4

I have a program which writes packets (destination address 10.3.0.2) to the TUN/TAP interface.

Network:

host1|tun0----eth1(10.3.0.1)|-------------------host2|eth1(10.3.0.2)|

Wireshark captures these packets from interface tun0 but they are not forwarded to interface eth1.

Commands:

sysctl -w net.ipv4.ip_forward=1
sysctl -p

iptables -A INPUT -i tun+ -j ACCEPT

iptables -A FORWARD -i tun+ -j ACCEPT

iptables -A INPUT -i tap+ -j ACCEPT

iptables -A FORWARD -i tap+ -j ACCEPT

/etc/init.d/networking restart

/etc/init.d/openvpn restart
Bill the Lizard
  • 352
  • 1
  • 7
  • 15
rafal
  • 41
  • 1
  • 1
  • 2
  • I hope you get a better response than me, I asked a very similar question regarding KVM guest virtual machines! Still a ghost town over there. Haha. – songei2f Jun 07 '11 at 18:48
  • Are you trying this in a full blown Linux install or are you doing this in a VPS? I'm curious because this seems to pop up frequently with OpenVZ VPS boxes and OpenVPN. – Taco Bob Jan 27 '13 at 03:02

3 Answers3

3

Are you using a tun or a tap ?

If you want your remote hosts to be in the same subnet, you should use tap instead of tun, remove 10.3.0.1 from eth1, create a bridge between eth1 and tap0, and assign 10.3.0.1 to the bridge interface.

This is slightly less efficient than a tun, but will allow non-IP and broadcast traffic between your vpn hosts and the local network. (and consequently, allow your vpn hosts to use a dhcp server on the local net, or spoof their addresses if they want to).

If you want a separate network for your vpn hosts, you should dedicate a pair of addresses for the tunnel (or more if you are using openvpn in multi-client server mode instead of in p2p mode), and you should make sure these addresses are bound to the tun interface, and that the tun is up. In your drawing there is no address for the tunnel.

Depending on your distribution, restarting the networking service may be destroying the changes you made to iptables.

b0fh
  • 3,313
  • 1
  • 20
  • 32
1

You need to setup bridging between your two interfaces (tun0 and eth0), here is some documentation about how to setup bridges:

http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge

polynomial
  • 3,968
  • 13
  • 24
-2

the problem you are having is due to not having enabled the gre module in kernel: sudo modprobe ip_gre

Radu
  • 1