This server has 2 eth interfaces. We can only access eth1 from our end. I created a eth1:1 alias and gave it the local IP manually
Server Config
Code: Select all
local 192.168.122.1
port 1194
proto udp
dev tap0
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/icevpn.crt
dh /etc/openvpn/ssl/dh.pem
topology subnet
ifconfig-pool-persist ipp.txt
server-bridge 192.168.122.1 255.255.255.0 192.168.122.105 192.168.122.200
push "route 192.168.122.0 255.255.255.0"
push "dhcp-option DNS 192.168.122.1"
client-to-client
keepalive 10 120
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
comp-lzo adaptive
persist-key
persist-tun
status openvpn-status.log
verb 3
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
management localhost 7505
crl-verify /etc/openvpn/ssl/crl.pe
Code: Select all
client
dev tap
proto udp
port 1194
remote ServerAddress 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
#---Embedded certificates removed---
The up and down scripts are used to add the tap0 to the bridge and remove it from the bridge on startup and shutdown.
Can anyone point me to where I am going wrong please? Why are my clients not able to ping the server or vice versa?