доброй ночи!есть два интерфейса, eth0 (смотрит в локалку) и tap0 (смотрит на openvpn клиента).
поднят мост через brctl с названием br0 и дан ip 172.16.0.52
пинги с моста в сеть черз eth0 бегают отлично, а вот через tap0 не берают.
наблюал следующие: если пинговать с клиента openvpn кого нибудь на eth0 то пакеты доходят, их видно снифером, а вот обратно ничего нет. В тоже время на клиенте openvpn я вижу широковещательный шум из сети за eth0.
кофиги:
клиент опенвпн
# client
proto udp
remote 172.16.0.52
port 1194
dev tap
tun-mtu 1500
cipher none
#nobind
#resolv-retry infinite
#persist-key
#persist-tun
tls-client
dh dh1024.pem
ca ca-cert.pem
cert client_52_1.cert
key client_52_1.key
#cipher BF-CBC # Blowfish (default)
#cipher AES-128-CBC # AES
# cipher DES-EDE3-CBC # Triple-DES
#tls-auth ta.key 1
ping 10
#comp-lzo
verb 3
#mute 10
сервер опенвпн
proto udp
dev tap # использую tap, хотя можно и tun (рекомендуется)
port 1194
tun-mtu 1400
cipher none
# TLS parms
tls-server
ca /etc/ssl/ca-cert.pem
#ca /etc/ssl/virtual_52.csr
cert /etc/ssl/virtual_52.cert
key /etc/ssl/virtual_52.key
dh /etc/ssl/dh1024.pem
#mode server
#ifconfig 172.16.200.201 255.255.0.0
#ifconfig-pool 172.16.200.2 172.16.200.254
local 172.16.0.52
#duplicate-cn
#tls-auth /etc/ssl/ta.key 0
#cipher BF-CBC # Blowfish (default)
#cipher AES-128-CBC # AES
#cipher DES-EDE3-CBC # Triple-DES
user root
group root
#persist-key
#persist-tun
#comp-lzo
#keepalive 10 120
ping 10
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
команда ifconfig
br0 Link encap:Ethernet HWaddr 00:03:FF:94:54:F0
inet addr:172.16.0.52 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::203:ffff:fe94:54f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:462597 errors:0 dropped:0 overruns:0 frame:0
TX packets:301192 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27446676 (26.1 MiB) TX bytes:43401691 (41.3 MiB)
eth0 Link encap:Ethernet HWaddr 00:03:FF:94:54:F0
inet6 addr: fe80::203:ffff:fe94:54f0/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:841357 errors:0 dropped:21 overruns:0 frame:0
TX packets:306923 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:58948165 (56.2 MiB) TX bytes:44067412 (42.0 MiB)
Interrupt:11 Base address:0xec00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1294 errors:0 dropped:0 overruns:0 frame:0
TX packets:1294 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:187358 (182.9 KiB) TX bytes:187358 (182.9 KiB)
tap0 Link encap:Ethernet HWaddr 42:05:8E:2E:59:CC
inet6 addr: fe80::4005:8eff:fe2e:59cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:125 errors:0 dropped:0 overruns:0 frame:0
TX packets:94892 errors:0 dropped:43 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9103 (8.8 KiB) TX bytes:5887799 (5.6 MiB)
лог от опенвпн клиента:
Fri Dec 21 03:31:29 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Fri Dec 21 03:31:29 2007 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Dec 21 03:31:29 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 21 03:31:29 2007 ******* WARNING *******: null cipher specified, no encryption will be used
Fri Dec 21 03:31:29 2007 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 21 03:31:29 2007 TAP-WIN32 device [Подключение по локальной сети 6] opened: \\.\Global\{01E9B491-2C2A-4425-88C8-E406ED39E3F9}.tap
Fri Dec 21 03:31:29 2007 TAP-Win32 Driver Version 8.4
Fri Dec 21 03:31:29 2007 TAP-Win32 MTU=1500
Fri Dec 21 03:31:29 2007 NOTE: FlushIpNetTable failed on interface [786438] {01E9B491-2C2A-4425-88C8-E406ED39E3F9} (status=259) : Дополнительные данные отсутствуют.
Fri Dec 21 03:31:29 2007 Data Channel MTU parms [ L:1557 D:1450 EF:25 EB:4 ET:32 EL:0 AF:14/25 ]
Fri Dec 21 03:31:29 2007 Local Options hash (VER=V4): 'e902d959'
Fri Dec 21 03:31:29 2007 Expected Remote Options hash (VER=V4): '64b7d35e'
Fri Dec 21 03:31:29 2007 UDPv4 link local (bound): [undef]:1194
Fri Dec 21 03:31:29 2007 UDPv4 link remote: 172.16.0.52:1194
Fri Dec 21 03:31:29 2007 TLS: Initial packet from 172.16.0.52:1194, sid=d752fa1b 621b5fe0
Fri Dec 21 03:31:29 2007 VERIFY OK: depth=1, /C=RU/ST=Some-State/L=VYKSA/O=VISTLINK/OU=YATEN/CN=YATEN/emailAddress=vist-it@mail.ru
Fri Dec 21 03:31:29 2007 VERIFY OK: depth=0, /C=RU/ST=Some-State/O=VISTLINK/OU=YATEN/CN=YATEN/emailAddress=vist-it@mail.ru
Fri Dec 21 03:31:29 2007 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1457'
Fri Dec 21 03:31:29 2007 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1432'
Fri Dec 21 03:31:29 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 21 03:31:29 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 21 03:31:29 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
Fri Dec 21 03:31:29 2007 [YATEN] Peer Connection Initiated with 172.16.0.52:1194
Fri Dec 21 03:31:29 2007 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Dec 21 03:31:29 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Dec 21 03:31:30 2007 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Dec 21 03:31:30 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Dec 21 03:31:31 2007 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Dec 21 03:31:31 2007 Route: Waiting for TUN/TAP interface to come up...
Fri Dec 21 03:31:32 2007 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Fri Dec 21 03:31:32 2007 Initialization Sequence Completed
НУ вроде и все. уже спать хочу...
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 21-Дек-07, 03:34 
