Penguin
Note: You are viewing an old revision of this page. View the current version.

OpenVPN bridge between two Linux Routers

This will create a complete bridge and all network traffic (including UDP Broadcasts) will transfer over the VPN. If you do not want this, you will want a tunnel setup.

Produce OpenSSL certificate and keys and copy the key over to the other machine.

Client Config

client dev tap proto udp remote remote.host 1194

resolv-retry infinite nobind

persist-key persist-tun

ca cacert.pem cert openssl.crt key openssl.key cipher BF-CBC

comp-lzo

  1. To handle large UDP Packets
  2. and include OpenVPN overhead
  3. over DSL <-> DSL connections

fragment 1400 link-mtu 1400 mssfix 1300

log openvpn.log log-append openvpn.log verb 6 mute 20

Server Config

port 1194 proto udp dev tap

ca cacert.pem cert openssl.crt key openssl.key dh dh1024.pem

ifconfig-pool-persist ipp.txt

  1. Servers TAP interface IP and ip-range of connecting clients

server-bridge 192.168.0.1 255.255.255.0 192.168.1.2 192.168.1.5

client-to-client

keepalive 10 120 cipher BF-CBC # Blowfish (default) comp-lzo

  1. To handle large UDP Packets
  2. and include OpenVPN overhead
  3. over DSL <-> DSL connections

fragment 1400 link-mtu 1400 mssfix 1300

persist-key persist-tun

status openvpn-status.log log openvpn.log log-append openvpn.log verb 6 mute 20

Make sure ipforwarding is enabled, and setup a bridge device between your internal adaptor and the tap device. On the server site, give you tap device the ip address of the first IP in "server-bridge".

Start openvpn on each machine and now you should be able to ping any IP on either side of the VPN connection.