Ubuntu 17.10 - OpenVPN TAP - Help

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












I am desperate at this point. I have been trying to configure a bridge networking on Ubuntu 17.10 and it has been hell. I can’t find any documents online to assist with install. All of the ones I have found are written for 16.04 and below. Can someone please help me. With this Net plan implementation instead of interfaces everything seems to be a headache. Below are my configurations.



Info:



router: 10.0.1.1
ip address 10.0.1.100
network 10.0.1.0
gateway 10.0.1.1
dns: 10.0.1.1
netmask 255.255.255.0


admin@SKYNET:~$ cat /etc/netplan/01-netcfg.yaml
This file describes the network interfaces available on your system
For more information, see netplan(5).

network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: true
optional: true


admin@SKYNET:~$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.1.100 255.255.255.0 10.0.1.230 10.0.1.254
push "route 10.0.1.0 255.255.255.0 10.0.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


admin@SKYNET:~$ cat /etc/openvpn/easy-rsa/keys/client.ovpn
client
dev tap
proto udp
remote 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3


I followed the steps from this page on the Ubuntu help wiki but the Prepare interface config for bridging on server step doesn’t seem to work since interfaces isn't there any more. Not sure how to bring tap0 up/down. I seem to be having a routing issue when the clients connect.



[admin@SKYNET:~$ ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.100 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::c96:daff:feda:65b8 prefixlen 64 scopeid 0x20
ether 0e:96:da:da:65:b8 txqueuelen 1000 (Ethernet)
RX packets 1327461 bytes 2776343355 (2.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 953269 bytes 1907343180 (1.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


[admin@SKYNET:~$ ifconfig tap0
tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:82:dd:10:85:4d txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Also I added the firewall rules



iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT


What am I doing wrong?




networking vpn openvpn network-bridge netplan




share|improve this question






















  • Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
    – slangasek
    May 17 at 22:51











  • The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
    – nickyung
    May 18 at 2:31










  • I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
    – nickyung
    May 18 at 2:48














up vote
0
down vote

favorite












I am desperate at this point. I have been trying to configure a bridge networking on Ubuntu 17.10 and it has been hell. I can’t find any documents online to assist with install. All of the ones I have found are written for 16.04 and below. Can someone please help me. With this Net plan implementation instead of interfaces everything seems to be a headache. Below are my configurations.



Info:



router: 10.0.1.1
ip address 10.0.1.100
network 10.0.1.0
gateway 10.0.1.1
dns: 10.0.1.1
netmask 255.255.255.0


admin@SKYNET:~$ cat /etc/netplan/01-netcfg.yaml
This file describes the network interfaces available on your system
For more information, see netplan(5).

network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: true
optional: true


admin@SKYNET:~$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.1.100 255.255.255.0 10.0.1.230 10.0.1.254
push "route 10.0.1.0 255.255.255.0 10.0.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


admin@SKYNET:~$ cat /etc/openvpn/easy-rsa/keys/client.ovpn
client
dev tap
proto udp
remote 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3


I followed the steps from this page on the Ubuntu help wiki but the Prepare interface config for bridging on server step doesn’t seem to work since interfaces isn't there any more. Not sure how to bring tap0 up/down. I seem to be having a routing issue when the clients connect.



[admin@SKYNET:~$ ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.100 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::c96:daff:feda:65b8 prefixlen 64 scopeid 0x20
ether 0e:96:da:da:65:b8 txqueuelen 1000 (Ethernet)
RX packets 1327461 bytes 2776343355 (2.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 953269 bytes 1907343180 (1.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


[admin@SKYNET:~$ ifconfig tap0
tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:82:dd:10:85:4d txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Also I added the firewall rules



iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT


What am I doing wrong?




networking vpn openvpn network-bridge netplan




share|improve this question






















  • Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
    – slangasek
    May 17 at 22:51











  • The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
    – nickyung
    May 18 at 2:31










  • I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
    – nickyung
    May 18 at 2:48












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am desperate at this point. I have been trying to configure a bridge networking on Ubuntu 17.10 and it has been hell. I can’t find any documents online to assist with install. All of the ones I have found are written for 16.04 and below. Can someone please help me. With this Net plan implementation instead of interfaces everything seems to be a headache. Below are my configurations.



