Image Image Image Image Image Image Image Image Image Image

Ubuntu Server | November 27, 2022

Scroll to top

Top

No Comments

OpenVPN Bridging

OpenVPN Bridging

Tempo fa mi è capitato di dover configurare openvpn in bridge mode, questo modo.
a differenza della classica assegna ai client lo stesso indirizzo ip della rete locale.
È utilizzata per configurazioni particolari, dove il modo routing ha dato qualche problema.

Procediamo con l’installazione:
apt-get install openvpn bridge-utils iproute

Configuriamo il bridge tra la scheda di rete virtuale (tap0) e quella vera (eth0):
vi /etc/network/interfaces
auto br0
iface br0 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.254
pre-up /usr/sbin/openvpn –mktun –dev tap0
pre-up /sbin/ip link set tap0 up
pre-up /sbin/ip link set eth0 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 tap0
post-up /etc/init.d/openvpn start
pre-down /etc/init.d/openvpn stop
pre-down /usr/sbin/brctl delif br0 eth0
pre-down /sbin/ip link set eth0 down
pre-down /usr/sbin/brctl delif br0 tap0
pre-down /sbin/ip link set tap0 down
post-down /usr/sbin/brctl delbr br0
post-down /usr/sbin/openvpn –rmtun –dev tap0

Generiamo le chiavi rsa:
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

Modifichiamo il file vars mettendo i dati che servono.
export KEY_COUNTRY=IT
export KEY_PROVINCE=CZ
export KEY_CITY=Lamezia Terme
export KEY_ORG=Catanzaro
export KEY_EMAIL=francesco.gabriele@

Creiamo la sottodirectory keys se non esiste.
Mkdir key

Iniziamo con le chiavi del server.
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
openvpn –genkey –secret ta.key

Copiamo le chiavi generate nel path corretto.
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
cp ca.crt /etc/openvpn
cp server.crt /etc/openvpn
cp server.key /etc/openvpn
cp dh1024.pem /etc/openvpn
cd ..
cp ta.key /etc/openvpn

Ora generiamo quelle del primo client.
Mkdir /etc/openvpn/client1
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/
./build-key client1
cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
cp ca.crt /etc/openvpn/client1
cp client1.crt /etc/openvpn/client1
cp client1.key /etc/openvpn/client1
cd ..
cp ta.key /etc/openvpn/client1

Queste chiavi vanno copiate sul client

Creiamo il file di configurazione del Server.
vi /etc/openvpn/server.conf
port 1194
proto tcp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
client-to-client
local 192.168.10.254
server-bridge 192.168.10.254 255.255.255.0 192.168.10.16 192.168.10.19
comp-lzo
keepalive 15 45
ping-timer-rem
persist-tun
persist-key
status openvpn-status.log
verb 3

Ora creiamo quello del Client.
client
dev tap
proto tcp
remote 87.53.101.XX 1194
resolv-retry infinite
nobind
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
route-method exe
route-delay 2
verb 3

Per qualsiasi problema potete consultare la guida ufficiale http://www.openvpn.net/index.php/documentation/howto.html

Frank 🙂

Submit a Comment

*

adidas yeezy 650 boost adidas yeezy boost 650 adidas yeezy 650 boost colorways adidas yeezy 650 350 2 0 boost yeezy boost 650 adidas yeezy boost 650 supreme x nike air uptempo release info adidas yeezy boost 650 v1 sample detailed look adidas yeezy boost 650 v1 sample adidas yeezy boost 650 v1 sample adidas yeezy boost 650 v1 adidas yeezy 650 boost adidas yeezy boost 650 adidas yeezy 650 boost colorways adidas yeezy 650 350 2 0 boost yeezy boost 650 adidas yeezy boost 650 supreme x nike air uptempo release info adidas yeezy boost 650 v1 sample detailed look adidas yeezy boost 650 v1 sample