Annotated edit history of
OpenVPNNotes version 5, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 3 |
DrewBroadley |
1 |
!![OpenVPN] bridge between two [Linux] Routers |
| 1 |
DrewBroadley |
2 |
|
| 3 |
DrewBroadley |
3 |
This will create a complete bridge and all network traffic (including [UDP] Broadcasts) will transfer over the [VPN]. If you do not want this, you will want a tunnel setup. |
| 1 |
DrewBroadley |
4 |
|
| |
|
5 |
Produce [OpenSSL] certificate and keys and copy the key over to the other machine. |
| |
|
6 |
|
| |
|
7 |
|
| |
|
8 |
__Client Config__ |
| 5 |
TimCareySmith |
9 |
<verbatim> |
| 1 |
DrewBroadley |
10 |
client |
| |
|
11 |
dev tap |
| |
|
12 |
proto udp |
| |
|
13 |
remote remote.host 1194 |
| |
|
14 |
|
| |
|
15 |
resolv-retry infinite |
| |
|
16 |
nobind |
| |
|
17 |
|
| |
|
18 |
persist-key |
| |
|
19 |
persist-tun |
| |
|
20 |
|
| |
|
21 |
ca cacert.pem |
| |
|
22 |
cert openssl.crt |
| |
|
23 |
key openssl.key |
| |
|
24 |
cipher BF-CBC |
| |
|
25 |
|
| |
|
26 |
comp-lzo |
| |
|
27 |
# To handle large UDP Packets |
| |
|
28 |
# and include OpenVPN overhead |
| |
|
29 |
# over DSL <-> DSL connections |
| |
|
30 |
fragment 1400 |
| |
|
31 |
link-mtu 1400 |
| |
|
32 |
mssfix 1300 |
| |
|
33 |
|
| |
|
34 |
log openvpn.log |
| |
|
35 |
log-append openvpn.log |
| |
|
36 |
verb 6 |
| |
|
37 |
mute 20 |
| 5 |
TimCareySmith |
38 |
</verbatim> |
| 1 |
DrewBroadley |
39 |
|
| |
|
40 |
__Server Config__ |
| 5 |
TimCareySmith |
41 |
<verbatim> |
| 1 |
DrewBroadley |
42 |
port 1194 |
| |
|
43 |
proto udp |
| |
|
44 |
dev tap |
| |
|
45 |
|
| |
|
46 |
ca cacert.pem |
| |
|
47 |
cert openssl.crt |
| |
|
48 |
key openssl.key |
| |
|
49 |
dh dh1024.pem |
| |
|
50 |
|
| |
|
51 |
ifconfig-pool-persist ipp.txt |
| |
|
52 |
|
| |
|
53 |
# Servers TAP interface IP and ip-range of connecting clients |
| 4 |
DrewBroadley |
54 |
server-bridge 192.168.1.1 255.255.255.0 192.168.1.2 192.168.1.5 |
| 1 |
DrewBroadley |
55 |
|
| |
|
56 |
client-to-client |
| |
|
57 |
|
| |
|
58 |
keepalive 10 120 |
| |
|
59 |
cipher BF-CBC # Blowfish (default) |
| |
|
60 |
comp-lzo |
| |
|
61 |
|
| |
|
62 |
# To handle large UDP Packets |
| |
|
63 |
# and include OpenVPN overhead |
| |
|
64 |
# over DSL <-> DSL connections |
| |
|
65 |
fragment 1400 |
| |
|
66 |
link-mtu 1400 |
| |
|
67 |
mssfix 1300 |
| |
|
68 |
|
| |
|
69 |
persist-key |
| |
|
70 |
persist-tun |
| |
|
71 |
|
| |
|
72 |
status openvpn-status.log |
| |
|
73 |
log openvpn.log |
| |
|
74 |
log-append openvpn.log |
| |
|
75 |
verb 6 |
| |
|
76 |
mute 20 |
| 5 |
TimCareySmith |
77 |
</verbatim> |
| 1 |
DrewBroadley |
78 |
|
| 2 |
DrewBroadley |
79 |
Make sure ipforwarding is enabled, and setup a bridge device between your internal adaptor and the tap device. On the server site, give you tap device the ip address of the first [IP] in "server-bridge". |
| 1 |
DrewBroadley |
80 |
|
| 2 |
DrewBroadley |
81 |
Start openvpn on each machine and now you should be able to ping any [IP] on either side of the [VPN] connection. |
