Thread: Bridge for openvpn help
i can't figure out. can't working bridge set up. followed instructions t on https://help.ubuntu.com/10.10/server...c/openvpn.html. when go make bridge, box loses ethernet connections , i'm not getting it. attached below /etc/network/interfaces (with bridge causing problems commented out)
machine 192.168.10.51 right (static assigned router)
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
#auto br0
#iface br0 inet static
# address 172.18.100.101
# network 192.168.10.0
# netmask 255.255.255.0
# broadcast 192.168.10.255
# gateway 192.168.10.1
# bridge_ports eth0
# bridge_fd 9
# bridge_hello 2
# bridge_maxage 12
# bridge_stp off
, /etc/openvpn/server.conf
(follows example documentation)
#################################################
# sample openvpn 2.0 config file #
# multi-client server. #
# #
# file server side #
# of many-clients <-> one-server #
# openvpn configuration. #
# #
# openvpn supports #
# single-machine <-> single-machine #
# configurations (see examples page #
# on web site more info). #
# #
# config should work on windows #
# or linux/bsd systems. remember on #
# windows quote pathnames , use #
# double backslashes, e.g.: #
# "c:\\program files\\openvpn\\config\\foo.key" #
# #
# comments preceded '#' or ';' #
#################################################
# local ip address should openvpn
# listen on? (optional)
local 172.18.100.101
# tcp/udp port should openvpn listen on?
# if want run multiple openvpn instances
# on same machine, use different port
# number each one. need to
# open port on firewall.
port 1194
# tcp or udp server?
;proto tcp
proto udp
# "dev tun" create routed ip tunnel,
# "dev tap" create ethernet tunnel.
# use "dev tap0" if ethernet bridging
# , have precreated tap0 virtual interface
# , bridged ethernet interface.
# if want control access policies
# on vpn, must create firewall
# rules the tun/tap interface.
# on non-windows systems, can give
# explicit unit number, such tun0.
# on windows, use "dev-node" this.
# on systems, vpn not function
# unless partially or disable
# firewall tun/tap interface.
dev tap0
;dev tun
# windows needs tap-win32 adapter name
# network connections panel if you
# have more one. on xp sp2 or higher,
# may need selectively disable the
# windows firewall tap adapter.
# non-windows systems don't need this.
;dev-node mytap
# ssl/tls root certificate (ca), certificate
# (cert), , private key (key). each client
# , server must have own cert and
# key file. server , clients will
# use same ca file.
#
# see "easy-rsa" directory series
# of scripts generating rsa certificates
# , private keys. remember use
# unique common name server
# , each of client certificates.
#
# x509 key management system can used.
# openvpn can use pkcs #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert server.crt
key server.key # file should kept secret
# diffie hellman parameters.
# generate own with:
# openssl dhparam -out dh1024.pem 1024
# substitute 2048 1024 if using
# 2048 bit keys.
dh dh1024.pem
# configure server mode , supply vpn subnet
# openvpn draw client addresses from.
# server take 10.8.0.1 itself,
# rest made available clients.
# each client able reach server
# on 10.8.0.1. comment line out if are
# ethernet bridging. see man page more info.
;server 10.8.0.0 255.255.255.0
"/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200
# maintain record of client <-> virtual ip address
# associations in file. if openvpn goes down or
# restarted, reconnecting clients can assigned
# same virtual ip address pool was
# assigned.
ifconfig-pool-persist ipp.txt
# configure server mode ethernet bridging.
# must first use os's bridging capability
# bridge tap interface ethernet
# nic interface. must manually set the
# ip/netmask on bridge interface, here we
# assume 10.8.0.4/255.255.255.0. we
# must set aside ip range in subnet
# (start=10.8.0.50 end=10.8.0.100) allocate
# connecting clients. leave line commented
# out unless ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# configure server mode ethernet bridging
# using dhcp-proxy, clients talk
# openvpn server-side dhcp server
# receive ip address allocation
# , dns server addresses. must first use
# os's bridging capability bridge tap
# interface ethernet nic interface.
# note: mode works on clients (such as
# windows), client-side tap adapter is
# bound dhcp client.
;server-bridge
