-3

I am trying to setup openvpn on a server so that I have 2 different tap interfaces (tap0 and tap1) and then a bridge connecting those interfaces. The idea is that a client on tap0 will be able to talk to a client on tap1 and vice-versa.

There is no physical NIC involved in the bridge and the Bridge interface is setup with no ip/netmask/broadcast.

I am able to ping between the 2 when they are both connected however I see no traffic when trying to tcpdump the bridge interface.

I am a bit confused on some things:

  1. Do I need to have an ip configured on the bridge interface at all? I don't quite see the reason for it as all it will do is to make to virtual interfaces talk to each other

  2. Is the fact that the bridge interface does not have an assigned ip/netmask/broadcast the reason I am not able to see the ping traffic on the bridge interface when tcpdumping that interface?

  3. If the answer to number 2 is Yes, I assume that it is not either possible to use iptables to block/allow traffic on that interface, correct? If so is there any other way to accomplish what one would do with iptables on an interface like that?

Alexandre Thenorio
  • 2,288
  • 3
  • 31
  • 50
  • 1
    This seems more like a sysadmin type question, rather than a programming question. It would probably be a better fit at SuperUser.com or, maybe even ServerFault.com – Eric Renouf May 18 '15 at 17:19
  • I think this has more to do with OpenVPN which should only be transmitting UDP/TCP packets. Even if you have the interfaces bridged, the packets should be being dropped if the IP space is non-routable. – user1998698 May 18 '15 at 18:19
  • Could elaborate user1998698? I am able to connect to the openvpn server and pinging the other client works only it is also connected to the openvpn server. It seems to be working somehow yet I can't see anything on the bridge interface using tcpdump – Alexandre Thenorio May 18 '15 at 20:32

1 Answers1

1

I guess this wasn't the proper place to put this question but I thought I'd put an update anyway to close the issue.

Turns out that you do not need an assigned ip address on the bridge and it is possible to tcpdump. I happened to be working in containers which made the traffic go outside the vpn when pinging.

Alexandre Thenorio
  • 2,288
  • 3
  • 31
  • 50