View Source: OpenVPNNotes - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages

!![OpenVPN] bridge between two [Linux] Routers

This will create a complete bridge and all network traffic (including [UDP] Broadcasts) will transfer over the [VPN]. If you do not want this, you will want a tunnel setup.

Produce [OpenSSL] certificate and keys and copy the key over to the other machine.


__Client Config__
<verbatim>
 client
 dev tap
 proto udp
 remote remote.host 1194

 resolv-retry infinite
 nobind

 persist-key
 persist-tun

 ca cacert.pem
 cert openssl.crt
 key openssl.key
 cipher BF-CBC

 comp-lzo
 # To handle large UDP Packets
 # and include OpenVPN overhead
 # over DSL <-> DSL connections
 fragment 1400
 link-mtu 1400
 mssfix 1300

 log         openvpn.log
 log-append  openvpn.log
 verb 6
 mute 20
</verbatim>

__Server Config__
<verbatim>
 port 1194
 proto udp
 dev tap

 ca cacert.pem
 cert openssl.crt
 key openssl.key
 dh dh1024.pem

 ifconfig-pool-persist ipp.txt

 # Servers TAP interface IP and ip-range of connecting clients
 server-bridge 192.168.1.1 255.255.255.0 192.168.1.2 192.168.1.5

 client-to-client

 keepalive 10 120
 cipher BF-CBC        # Blowfish (default)
 comp-lzo

 # To handle large UDP Packets
 # and include OpenVPN overhead
 # over DSL <-> DSL connections
 fragment 1400
 link-mtu 1400
 mssfix 1300

 persist-key
 persist-tun

 status openvpn-status.log
 log         openvpn.log
 log-append  openvpn.log
 verb 6
 mute 20
</verbatim>

Make sure ipforwarding is enabled, and setup a bridge device between your internal adaptor and the tap device. On the server site, give you tap device the ip address of the first [IP] in "server-bridge".

Start openvpn on each machine and now you should be able to ping any [IP] on either side of the [VPN] connection.

One page links to OpenVPNNotes:

OpenVPN

Last edited on Sunday, February 25, 2007 11:11:37 pm by TimCareySmith

Edit PageHistory Diff Info LikePages