OpenVPN pres tap a rovnou pripojit do bridge v turrisu

Software [CZ] SW úpravy [CZ]
1

Zdravim snazim se premluvit openvpn aby me klienty pripojoval rovnou do bridge v turrisu. Asi to chodi, ale neco mi chodi. Poradite jaky parametr?

Server:
config openvpn 'server_turris’
option enabled '1’
option port '1194’
option proto 'udp’
option mode server '1’
option dev 'tap’
option tls_server '1’
option ca '/etc/ssl/ca/openvpn/ca.crt’
option crl_verify '/etc/ssl/ca/openvpn/ca.crl’
option cert '/etc/ssl/ca/openvpn/01.crt’
option key '/etc/ssl/ca/openvpn/01.key’
option dh '/etc/dhparam/dh-default.pem’
option server-bridge '192.168.1.1 255.255.255.0 192.168.1.150 192.168.111.200’
option duplicate_cn '0’
option keepalive '10 120’
option comp_lzo 'yes’
option persist_key '1’
option persist_tun '1’
option status '/tmp/openvpn-status.log’
option verb '3’
option mute '20’
option client-to-client '1’
option script_security '2’
option up ‘/tmp/up.sh’

skript up.sh:
#!/bin/sh

the tap interface name is passed as first argument

bridge=br-lan

brctl addif “$bridge” "$1"
ifconfig tap0 up

A klient:
client
remote ‘cijoml.klfree.net’ 1194
ca '/home/cijoml/.cert/nm-openvpn/turris-ca.pem’
cert '/home/cijoml/.cert/nm-openvpn/turris-cert.pem’
key '/home/cijoml/.cert/nm-openvpn/turris-key.pem’
ifconfig 192.168.1.72 192.168.1.1
comp-lzo yes
dev tap
proto udp
ns-cert-type server
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup
float

A vysledek je:

root@ThinkPad-X230:/home/cijoml# openvpn turris-openvpn.conf
Thu Mar 23 21:15:31 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
Thu Mar 23 21:15:31 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Thu Mar 23 21:15:31 2017 WARNING: using --pull/–client and --ifconfig together is probably not what you want
Thu Mar 23 21:15:31 2017 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Thu Mar 23 21:15:31 2017 UDPv4 link local: [undef]
Thu Mar 23 21:15:31 2017 UDPv4 link remote: [AF_INET]10.102.196.90:1194
Thu Mar 23 21:15:32 2017 [turris] Peer Connection Initiated with [AF_INET]192.168.1.1:1194
Thu Mar 23 21:15:34 2017 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Mar 23 21:15:34 2017 TUN/TAP device tap0 opened
Thu Mar 23 21:15:34 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 23 21:15:34 2017 /sbin/ip link set dev tap0 up mtu 1500
Thu Mar 23 21:15:34 2017 /sbin/ip addr add dev tap0 192.168.1.72/7 broadcast 255.255.255.254
Thu Mar 23 21:15:34 2017 GID set to nogroup
Thu Mar 23 21:15:34 2017 UID set to nobody
Thu Mar 23 21:15:34 2017 Initialization Sequence Completed

Nelibi se mi tam ta netmaska spravne je sit 192.168.1.0/24

Poradi nekdo?

2

Nikdo neporadi? tomu neverim…