bridged openvpn

This solution is a mess, do not use it!


/etc/network/interfaces:

auto eth0
auto br-eth0
iface br-eth0 inet static
address 10.20.30.1
netmask 255.255.255.0
gateway 10.20.30.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0

/etc/init.d/bridge:

ETH_IFACE=eth0
BR_IFACE=br-eth0

start() {
maxtap=129
echo "Create TAP/bridge interfaces:"
for i in `seq 0 ${maxtap}`; do
echo -n "$i "
openvpn --mktun --dev tap${i} > /dev/null
brctl addif $BR_IFACE tap${i} > /dev/null
ifconfig tap${i} 0.0.0.0 promisc up > /dev/null
done
echo
ifconfig $ETH_IFACE 0.0.0.0 promisc up
}

stop() {
echo "TAP/bridge fake shutdown (we never stop)"
RETVAL=$?
success
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
RETVAL=1
esac
exit $RETVAL
$ update-rc.d bridge start 16 2 .

/etc/openvpn/server_for_client1.conf

# Linux VPN bridged server config file
# These settings are different for each user
port 11_NUMBER_
dev tap_NUMBER_
secret /etc/openvpn/CLIENT.key
log-append /var/log/openvpn/CLIENT.log
local PUBLIC_HOST_NAME_OF_VPN_SERVER
# fragment 1400
# mssfix
ping 10
ping-restart 35
ping-timer-rem
persist-tun
persist-key
persist-local-ip
#comp-lzo
#comp-noadapt
user root
group root
verb 4

Simple gen script for the key:

#!/bin/sh
test -n $2 || exit 0
openvpn --genkey --secret /etc/openvpn/$1.key
openvpn --mktun --dev tap$2
ifconfig tap$2 0.0.0.0 promisc up
brctl addif br0 tap$2

CLIENT.ovpn:

# openvpn bridgef client config file
port 11_NUMBER_
secret CLIENT.key
ifconfig 10.20.30._NUMBER_ 255.255.255.0
remote PUBLIC_HOST_NAME_OF_VPN_SERVER
route-delay 5
dev tap
# tap-sleep 1
# fragment 1400
# mssfix
ifconfig-nowarn
#ip-win32 dynamic
ping 10
# comp-lzo
# comp-noadapt
verb 4
log-append CLIENT.log
avatar

About tompos

Hungary, Budapest
This entry was posted in IT, Linux, Ubuntu. Bookmark the permalink.

Leave a Reply