November 2007
Beginner
642 pages
15h 43m
English
Content preview from Linux Networking CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
9.9. Setting Up the OpenVPN Server in Bridge Mode
Problem
You want to run your OpenVPN server in bridged mode because you aren't supporting a lot of users. You're trading the slower performance of an Ethernet bridge for its ease of administration. You've made sure your VPN clients do not have conflicting addresses with your LAN.
Solution
First, make sure you have the bridge-utils package installed. Then, fetch the example bridge-start script. If your distribution does not include it, you'll find it in the OpenVPN source tarball, or online at OpenVPN.net (http://openvpn.net/bridge.html#linuxscript). Edit the first section to include your own bridge address, tap address, and your own IP address:
# Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth0" eth_ip="192.168.1.10" eth_netmask="255.255.255.0" eth_broadcast="192.168.1.255"
Next, copy it to /usr/sbin/openvpn, along with bridge-stop, which needs no changes.
Now, change two lines in your server configuration, which we'll
call /etc/openvpn/server-bridge.conf. Change
dev tun to dev tap0, then comment out your server and
push lines, and replace them with this:
server-bridge 192.168.1.10 255.255.255.0 192.168.1.128 192.168.1.254This configures server-bridge
with your own gateway, netmask, client IP-range-start, and client
IP-range-end.
VPN clients also need devtun changed to ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.