0

I would like to bridge between br0 and tap0 for my OpenVPN server, but I get the error at the bottom of this post.

Background

The server have one physical eth0 with IP xxx.xxx.68.58.

The bridge should have xxx.xxx.85.5 and the tap0 NIC, where the OpenVPN clients gets an IP from is in the range xxx.xxx.85.50 - xxx.xxx.85.100.

To make the bridge I do:

#!/bin/bash

br="br0"
tap="tap0"
eth="eth0:0"

eth_ip="xxx.xxx.85.5"
eth_netmask="255.255.255.0"
eth_broadcast="255.255.71.255"

openvpn --mktun --dev $tap
brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap
ifconfig $tap 0.0.0.0 promisc up

echo "debug"
ifconfig $eth 0.0.0.0 promisc up
echo "debug"

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

but get this error;

Tue Sep 13 10:40:46 2011 TUN/TAP device tap0 opened
Tue Sep 13 10:40:46 2011 Persist state set to: ON
debug
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
debug

What am I doing wrong?

Update

With set -vx added in the top of the script, I get:

br="br0"
+ br=br0
tap="tap0"
+ tap=tap0
eth="eth0:0"
+ eth=eth0:0

eth_ip="xxx.xxx.85.5"
+ eth_ip=xxx.xxx.85.5
eth_netmask="255.255.255.0"
+ eth_netmask=255.255.255.0
eth_broadcast="255.255.71.255"
+ eth_broadcast=255.255.71.255

openvpn --mktun --dev $tap
+ openvpn --mktun --dev tap0
Tue Sep 13 11:42:33 2011 TUN/TAP device tap0 opened
Tue Sep 13 11:42:33 2011 Persist state set to: ON
brctl addbr $br
+ brctl addbr br0
brctl addif $br $eth
+ brctl addif br0 eth0:0
brctl addif $br $tap
+ brctl addif br0 tap0

ifconfig $tap 0.0.0.0 promisc up
+ ifconfig tap0 0.0.0.0 promisc up
ifconfig $eth 0.0.0.0 promisc up
+ ifconfig eth0:0 0.0.0.0 promisc up
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
+ ifconfig br0 xxx.xxx.85.5 netmask 255.255.255.0 broadcast 255.255.71.255
Sandra
  • 10,303
  • 38
  • 112
  • 165

1 Answers1

1

It would be very useful to see the output of the individual commands, rather than just the batch file; or you could put set -vx near the top of the batch file, which would give much more useful output.

But at first glance the issue may be that you're trying to enslave an ethernet subinterface (eth0:0) to a bridge, rather than the physical port. What happens if you replace

eth="eth0:0"

with

eth="eth0"

at the top of the script?

If you don't want to do that because you're using eth0 for different purposes, could you explain in more detail what you're trying to achieve?

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • Ok. I have now added an updated output to the post. You have forgot to edit what I should change `eth0:0` to =) – Sandra Sep 13 '11 at 09:47
  • Sorry, my bad; I have fixed that. – MadHatter Sep 13 '11 at 09:49
  • The reason I want to create a new NIC and bridge it, is because of this cinfig option in OpenVPN `server-bridge xxx.xxx.85.5 255.255.255.0 xxx.xxx.85.50 xxx.xxx.85.100` which is `server_ip netmask client_ip_range`. `eth0` of the server is `xxx.xxx.68.58` but the client Ip range must be in `xxx.xxx.85.*` and OpenVPn doesn't allow that. So I thought that I could just add another NIC with `xxx.xxx.85.5` as IP, and bridge it. That way OpenVPN would think the server and clients are on the same net. – Sandra Sep 13 '11 at 09:53
  • It works =) But I don't understand why it works. I would have expected that `ifconfig eth0 0.0.0.0 promisc up` would destory `eth0` as it is already active? – Sandra Sep 13 '11 at 10:04