CentOS 7 openvpn bridge
Добрый день!
Подскажите в чем может быть проблема.
Имеется два сервера CentOS 7 на них Openvpn
За серверами сеть 192.168.100.0/24
Необходимо создать соединение двух сегментов одной сети.
первый сервер
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.2 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::215:5dff:fec0:e10d prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:c0:e1:0d txqueuelen 0 (Ethernet)
RX packets 388 bytes 26580 (25.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47 bytes 3022 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet внешний адрес netmask 255.255.255.192 broadcast внешний адрес
inet6 fe80::215:5dff:fec0:e10c prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:c0:e1:0c txqueuelen 1000 (Ethernet)
RX packets 8250 bytes 1572749 (1.4 MiB)
RX errors 0 dropped 75 overruns 0 frame 0
TX packets 4253 bytes 809288 (790.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::215:5dff:fec0:e10d prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:c0:e1:0d txqueuelen 1000 (Ethernet)
RX packets 136 bytes 12605 (12.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 322 bytes 23990 (23.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 18 bytes 1960 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1960 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::1483:52ff:fed2:cf7a prefixlen 64 scopeid 0x20<link>
ether 16:83:52:d2:cf:7a txqueuelen 100 (Ethernet)
RX packets 304 bytes 23446 (22.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 161 bytes 13376 (13.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
openvpn server conf
port 3001
proto tcp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server-bridge 192.168.100.2 255.255.255.0 192.168.100.10 192.168.100.20
keepalive 10 120
tls-auth ta.key 0
cipher BF-CBC
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
Скрипт рекомендованный для моста с сайта openvpn
#!/bin/bash
br="br0"
tap="tap0"
eth="eth1"
eth_ip="192.168.100.2"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.100.255"
#for t in $tap; do
# openvpn --mktun --dev $t
#done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
Второй сервер
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::215:5dff:fe9f:4d0c prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:9f:4d:0c txqueuelen 0 (Ethernet)
RX packets 491 bytes 34014 (33.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47 bytes 2902 (2.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet внешнй адрес netmask 255.255.255.224 broadcast внешний адрес
inet6 fe80::215:5dff:fe9f:4d0b prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:9f:4d:0b txqueuelen 1000 (Ethernet)
RX packets 14160 bytes 2418262 (2.3 MiB)
RX errors 0 dropped 109 overruns 0 frame 0
TX packets 6189 bytes 1160949 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::215:5dff:fe9f:4d0c prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:9f:4d:0c txqueuelen 1000 (Ethernet)
RX packets 289 bytes 23146 (22.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 216 bytes 18450 (18.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 392 (392.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 392 (392.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::4ce3:a1ff:fea9:ed65 prefixlen 64 scopeid 0x20<link>
ether 4e:e3:a1:a9:ed:65 txqueuelen 100 (Ethernet)
RX packets 202 bytes 17742 (17.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 341 bytes 26458 (25.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
openvpn client conf
client
dev tap
proto tcp
remote внешний адрес первого сервера 3001
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
comp-lzo
status openvpn-status.log
log openvpn.log
verb 3
Скрипт рекомендованный для моста с сайта openvpn
#!/bin/bash
br="br0"
tap="tap0"
eth="eth1"
eth_ip="192.168.100.10"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.100.255"
#for t in $tap; do
# openvpn --mktun --dev $t
#done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
openvpn соединение устанавливается. интерфейсы br0 запускаются и пингуются с серверов. не проходят пинги до хостов находящиеся за серверами.
Подскажите в чем может быть проблема?