Setting up an OpenVPN L2 Tunnel in OpenStack

Question

I'm trying to setup a OpenVPN server for a L2 Tunnel in a VM in OpenStack. For this, I have a VM with the following network interfaces:

- ens3 -> 192.168.1.1/24 -> Management network for SSH
- ens8 -> 10.1.1.1/24 -> Bridged network for VPN

I created a bridge using brctl and a tap interface using the command ip tuntap add mode tap tap0 and bridged these with ens8. Here is the result:

$ brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.322e8b731919       yes             ens8
                                                    tap0

The bridge is also assigned an IP in the 10.1.1.1/24 network

$ ifconfig
br0   Link encap:Ethernet  HWaddr 32:2e:8b:73:19:19
      inet addr:10.1.1.5  Bcast:10.1.1.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe3b:f580/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1454  Metric:1
      RX packets:813 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1833 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:51891 (51.8 KB)  TX bytes:147062 (147.0 KB)

ens3  Link encap:Ethernet  HWaddr fa:16:3e:20:47:bf
      inet addr:192.168.45.9  Bcast:192.168.45.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe20:47bf/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1454  Metric:1
      RX packets:3099003 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3086646 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:272510540 (272.5 MB)  TX bytes:250832632 (250.8 MB)

ens8  Link encap:Ethernet  HWaddr fa:16:3e:3b:f5:80
      inet6 addr: fe80::f816:3eff:fe3b:f580/64 Scope:Link
      UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1454  Metric:1
      RX packets:3276694 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3020598 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:255802571 (255.8 MB)  TX bytes:245085174 (245.0 MB)

lo    Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:180 errors:0 dropped:0 overruns:0 frame:0
      TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1
      RX bytes:13920 (13.9 KB)  TX bytes:13920 (13.9 KB)

tap0  Link encap:Ethernet  HWaddr 32:2e:8b:73:19:19
      UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

However I'm not able to ping any other machines in the 10.1.1.1/24 network from the bridge. This was working earlier from the ens8 interface. My idea is to first set up the bridged tap interface and run the OpenVPN server on this. However, without connectivity to the outside world, I'm not even sure if it would work. Does L2 devices like ethernet bridges even work in OpenStack VMs? What would be the best way to setup an L2 Tunnel here?

Setting up a VPN server is not programming. This question is off-topic and should be deleted. https://stackoverflow.com/help/on-topic — nobody, Jan 24 '18 at 13:27

score 0 · Accepted Answer · answered Jan 31 '18 at 13:03

0

The fix was to use the same MAC address for the bridge and the physical interface. For some reason, OpenStack was filtering packets based on the MAC. To change the MAC use the following command.

ifconfig br0 hw ether <new_MAC>

answered Jan 31 '18 at 13:03

n3o

2,795
5
24
37

1

What does this question have to do with programming? This seems to be a question that belongs on [sf], not [so]. – Ron Maupin Jan 31 '18 at 15:47

Setting up an OpenVPN L2 Tunnel in OpenStack

1 Answers1