I'm trying to create star shaped "virtual" LAN with OpenVPN which is not connected to physical network. ie. tap0 packets should not go to eth0. Packet should only go through OpenVPN to connected clients.
This setup works with my OpenVPN testing machine which runs Virtual Box but not on my actual server which is running on top of Xen. Both servers are running Ubuntu Intrepid.
/etc/network/interfaces:
iface tap0 inet manual
address 10.10.10.1
netmask 255.255.255.0
gateway 10.10.10.1
/etc/openvpn/server.conf
mode server
tls-server
port 1194
proto udp
dev tap
client-to-client
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/servername.crt
key /etc/openvpn/easy-rsa/keys/servername.key
dh /etc/openvpn/easy-rsa/keys/dh384.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.10.10.1 255.255.255.0 10.10.10.128 10.10.10.250
push .route 10.10.10.1 255.255.255.0
keepalive 5 60
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
user nobody
group nogroup
ifup tap0 on Virtual Box: everything ok, SSH keeps running. But on Xen SSH connection drops and I have to reboot whole machine. What I'm missing?
Is your virtual box instance bridged to the host operating system? When you say the ssh connection drops in Xen, which ssh connection are you referring to? Do you have another way into the vm so you can see what is actually happening to the networking when the bridge comes up i.e virtual serial console? That would go a long way in helping to solve your issue.
why not using tun mode and routing the traffic via central vpn server? should be perfectly doable.
you'll probably want to use '--client-to-client' option.
I don't think you want the gateway line in /etc/network/interfaces.