OpenVPN VPN Bridging

From Amahi Wiki
Revision as of 04:55, 12 April 2011 by Sag47 (talk | contribs)
Jump to: navigation, search
Warning.png WARNING
This procedure could break networking, proceed with extreme caution!



Here's the procedure you need to follow in order to have your VPN clients get IP addresses in the same subnet as your HDA. This will enable certain traffic like broadcast traffic used in autodetection of protocols like DLNA and DHCP, cross your VPN bridge.

For example, if you HDA's IP is 192.168.0.2, by default, connecting to it using an OpenVPN client will give your client computer an IP address like 10.8.0.x. The following procedure will change this so that your client will receive an IP address like 192.168.0.x.

  • sudo yum -y install bridge-utils
  • sudo nano /etc/openvpn/openvpn-startup

Add this at the end of the file:

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

br="br0"
tap="tap0"

eth="eth0"
eth_ip=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 $eth | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

openvpn --mktun --dev $tap

brctl addbr $br
brctl addif $br $eth
brctl addif $br $tap

ifconfig $tap 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
ifconfig $eth 0.0.0.0 promisc up
  • sudo nano /etc/openvpn/openvpn-shutdown
#!/bin/sh

####################################
# Tear Down Ethernet bridge on Linux
####################################

br="br0"
tap="tap0"
eth="eth0"
eth_ip=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $2}' | awk '{print $1}'`
eth_netmask=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $4}' | awk '{print $1}'`
eth_broadcast=`ifconfig | grep -A 1 $br | tail -1 | awk -F':' '{printf $3}' | awk '{print $1}'`

ifconfig $br down
brctl delbr $br

openvpn --rmtun --dev $tap

if [ "$eth_ip" != "" ]; then
    ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
fi
  • sudo chmod +x /etc/openvpn/openvpn-shutdown
  • sudo nano /etc/openvpn/amahi.conf

Remove the line that contains: dev tun and replace it with this:

mode server
tls-server
dev tap0

And remove (or comment out) the lines that start with server and ifconfig-pool-persist.

  • sudo iptables -A INPUT -i tap0 -j ACCEPT
  • sudo iptables -A INPUT -i br0 -j ACCEPT
  • sudo iptables -A FORWARD -i br0 -j ACCEPT
  • sudo service openvpn restart
  • In your OpenVPN client (such as Amahi HDAConnect for Windows users) configuration, change dev tun with dev tap. You'll also need to add a line that will make the client IP static:
      ifconfig 192.168.0.x 255.255.255.0

Replace "x" in the IP address above with address you want your client to use.