Talk:OpenVPN VPN Bridging
I followed these instructions to bridge the tap0 device with my eth0 device on my Amahi server. Afterwards, however, I noticed that I lost outgoing IP connectivity from the server, i.e., I could not resolve names or contact hosts from the server to the WAN. Note that my Amahi server is NOT my network gateway nor my dhcp server. It is only on my LAN and must connect through my existing gateway to route to the internet. I solved the problem with the command "sudo hda-change-gw x.x.x.x" where the IP address is my LAN gateway. Problem is this does not persist after reboot, so I need to modify the provided code appropriately. Any ideas on how best to do this?
Also, why can I not have the device that connects through the tap0 device instead get a dhcp lease from my existing dhcp server instead of using a static address? Could I not simply route the tap0 traffic to the gateway instead and then allow hosts that connect to become hosts on my existing network?
Finally, I'd really like to lock this all down with a certificate system like I have my ssh server locked down. On ssh, I have root logins and passwords logins completely disabled. Only certificate logins are allowed, plus I have denyhosts running to ban any repeat brute-force offending hosts. Any wiki on how to accomplish this?
Backing up iptables
I made a mess of setting up the bridging and had to reverse the changes. The most challenging part of this was restoring iptables to its previous condition. How much easier it would have been if I had backed it up first:
- iptables-save > /root/ipt.save
- cat /root/ipt.save | iptables-restore