Hello all. I'm trying to bridge vtun0 and switch0 as br0 so I can get a client IP automatically over the VPN. I've confirmed as much as I can that my configuration is correct but when I try to
set interfaces switch switch0 bridge-group br0
commit
I get the error
All switch interfaces must be in switch-port mode to bridge the switch
Commit failed
As far as I can tell, eth2, 3, and 4 are in "switch-port mode". How does one manually go about confirming this? I've tried removing the interfaces from switch0 and readding them but that doesn't help. Any ideas?
Back story: I had the OpenVPN server working perfectly with a static IP on a different subnet. What I want is to automatically obtain an IP through the router's dhcp server because I was having an issue where if I disconnect one client and connect another before restarting the VPN server, I could not access the push-routed subnet. The way I'm trying to set this up I don't have to worry about push-routes at all. Everything is ready except switch0 bridged on br0. I used this thread for the changes: Edgemax 5 Port OpenVPN Server "Road Warrior" config - bridge?
Here's my configuration:
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description OpenVPN
destination {
port 1194
}
log disable
protocol udp
}
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
rule 21 {
action accept
description "Allow SSH"
destination {
port 22
}
log disable
protocol tcp
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 32768
promiscuous disable
stp false
}
ethernet eth0 {
address 192.168.1.1/24
description "Local 2"
duplex auto
speed auto
}
ethernet eth1 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
bridge-group {
bridge br0
}
hash sha256
mode server
openvpn-option --comp-lzo
openvpn-option "--server-bridge 192.168.2.1 255.255.255.0 192.168.2.41 192.168.2.50"
openvpn-option "--push redirect-gateway def1 bypass-dhcp"
server {
client xxxxx.xxxx.xxx {
}
name-server 192.168.2.1
name-server 192.168.1.1
subnet 192.168.2.0/24
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/server.pem
dh-file /config/auth/dhp.pem
key-file /config/auth/server.key
}
}
switch switch0 {
address 192.168.2.1/24
description Local
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}