openrc-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: bridging openvpn

Ed W

Tue Nov 23 13:04:58 2010
On 10/11/2010 22:18, nivwiz@xxxxxxxxx wrote:

I am running openrc 0.6.1-r1
my problem is:
I am using the default /etc/init.d/openvpn file.
and here is grep tap0 /etc/conf.d/net :
*Quote:*

tuntap_tap0="tap"
config_tap0=( "null" )
br0 bridge_add_tap0="br0"
depend_tap0() {
before openvpn
}
after I boot the client manages to connect to the server. I need to do these three things to get it all working: 
1. ifconfig tap0 0.0.0.0
2. brctl addif br0 tap0
3. wait until I see tap0 enters forwarding state in /var/log/messages
I'm not sure if this is even vaguely the correct thing, but I'm using the following: 


# config eth0
config_eth0=( "null" )

# config tap0 to bring up bridge
tuntap_tap0="tap"
config_tap0=( "null" )
bridge_add_tap0="br0"
rc_need_tap0="net.br0"

# Config bridge to come up with just eth0
bridge_br0="eth0"
config_br0=( "192.168.105.4/24" )
routes_br0=( "default via 192.168.105.254" )
# Make the bridge depend on eth0
#rc_need_br0="net.eth0"
The logic is to have the openvpn stuff as a somewhat optional element of the bridge so that restarting it doesn't cause every bit of networking on the machine to restart. It's even possible to make the eth0 component optional if you wish?
Note that I don't currently depend on eth0 starting since the device itself is brought up by the kernel and I don't do any other configuration via openvpn. No idea if this is "correct", but obviously if you do configure eth0 then you need to start that also and add the dependency.
I think it's clear that the old networking stuff is quite nice, but now that dhcpcd is moving towards doing nearly everything with regards to getting devices going, there is some awkwardness in the networking scripts in that a lot of stuff becomes optional. Equally many net configurations still need some configuration and arguably the old style network scripts are convenient for some of that...
Perhaps someone else can add further insight on the configuration above though?
(Actually this is slightly simplified, my real configuration uses two bonded devices as bond0, this is then added to the bridge along with the two tap connections, one for udp and one for tcp openvpn. The above scales up as you would expect though) 

Good luck

Ed W
Follow-Ups:
Re: bridging openvpnnivwiz@xxxxxxxxx
References:
bridging openvpnnivwiz@xxxxxxxxx
Archive administrator: postmaster@marples.name