# push routes client allow it
# reach other private subnets behind
# server. remember these
# private subnets need
# know route openvpn client
# address pool (10.8.0.0/255.255.255.0)
# openvpn server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
# assign specific ip addresses specific
# clients or if connecting client has private
# subnet behind should have vpn access,
# use subdirectory "ccd" client-specific
# configuration files (see man page more info).
# example: suppose client
# having certificate common name "thelonious"
# has small subnet behind connecting
# machine, such 192.168.40.128/255.255.255.248.
# first, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# create file ccd/thelonious line:
# iroute 192.168.40.128 255.255.255.248
# allow thelonious' private subnet to
# access vpn. example work
# if routing, not bridging, i.e. are
# using "dev tun" , "server" directives.
# example: suppose want give
# thelonious fixed vpn ip address of 10.9.0.1.
# first uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# add line ccd/thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# suppose want enable different
# firewall access policies different groups
# of clients. there 2 methods:
# (1) run multiple openvpn daemons, 1 each
# group, , firewall tun/tap interface
# each group/daemon appropriately.
# (2) (advanced) create script dynamically
# modify firewall in response access
# different clients. see man
# page more info on learn-address script.
;learn-address ./script
# if enabled, directive configure
# clients redirect default
# network gateway through vpn, causing
# ip traffic such web browsing and
# , dns lookups go through vpn
# (the openvpn server machine may need nat
# or bridge tun/tap interface internet
# in order work properly).
;push "redirect-gateway def1 bypass-dhcp"
push "route 172.18.100.1 255.255.255.0"
push "dhcp-option dns 172.18.100.20"
push "dhcp-option domain example.com"
# windows-specific network settings
# can pushed clients, such dns
# or wins server addresses. caveat:
# http://openvpn.net/faq.html#dhcpcaveats
# addresses below refer public
# dns servers provided opendns.com.
;push "dhcp-option dns 208.67.222.222"
;push "dhcp-option dns 208.67.220.220"
# uncomment directive allow different
# clients able "see" each other.
# default, clients see server.
# force clients see server, you
# need appropriately firewall the
# server's tun/tap interface.
;client-to-client
# uncomment directive if multiple clients
# might connect same certificate/key
# files or common names. recommended
# testing purposes. production use,
# each client should have own certificate/key
# pair.
#
# if have not generated individual
# certificate/key pairs each client,
# each having own unique "common name",
# uncomment line out.
;duplicate-cn
# keepalive directive causes ping-like
# messages sent , forth over
# link each side knows when
# other side has gone down.
# ping every 10 seconds, assume remote
# peer down if no ping received during
# 120 second time period.
keepalive 10 120
# security beyond provided
# ssl/tls, create "hmac firewall"
# block dos attacks , udp port flooding.
#
# generate with:
# openvpn --genkey --secret ta.key
#
# server , each client must have
# copy of key.
# second parameter should '0'
# on server , '1' on clients.
;tls-auth ta.key 0 # file secret
tls-auth ta.key 0 # file secret
user nobody
group nogroup
# select cryptographic cipher.
# config item must copied to
# client config file well.
;cipher bf-cbc # blowfish (default)
;cipher aes-128-cbc # aes
;cipher des-ede3-cbc # triple-des
# enable compression on vpn link.
# if enable here, must also
# enable in client config file.
comp-lzo
# maximum number of concurrently connected
# clients want allow.
;max-clients 100
# it's idea reduce openvpn
# daemon's privileges after initialization.
#
# can uncomment out on
# non-windows systems.
;user nobody
;group nogroup
# persist options try avoid
# accessing resources on restart
# may no longer accessible because
# of privilege downgrade.
persist-key
persist-tun
# output short status file showing
# current connections, truncated
# , rewritten every minute.
status openvpn-status.log
# default, log messages go syslog (or
# on windows, if running service, go to
# "\program files\openvpn\log" directory).
# use log or log-append override default.
# "log" truncate log file on openvpn startup,
# while "log-append" append it. use one
# or other (but not both).
;log openvpn.log
;log-append openvpn.log
# set appropriate level of log
# file verbosity.
#
# 0 silent, except fatal errors
# 4 reasonable general usage
# 5 , 6 can debug connection problems
# 9 extremely verbose
verb 3
# silence repeating messages. @ 20
# sequential messages of same message
# category output log.
;mute 20
Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [ubuntu] Bridge for openvpn help
Ubuntu
Comments
Post a Comment