Info:



router: 10.0.1.1
ip address 10.0.1.100
network 10.0.1.0
gateway 10.0.1.1
dns: 10.0.1.1
netmask 255.255.255.0


admin@SKYNET:~$ cat /etc/netplan/01-netcfg.yaml
This file describes the network interfaces available on your system
For more information, see netplan(5).

network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: true
optional: true


admin@SKYNET:~$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.1.100 255.255.255.0 10.0.1.230 10.0.1.254
push "route 10.0.1.0 255.255.255.0 10.0.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


admin@SKYNET:~$ cat /etc/openvpn/easy-rsa/keys/client.ovpn
client
dev tap
proto udp
remote 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3


I followed the steps from this page on the Ubuntu help wiki but the Prepare interface config for bridging on server step doesn’t seem to work since interfaces isn't there any more. Not sure how to bring tap0 up/down. I seem to be having a routing issue when the clients connect.



[admin@SKYNET:~$ ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.100 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::c96:daff:feda:65b8 prefixlen 64 scopeid 0x20
ether 0e:96:da:da:65:b8 txqueuelen 1000 (Ethernet)
RX packets 1327461 bytes 2776343355 (2.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 953269 bytes 1907343180 (1.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


[admin@SKYNET:~$ ifconfig tap0
tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:82:dd:10:85:4d txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Also I added the firewall rules



iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT


What am I doing wrong?




networking vpn openvpn network-bridge netplan




share|improve this question














I am desperate at this point. I have been trying to configure a bridge networking on Ubuntu 17.10 and it has been hell. I can’t find any documents online to assist with install. All of the ones I have found are written for 16.04 and below. Can someone please help me. With this Net plan implementation instead of interfaces everything seems to be a headache. Below are my configurations.



Info:



router: 10.0.1.1
ip address 10.0.1.100
network 10.0.1.0
gateway 10.0.1.1
dns: 10.0.1.1
netmask 255.255.255.0


admin@SKYNET:~$ cat /etc/netplan/01-netcfg.yaml
This file describes the network interfaces available on your system
For more information, see netplan(5).

network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: true
optional: true


admin@SKYNET:~$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.0.1.100 255.255.255.0 10.0.1.230 10.0.1.254
push "route 10.0.1.0 255.255.255.0 10.0.1.1"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.1.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


admin@SKYNET:~$ cat /etc/openvpn/easy-rsa/keys/client.ovpn
client
dev tap
proto udp
remote 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3


I followed the steps from this page on the Ubuntu help wiki but the Prepare interface config for bridging on server step doesn’t seem to work since interfaces isn't there any more. Not sure how to bring tap0 up/down. I seem to be having a routing issue when the clients connect.



[admin@SKYNET:~$ ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.100 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::c96:daff:feda:65b8 prefixlen 64 scopeid 0x20
ether 0e:96:da:da:65:b8 txqueuelen 1000 (Ethernet)
RX packets 1327461 bytes 2776343355 (2.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 953269 bytes 1907343180 (1.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


[admin@SKYNET:~$ ifconfig tap0
tap0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:82:dd:10:85:4d txqueuelen 100 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Also I added the firewall rules



iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT


What am I doing wrong?





networking vpn openvpn network-bridge netplan





share|improve this question













share|improve this question




share|improve this question








edited May 17 at 7:52









Zanna

47.9k13117227




47.9k13117227










asked May 17 at 4:21









nickyung

31




31











  • Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
    – slangasek
    May 17 at 22:51











  • The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
    – nickyung
    May 18 at 2:31










  • I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
    – nickyung
    May 18 at 2:48
















  • Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
    – slangasek
    May 17 at 22:51











  • The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
    – nickyung
    May 18 at 2:31










  • I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
    – nickyung
    May 18 at 2:48















Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
– slangasek
May 17 at 22:51





Please check the indentation on your /etc/netplan file. This is a structured yaml file but in your post everything is left-aligned which makes it invalid. I also notice you are enabling DHCP on both the physical interface and on the bridge. This is probably not what you want, you probably want to enable DHCP only on the bridge and disable it on the physical interface. But this is probably not the cause of your problem. With your configuration, what is the output of 'ifconfig'? Do you see the interfaces and addresses that you expect?
– slangasek
May 17 at 22:51













The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
– nickyung
May 18 at 2:31




The indentation is wrong because I copy and paste from another site I posted this on. In regards to the dhcp for the physical interface, do you mind showing me an example how the netplan file suppose to look like. Thanks.
– nickyung
May 18 at 2:31












I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
– nickyung
May 18 at 2:48




I think what i really need with is the proper netplan yaml setting, the up/down script and the syntax to use to call the scripts in the server.config file. Again, any help is much appreciated.
– nickyung
May 18 at 2:48










1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:



$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).



network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]

Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.



You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.



The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge (owned by root, marked executable):



#!/bin/sh

set -e

if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi






share|improve this answer






















  • Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
    – nickyung
    May 21 at 16:43











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1037223%2fubuntu-17-10-openvpn-tap-help%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote



accepted










You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:



$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).



network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]

Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.



You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.



The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge (owned by root, marked executable):



#!/bin/sh

set -e

if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi






share|improve this answer






















  • Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
    – nickyung
    May 21 at 16:43















up vote
0
down vote



accepted










You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:



$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).



network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]

Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.



You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.



The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge (owned by root, marked executable):



#!/bin/sh

set -e

if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi






share|improve this answer






















  • Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
    – nickyung
    May 21 at 16:43













up vote
0
down vote



accepted







up vote
0
down vote



accepted






You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:



$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).



network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]

Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.



You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.



The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge (owned by root, marked executable):



#!/bin/sh

set -e

if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi






share|improve this answer














You don't want to configure addresses on both the bridge and the physical interface, which is what happens when you have dhcp4: true set in both places. To match the configuration described in https://help.ubuntu.com/lts/serverguide/openvpn.html.en#openvpn-advanced-config, your netplan yaml should look like:



$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).



network:
version: 2
renderer: networkd
ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6]
dhcp4: no
addresses: [10.0.1.100/24]
gateway4: 10.0.1.1
nameservers:
addresses: [10.0.1.1]

Note that this uses static address configuration. DHCP also works, but it does not make sense to have other config files on your system (the openvpn.conf) with statically configured IP information, but use DHCP for the host's network.



You do not need to declare this interface "optional", which only relates to what other systemd units will wait for this interface to be configured at boot.



The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command: up ip link set $IFACE up promisc on. To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed, then install the following script as /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge (owned by root, marked executable):



#!/bin/sh

set -e

if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface
ip link set eth0 up promisc on
fi







share|improve this answer














share|improve this answer



share|improve this answer








edited Jul 17 at 2:10

























answered May 19 at 4:33









slangasek

2,27811318




2,27811318











  • Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
    – nickyung
    May 21 at 16:43

















  • Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
    – nickyung
    May 21 at 16:43
















Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
– nickyung
May 21 at 16:43





Thanks for the help. I will try it in a test environment. I ended up installing ifupdown and resolvconf and disable the netplan and the installed version of resolvconf. Steps I took are listed documented in this post forums.openvpn.net/…
– nickyung
May 21 at 16:43













 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1037223%2fubuntu-17-10-openvpn-tap-help%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

pylint3 and pip3 broken

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
Read more

Missing snmpget and snmpwalk

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
Read more

How to enroll fingerprints to Ubuntu 17.10 with VFS491

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
Read more