Hi
I have a (somewhat) working TAP configuration I use with Tunnelblick on the Mac OS X Yosemite.
I used viscosity before and everything was fine. After switching to Tunnelblick I could get either no IP or no DNS Setup.
With some help from the guys from Tunnelblick, I changed the --push route-gateway 10.2.2.1" ito “–push route-gateway dhcp” and now I get an IP from the home network and corrct DNS setup in /etc/resolv.conf
I can access all ressources at the remote network, but I can’t get further out to the internet.
I did some debugging and found out that the VPN Client (10.2.2.150) ist ARPing for the remote address but never get’s a reply from the vyatta’s br0 interface.
Am I missing something here?
tshark output:
adieball@vyattahome# tshark -i br0 host 10.2.2.150
Capturing on br0
0.000000 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 10.2.2.2? Tell 10.2.2.150
0.000208 Vmware_95:52:fe -> 0e:4c:94:d2:7f:d9 ARP 10.2.2.2 is at 00:50:56:95:52:fe
0.024039 10.2.2.150 -> 10.2.2.2 DNS Standard query A notify5.dropbox.com
0.063219 10.2.2.2 -> 10.2.2.150 DNS Standard query response CNAME 5.notify.dropbox.com A 108.160.170.39 A 108.160.169.45 A 108.160.169.48 A 108.160.169.170 A 108.160.169.176 A 108.160.170.38
3.877692 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
12.651783 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
13.657780 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
14.661512 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
15.664311 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
16.667577 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
17.123926 10.2.2.150 -> 255.255.255.255 UDP Source port: 17500 Destination port: 17500
17.124462 10.2.2.150 -> 10.2.2.255 UDP Source port: 17500 Destination port: 17500
28.095367 10.2.2.150 -> 10.2.2.2 DNS Standard query A 5.notify.dropbox.com
28.127796 10.2.2.2 -> 10.2.2.150 DNS Standard query response A 108.160.169.45 A 108.160.169.48 A 108.160.169.170 A 108.160.169.176 A 108.160.170.38 A 108.160.170.39
28.152391 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.170.39? Tell 10.2.2.150
28.797885 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
29.161074 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.170.39? Tell 10.2.2.150
29.445266 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.64? Tell 10.2.2.150
29.797451 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
30.165513 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.170.39? Tell 10.2.2.150
30.800301 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
31.173528 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.170.39? Tell 10.2.2.150
31.805755 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
32.177336 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.170.39? Tell 10.2.2.150
38.157868 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
39.164341 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
40.167766 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
41.172456 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
41.709453 10.2.2.150 -> 10.2.2.2 DNS Standard query PTR 12.232.172.17.in-addr.arpa
41.709863 10.2.2.2 -> 10.2.2.150 DNS Standard query response, No such name
42.179354 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
43.182422 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
45.186562 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
46.650165 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
47.177450 10.2.2.150 -> 255.255.255.255 UDP Source port: 17500 Destination port: 17500
47.177993 10.2.2.150 -> 10.2.2.255 UDP Source port: 17500 Destination port: 17500
47.660052 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
48.662192 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
49.663127 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
50.664866 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
61.174246 10.2.2.150 -> 10.2.2.2 DNS Standard query A notify5.dropbox.com
61.206532 10.2.2.2 -> 10.2.2.150 DNS Standard query response CNAME 5.notify.dropbox.com A 108.160.169.48 A 108.160.169.170 A 108.160.169.176 A 108.160.170.38 A 108.160.170.39 A 108.160.169.45
61.230751 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
61.526321 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.64? Tell 10.2.2.150
62.237879 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 108.160.169.45? Tell 10.2.2.150
63.880764 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
76.649091 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
77.221402 10.2.2.150 -> 255.255.255.255 UDP Source port: 17500 Destination port: 17500
77.222822 10.2.2.150 -> 10.2.2.255 UDP Source port: 17500 Destination port: 17500
77.655237 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
78.653640 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
79.655113 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
80.658375 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 81.171.205.50? Tell 10.2.2.150
88.826402 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
89.832262 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
90.835642 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
91.837567 0e:4c:94:d2:7f:d9 -> Broadcast ARP Who has 17.110.245.10? Tell 10.2.2.150
^C57 packets captured
[edit]
adieball@vyattahome#
My config (the relevat parts)
interfaces {
bridge br0 {
address 10.2.2.1/24
address 2001:470:6d:363::1/64
aging 300
dhcpv6-options {
parameters-only
}
hello-time 2
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
default-preference high
link-mtu 1280
managed-flag false
max-interval 600
other-config-flag true
prefix 2001:470:6d:363::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
max-age 20
priority 0
stp false
}
ethernet eth0 {
bridge-group {
bridge br0
}
description "Internal Network"
dhcpv6-options {
parameters-only
}
duplex auto
hw-id 00:50:56:89:81:8b
smp_affinity auto
speed auto
}
openvpn vtun1 {
bridge-group {
bridge br0
}
description "Incoming OpenVPN Bridge"
device-type tap
local-port 443
mode server
openvpn-option "--push redirect-gateway def1"
openvpn-option "--push route-delay 10"
openvpn-option "--cert /config/auth/ca/keys/adieball.dvrdns.org.crt"
openvpn-option "--key /config/auth/ca/keys/adieball.dvrdns.org.key"
openvpn-option --duplicate-cn
openvpn-option --comp-lzo
openvpn-option --tcp-nodelay
openvpn-option "--push dhcp-option DOMAIN f0rd42.net"
openvpn-option "--push dhcp-option DNS 10.2.2.2"
openvpn-option "--push route-gateway dhcp"
protocol tcp-passive
server {
subnet 10.2.2.0/24
}
tls {
ca-cert-file /config/auth/ca/keys/ca.crt
cert-file /config/auth/ca/keys/adieball.dvrdns.org.crt
crl-file /config/auth/ca/keys/crl.pem
dh-file /config/auth/ca/keys/dh1024.pem
key-file /config/auth/ca/keys/adieball.dvrdns.org.key
}
thanks a lot in advance