Page 1 of 1

[Solved] LAN-to-LAN: Bridge on openwrt - DHCP problem

Posted: Sun Mar 17, 2019 10:14 pm
by dennyv90
Hi,
I'm testing a real situation through a virtual machine with 2 virtual network cards (first simulate wan card, second simulate lan card). This is the topology:
Image
The host connected to the lan card (eth1) gets IP address from OpenWrt' dhcp OK.
On OpenWrt I've used

Code: Select all

vpncmd
and I've created a bridge to eth1.

Code: Select all

bridgelist
show me that my bridge is operating OK.
I've created a cascade connection with VPN Server and I've turned on the cascade session IT'S ONLINE AND IT WORKS.

What's the problem?
If I connect a host in MY LAN to VPN Server, it doesn't receive an ip address from OpenWrt's dhcp, then it gets a private ip, and the PCs of the two LAN don't communicate.
But if I manually set ip address of VPN Client host, then they can communicate.

NB: If I install a dhcp server on a host (under eth1), then VPN Client host gets ip from him.

Instead, If I put VPN Bridge out of OpenWrt (I've install it on Host machine, where I run VM) and set the bridge with eth1, then VPN Client host gets ip automatically from OpenWrt.

I would like to know if this is possible and in your opinion what the problem is. I would not use secureNAT and/or virtual dhcp embedded in VPN Bridge

I hope I explained myself. Sorry for grammatical errors. :)

[Solved] LAN-to-LAN: Bridge on openwrt - DHCP problem

Posted: Fri May 03, 2019 7:26 am
by dennyv90
I solved my problem. Simply, I setted local Bridge as TAP device (default /tap:no)

Code: Select all

vpncmd /SERVER localhost /ADMINHUB:BRIDGE /CMD:bridgecreate bridge /DEVICE:eth1 /TAP:yes
Now VPN Clients in My Lan receive an IP address from Openwrt!

Re: LAN-to-LAN: Bridge on openwrt - DHCP problem

Posted: Tue May 21, 2019 1:32 pm
by dennyv90
Hi, now I've another problem.

VPN Clients get a right IP (192.168.x.y). In fact I can see all network devices in this subnet.
The only one that I can't see is 192.168.x.1 (the device that contains the DHCP server)

Code: Select all

root@OpenWrt:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:72:E1:A1
          inet addr:192.168.0.84  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe72:e1a1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5492 errors:0 dropped:4 overruns:0 frame:0
          TX packets:1939 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1103168 (1.0 MiB)  TX bytes:601727 (587.6 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:06:5A:F7
          inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe06:5af7/64 Scope:Link
          inet6 addr: fd22:452e:2a2e::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20046 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1542795 (1.4 MiB)  TX bytes:935318 (913.3 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:73446 (71.7 KiB)  TX bytes:73446 (71.7 KiB)

tap_eth1  Link encap:Ethernet  HWaddr 5E:4E:5A:8A:41:80
          inet6 addr: fe80::5c4e:5aff:fe8a:4180/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1026 (1.0 KiB)  TX bytes:746 (746.0 B)

root@OpenWrt:~# logread -f
Tue May 21 07:40:50 2019 daemon.warn dnsmasq-dhcp[1885]: DHCP packet received on tap_eth1 which has no address
Tue May 21 07:40:54 2019 daemon.warn dnsmasq-dhcp[1885]: DHCP packet received on tap_eth1 which has no address
Tue May 21 07:41:04 2019 daemon.warn dnsmasq-dhcp[1885]: DHCP packet received on tap_eth1 which has no address

root@OpenWrt:~# ifconfig tap_eth1 192.168.100.100
root@OpenWrt:~# logread -f
Tue May 21 08:14:05 2019 daemon.info dnsmasq-dhcp[1885]: DHCPDISCOVER(tap_eth1) 5e:5a:0d:13:9f:95
Tue May 21 08:14:05 2019 daemon.info dnsmasq-dhcp[1885]: DHCPOFFER(tap_eth1) 192.168.100.132 5e:5a:0d:13:9f:95
Tue May 21 08:14:05 2019 daemon.info dnsmasq-dhcp[1885]: DHCPREQUEST(tap_eth1) 192.168.100.132 5e:5a:0d:13:9f:95
Tue May 21 08:14:05 2019 daemon.info dnsmasq-dhcp[1885]: DHCPACK(tap_eth1) 192.168.100.132 5e:5a:0d:13:9f:95 denny
In this case I've only a bridge TAP:

Code: Select all

VPN Server>bridgelist
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name|Status
------+----------------+----------------------------------+---------
1     |bridge          |eth1                              |Operating
VPN client receives IP from DHCP server but doesn't see any device.

If I add another bridge eth1 NO TAP:

Code: Select all

VPN Server>bridgelist
BridgeList command - Get List of Local Bridge Connection
Number|Virtual Hub Name|Network Adapter or Tap Device Name|Status
------+----------------+----------------------------------+---------
1     |bridge          |eth1                              |Operating
2     |bridge          |eth1                              |Operating
VPN client receives IP from DHCP server and it can see the other devices (192.168.x.1 with DHCP server NO!)

Re: LAN-to-LAN: Bridge on openwrt - DHCP problem

Posted: Tue Jun 11, 2019 7:41 am
by thisjun
This is the limitation of localbridge in Linux.
https://www.softether.org/4-docs/1-manu ... r_Mac_OS_X

Re: LAN-to-LAN: Bridge on openwrt - DHCP problem

Posted: Tue Sep 03, 2019 10:27 am
by dennyv90
I managed to find the solution :D

it was enough to set the LAN connection as 'bridge'.
so just have a TAP connection without IP address (eg. tap_vpn) and the /etc/config/network like this:

Code: Select all

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.100.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ifname 'eth0.1 tap_vpn'
Now it works!