there is no dhcp on the vlan as the server router itself will be running dhcp for clients. Thats what the Pool start IP and Pool end IP settings are for, it is suposed to issue IPs to clients between this range (as it has been attempting as per my second screenshot, virtual IP column at the top). The problem is, the router believes it has issued these addresses as can be seen server side but the clients never actually receive them (or at least the attached PC doesn't). I think something is blocking this traffic as when I use wireshark I can only see broadcasts and arps from the main network.
The reason the address pool is so big is because I have some other networks in there statically set on the server side network. They are communicating and I can see traffic from them (broadcasts and arps only though) reach the client network.
eibgrad, if that were the case then why does the PC show as a client under the openvpn logs section of the web UI with an address issued too it (see the second attached picture). The server router sees both the client router and client pc and has issued addresses for both (or atleast thinks it had). I found a couple different documentation sources about this working but even without it I still get problems, I can manually set the client PC's IP but I can still only see arps and broadcasts, no addressed traffic.
