Hello,
something pretty wrong for me...
For two clients and one server we do this in peers.yaml:
# cat peers.yaml
alex:
iface: tap_alan
verifier: $argon2d$m=4096,t=128,p=1$ceyJyscDM8vrN/UjS/hH+Q$wbU/uMubJqSLsc1xZ6qNjTENuLLCU8XCWtj8YJ/hGls
jack:
iface: tap_jack
verifier: $argon2d$m=4096,t=128,p=1$BJrUaLgW7/ogiuklIUOg0g$C/OcsEmxEUloibV45m4vY0MCvbNNvttqZmikpcBTivU
We have created 3 interfaces:
br0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1432
inet 172.16.0.5 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20<link>
ether 56:14:02:16:a1:5b txqueuelen 0 (Ethernet)
RX packets 45 bytes 1260 (1.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 438 (438.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap_alan:
inet 172.16.0.2 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20<link>
ether 56:14:02:16:a1:5b txqueuelen 500 (Ethernet)
RX packets 45 bytes 1890 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 876 (876.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap_jack: flags=4099<UP,BROADCAST,MULTICAST> mtu 1432
inet 172.16.0.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::e86a:55ff:fe96:1fa prefixlen 64 scopeid 0x20<link>
ether ea:6a:55:96:01:fa txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 1572 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Where br0 should be bridge.
tap_alan for user alan.
tap_jack for user jack.
that was done by 2 scripts, first to create bridge, second to create users:
### Creating bridge ###
cat create_bidge.sh
#!/bin/bash
ip link add name br0 type bridge
ip link set br0 up
### adding users, set br0 master ###
cat add_govpn_user.sh
#!/bin/bash
USER=$1
TAP=tap_${USER}
IPADDR=$2
ip tuntap add dev ${TAP} mode tap
ip link set mtu 1432 dev ${TAP}
ip addr add ${IPADDR} dev ${TAP}
ip link set ${TAP} up
ip link set ${TAP} master br0
So as I understand, now bridge interface should route traffic between two others interfaces?
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
37.48.109.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap_jack
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap_alex
Should I add br0 to routing table in some special way?
4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc noqueue state DOWN mode DEFAULT
link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff
5: tap_jack: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast master br0 stat
e DOWN mode DEFAULT qlen 500
link/ether ea:6a:55:96:01:fa brd ff:ff:ff:ff:ff:ff
6: tap_alex: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast master br0 state DO
WN mode DEFAULT qlen 500
link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff
So we have this schema:
CLIENT: user_alex IP 172.16.0.1
CLIENT: user_jack IP 172.16.0.2
SERVER:
br0 IP 172.16.0.5
tap_jack IP 172.16.0.101
tap_alex IP 172.16.0.102
Connection is established successfully.
But no luck with ping from client user_alex to server interface br0
# ping 172.16.0.5
PING 172.16.0.5 (172.16.0.5) 56(84) bytes of data.
From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
From 172.16.0.102 icmp_seq=2 Destination Host Unreachable
From 172.16.0.102 icmp_seq=3 Destination Host Unreachable
From 172.16.0.102 icmp_seq=4 Destination Host Unreachable
From 172.16.0.102 icmp_seq=5 Destination Host Unreachable
Also I can't ping "my" interface on the server:
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
From 172.16.0.102 icmp_seq=2 Destination Host Unreachable
Server works like a router:
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
What I am doing wrong?