OpenVPN VPN Bridging

2010-04-01T21:53:01Z

Jerryzak: Explanation for OpenVPN client + change in static IP line

== VPN Bridging ==

Here's the procedure you need to follow in order to have your VPN clients get IP addresses in the same subnet as your HDA.

For example, if you HDA's IP is 192.168.0.2, by default, connecting to it using an OpenVPN client will give your client computer an IP address like 10.8.0.x.
The following procedure will change this so that your client will receive an IP address like 192.168.0.x.

* sudo yum -y install bridge-utils

* sudo nano /etc/openvpn/openvpn-startup
Add this at the end of the file:
<pre><nowiki>
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

br="br0"
tap="tap0"

eth="eth0"
eth_ip=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

openvpn --mktun --dev $tap

brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap

ifconfig $tap 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ifconfig $eth 0.0.0.0 promisc up
</nowiki></pre>

* sudo nano /etc/openvpn/openvpn-shutdown
<pre><nowiki>
#!/bin/sh

####################################
# Tear Down Ethernet bridge on Linux
####################################

br="br0"
tap="tap0"
eth="eth0"
eth_ip=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

ifconfig $br down
brctl delbr $br

openvpn --rmtun --dev $tap

if [ "$eth_ip" != "" ]; then
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
fi
</nowiki></pre>

* sudo chmod +x /etc/openvpn/openvpn-shutdown

* sudo nano /etc/openvpn/amahi.conf
Remove the line that contains: ''dev tun''
and replace it with this:
<pre><nowiki>
mode server
tls-server
dev tap0
</nowiki></pre>
And remove (or comment out) the lines that start with ''server'' and ''ifconfig-pool-persist''.

* Repeat the last step with /etc/openvpn/amahi-dup-cn.conf

* sudo iptables -A INPUT -i tap0 -j ACCEPT
* sudo iptables -A INPUT -i br0 -j ACCEPT
* sudo iptables -A FORWARD -i br0 -j ACCEPT

* sudo service openvpn restart

* In your OpenVPN client (such as Amahi HDAConnect for Windows users) configuration, change ''dev tun'' with ''dev tap''. You'll also need to add a line that will make the client IP static:

ifconfig 192.168.1.x 255.255.255.0

Replace "x" in the IP address above with address you want your client to use.

[[Category: VPN]]

Turning off DHCP

2010-03-29T01:08:51Z

Jerryzak: Changes to Reflect UI

'''Note that a few of the benefits of your HDA will not work if you disable DHCP on your server.'''

The DHCP server in the HDA can be stopped by doing this:

* First turn on Advanced Settings, under Setup --> Settings
* Then go to the Setup --> Apps --> Servers
* Once there, find the DHCP Server and unselect both "Watchdog. DHCP Server is being monitored 24x7" and "Start at Boot time"

Here are the [http://www.amahi.org/faq#is-dhcp-server-required DHCP tradeoffs] if you would like to only use some of the functionality.

In short, a few of the nicer features of your HDA will not be available. You can still point your machines to the DNS server in the HDA and get some of the benefits, like nice URLs for your HDA-provided services. This is not a supported configuration for things like [[Netboot]].

Amahi Wiki - User contributions [en]

OpenVPN VPN Bridging

Turning off DHCP