Difference between revisions of "OpenVPN VPN Bridging"

From Amahi Wiki
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 13: Line 13:
  
 
These steps need to be done as '''root''' user:
 
These steps need to be done as '''root''' user:
{{Code|yum -y install bridge-utils
+
yum -y install bridge-utils
nano /etc/openvpn/openvpn-startup}}
+
nano /etc/openvpn/openvpn-startup
 
Add this at the end of the file:
 
Add this at the end of the file:
{{Text|Text=
+
<pre>
 
<nowiki>#################################</nowiki>
 
<nowiki>#################################</nowiki>
 
<nowiki># Set up Ethernet bridge on Linux</nowiki>
 
<nowiki># Set up Ethernet bridge on Linux</nowiki>
Line 38: Line 38:
 
ifconfig $tap 0.0.0.0 promisc up
 
ifconfig $tap 0.0.0.0 promisc up
 
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
 
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ifconfig $eth 0.0.0.0 promisc up}}
+
ifconfig $eth 0.0.0.0 promisc up</pre>
  
  
{{Code|nano /etc/openvpn/openvpn-shutdown}}
+
nano /etc/openvpn/openvpn-shutdown
 
Add this text to the file:
 
Add this text to the file:
{{Text|Text=#!/bin/sh
+
<pre>#!/bin/sh
  
 
<nowiki>####################################</nowiki>
 
<nowiki>####################################</nowiki>
Line 63: Line 63:
 
if [ "$eth_ip" !<nowiki>=</nowiki> "" ]; then
 
if [ "$eth_ip" !<nowiki>=</nowiki> "" ]; then
 
     ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
 
     ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
fi}}
+
fi</pre>
  
  
{{Code|chmod +x /etc/openvpn/openvpn-shutdown
+
chmod +x /etc/openvpn/openvpn-shutdown
nano /etc/openvpn/amahi.conf}}
+
nano /etc/openvpn/amahi.conf
 
Remove the line that contains: ''dev tun''
 
Remove the line that contains: ''dev tun''
 
and replace it with this:
 
and replace it with this:
{{Text|Text=mode server
+
<pre>mode server
 
tls-server
 
tls-server
 
dev tap0}}
 
dev tap0}}
 
And remove (or comment out) the lines that start with ''server'' and ''ifconfig-pool-persist''.
 
And remove (or comment out) the lines that start with ''server'' and ''ifconfig-pool-persist''.
  
{{Code|iptables -A INPUT -i tap0 -j ACCEPT
+
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
+
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
+
iptables -A FORWARD -i br0 -j ACCEPT
service openvpn restart}}
+
service openvpn restart</pre>
 
* In your OpenVPN client (such as Amahi HDAConnect for Windows users) configuration, change ''dev tun'' with ''dev tap''. You'll also need to add a line that will make the client IP static:
 
* In your OpenVPN client (such as Amahi HDAConnect for Windows users) configuration, change ''dev tun'' with ''dev tap''. You'll also need to add a line that will make the client IP static:
{{Text|Text=ifconfig 192.168.0.x 255.255.255.0}}
+
<pre>ifconfig 192.168.0.x 255.255.255.0</pre>
 
Replace "x" in the IP address above with address you want your client to use.
 
Replace "x" in the IP address above with address you want your client to use.
  

Latest revision as of 02:22, 20 February 2019

Warning.png WARNING
This procedure could break networking, proceed with extreme caution!

Do not do this remotely, only do it from your HDA itself!



NOTE: It is recommended that you shut down your current VPN before modifying configs and then restarting it after you finish configuring it.

Here's the procedure you need to follow in order to have your VPN clients get IP addresses in the same subnet as your HDA. This will enable certain traffic like broadcast traffic used in autodetection of protocols like DLNA and DHCP, cross your VPN bridge.

For example, if you HDA's IP is 192.168.0.2, by default, connecting to it using an OpenVPN client will give your client computer an IP address like 10.8.0.x. The following procedure will change this so that your client will receive an IP address like 192.168.0.x.

These steps need to be done as root user:

yum -y install bridge-utils
nano /etc/openvpn/openvpn-startup

Add this at the end of the file:

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

br="br0"
tap="tap0"

eth="eth0"
eth_ip=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

openvpn --mktun --dev $tap

brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap

ifconfig $tap 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ifconfig $eth 0.0.0.0 promisc up


nano /etc/openvpn/openvpn-shutdown

Add this text to the file:

#!/bin/sh

####################################
# Tear Down Ethernet bridge on Linux
####################################

br="br0"
tap="tap0"
eth="eth0"
eth_ip=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

ifconfig $br down
brctl delbr $br

openvpn --rmtun --dev $tap

if [ "$eth_ip" != "" ]; then
    ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
fi


chmod +x /etc/openvpn/openvpn-shutdown
nano /etc/openvpn/amahi.conf

Remove the line that contains: dev tun and replace it with this:

mode server
tls-server
dev tap0}}
And remove (or comment out) the lines that start with ''server'' and ''ifconfig-pool-persist''.

 iptables -A INPUT -i tap0 -j ACCEPT
 iptables -A INPUT -i br0 -j ACCEPT
 iptables -A FORWARD -i br0 -j ACCEPT
 service openvpn restart
  • In your OpenVPN client (such as Amahi HDAConnect for Windows users) configuration, change dev tun with dev tap. You'll also need to add a line that will make the client IP static:
ifconfig 192.168.0.x 255.255.255.0

Replace "x" in the IP address above with address you want your client to use.