Dotaz: OpenVPN - bridge mode

Dobry den,

uz jsem z toho zoufalej, po precteni vsech moznych howto, mi porad nefunguje.Klient se overi pres TLS, start klienta i serveru probehne v poradku, ale nemuzu nikam pingnout, pritom arp pakety na klientovi vidim.

konfigurace serveru:

keepalive 10 120
proto udp
dev tap
server-bridge 192.168.10.69 255.255.255.0 192.168.10.80 192.168.10.85
push "route 192.168.10.0 255.255.255.0"
verb 9
log /var/log/openvpn/openvpn.log
ca /usr/local/etc/openvpn/keys/ca.crt
dh /usr/local/etc/openvpn/keys/dh2048.pem
cert /usr/local/etc/openvpn/keys/-server.crt
key /usr/local/etc/openvpn/keys/-server.key
comp-lzo
mssfix
duplicate-cn

klienta:

keepalive 10 120
proto udp
dev tap
remote x.x.x.x
verb 9
log /var/log/openvpn/openvpn.log
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/-server.crt
key /etc/openvpn/keys/-server.key
pull
comp-lzo
mssfix
tls-client

ifconfig server (FreeBSD 7.1):

serv2# ifconfig
bge0: flags=8943 UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 
1500
        options=98 VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM 
        ether 00:0b:cd:cf:4d:01
        inet 192.168.10.250 netmask 0xffffff00 broadcast 192.168.10.255
        media: Ethernet autoselect (100baseTX  full-duplex )
        status: active
plip0: flags=108810 POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT metric 0 mtu 1500
lo0: flags=8049 UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
tap0: flags=8942BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500
        ether 00:bd:1b:86:b1:00
        Opened by PID 33431
bridge0: flags=8843 UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500
        ether 52:eb:51:79:6c:00
        inet 192.168.10.69 netmask 0xffffff00 broadcast 192.168.10.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=143 LEARNING,DISCOVER,AUTOEDGE,AUTOPTP
                ifmaxaddr 0 port 4 priority 128 path cost 2000000
        member: bge0 flags=143 LEARNING,DISCOVER,AUTOEDGE,AUTOPTP
                ifmaxaddr 0 port 1 priority 128 path cost 200000
serv2#

ifconfig klient (Linux, zkouseno i s Windows):

gw:~# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:e0:7d:cb:9b:dd
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:7dff:fecb:9bdd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:368288 errors:0 dropped:0 overruns:0 frame:0
          TX packets:358797 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:188896205 (180.1 MiB)  TX bytes:299252267 (285.3 MiB)
          Interrupt:23 Base address:0xb400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2454 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2454 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:266127 (259.8 KiB)  TX bytes:266127 (259.8 KiB)

tap0      Link encap:Ethernet  HWaddr 00:ff:61:9c:18:ec
          inet addr:192.168.10.80  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2ff:61ff:fe9c:18ec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:690 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:139403 (136.1 KiB)  TX bytes:594 (594.0 B)

gw:~#

Petr Kucera Ceske Budejovice

a) Jak to mate osetrene na firewall-u? b) Je ten bridge nutny? c) Postnente to take do "Unix" diskuse..

NN