Difference between revisions of "OpenVPN VPN Bridging"

Revision as of 20:55, 31 January 2010

VPN Bridging

Here's the procedure you need to follow in order to have your VPN clients get IP addresses in the same subnet as your HDA.

For example, if you HDA's IP is 192.168.0.2, by default, connecting to it using an OpenVPN client will give your client computer an IP address like 10.8.0.x. The following procedure will change this so that your client will receive an IP address like 192.168.0.x.

sudo yum install bridge-utils

sudo nano /etc/openvpn/openvpn-startup

Add this at the end of the file:

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

br="br0"
tap="tap0"

eth="eth0"
eth_ip=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 eth0 | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

openvpn --mktun --dev $tap

brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap

ifconfig $tap 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ifconfig $eth 0.0.0.0 promisc up

sudo nano /etc/openvpn/openvpn-shutdown

#!/bin/sh

####################################
# Tear Down Ethernet bridge on Linux
####################################

br="br0"
tap="tap0"
eth="eth0"
eth_ip=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 br0 | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

ifconfig $br down
brctl delbr $br

openvpn --rmtun --dev $tap

if [ "$eth_ip" != "" ]; then
    ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
fi

sudo chmod +x /etc/openvpn/openvpn-shutdown

sudo nano /etc/openvpn/amahi.conf

Remove the line that contains: dev tun and replace it with this:

mode server
tls-server
dev tap0

And remove (or comment out) the lines that start with server and ifconfig-pool-persist.

Repeat the last step with /etc/openvpn/amahi-dup-cn.conf

sudo iptables -A INPUT -i tap0 -j ACCEPT
sudo iptables -A INPUT -i br0 -j ACCEPT
sudo iptables -A FORWARD -i br0 -j ACCEPT

sudo service openvpn restart

In your OpenVPN client configuration, change dev tun with dev tap. You'll also need to add a line that will make the client IP static:

ifconfig 192.168.1.2 255.255.255.0

Replace 192.168.1.2 with the IP address you want your client to use.

@@ Line 8: / Line 8: @@
 * sudo yum install bridge-utils
-* sudo nano /etc/openvpn/bridge-start
+* sudo nano /etc/openvpn/openvpn-startup
+Add this at the end of the file:
 <pre><nowiki>
-#!/bin/bash
 #################################
 # Set up Ethernet bridge on Linux
@@ Line 36: / Line 35: @@
 </nowiki></pre>
-* sudo nano /etc/openvpn/bridge-stop
+* sudo nano /etc/openvpn/openvpn-shutdown
 <pre><nowiki>
-#!/bin/bash
+#!/bin/sh
 ####################################
@@ Line 54: / Line 53: @@
 brctl delbr $br
-for t in $tap; do
+openvpn --rmtun --dev $tap
-    openvpn --rmtun --dev $t
-done
 if [ "$eth_ip" != "" ]; then
      ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
 fi
-</nowiki></pre>
-* sudo chmod +x /etc/openvpn/bridge-start; sudo chmod +x /etc/openvpn/bridge-stop
-* sudo nano /etc/openvpn/openvpn-startup
-Add one line at the end of the file:
-<pre><nowiki>
-/etc/openvpn/bridge-start
-</nowiki></pre>
-* sudo nano /etc/openvpn/openvpn-shutdown
-<pre><nowiki>
-/etc/openvpn/bridge-stop
 </nowiki></pre>
@@ Line 100: / Line 84: @@
 ifconfig 192.168.1.2 255.255.255.0
 </nowiki></pre>
+Replace 192.168.1.2 with the IP address you want your client to use.
 [[Category: VPN]]

Amahi Wiki

Links

Personal tools

Navigation

Tools

Difference between revisions of "OpenVPN VPN Bridging"

Revision as of 20:55, 31 January 2010

VPN Bridging