Menu
▾
▴
[Openvpn-users] [noob] OpenVpn bridging mode configuration
|
From: bellefqih m. <b_5...@ya...> - 2007-07-29 17:02:11
|
Hi ,
i have just installed openvpn , i got a scenario when i have small LAN , we application servers in it (oracle,apache...) , and i want people to connect to the lan and browse the lan ressource .
there is my server conf :
proto udp
port 1194
dev tap0
keepalive 10 120
comp-lzo
user nobody
group nogroup
server-bridge 192.168.1.201 255.255.255.0 192.168.1.220 192.168.1.230
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option WINS 192.168.1.1"
push "route 192.168.1.0 255.255.255.0"
client-config-dir /etc/openvpn/clients
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/globeVPN.crt
key /etc/openvpn/keys/globeVPN.key
dh /etc/openvpn/keys/dh1024.pem
log-append /etc/openvpn/openvpn.log
client-to-client
verb 6
and the client:
proto udp
dev tap0
remote server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
tls-client
verb 9
user nobody
group nogroup
ca ca.crt
cert Client01.crt
key Client01.key
log-append client.log
NB , i got a small lan : 192.168.1.0 , with a routeur(192.168.1.1) that got a dns/dhcp ...
and i am using bridge-start/stop script
#!/bin/bash
br="br0"
tap="tap0"eth="eth0"
eth_ip="192.168.1.201"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
and bridge-stop:
#!/bin/bash
br="br0"
tap="tap0"
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
, when i start the bridge-start script , my network crash and i must restart the machine , i'm sure i have missed something somewhere , but i need a help to find what :d
AND THANKS A LOT
---------------------------------
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail |
