[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Re: Is this typical behaviour when bridging?

  • Subject: RE: [Openvpn-users] Re: Is this typical behaviour when bridging?
  • From: "Neil Stewart" <sourceforge@xxxxxxxxxxxx>
  • Date: Wed, 3 Mar 2004 20:42:03 -0000
  • Importance: Normal
> Hi,
>     I am having the same problem but still haven't got it 
> resolved.  Do you 
> mind post your configuration on both Server and Client side?  
> Thanks in 
> advance!
> 
> Barrow

Hi,

These are actually pretty standard (apart from the additional line for
the default gateway routing). But hope they help.

My firewall has port forwarding enabled at the server end, but it
doesn't need to be done at the client end if the firewall supports
stateful packet inspection, as it will dynamically open the UDP port
once the initial packet is sent.

The VPN server is running on a Linux box on the internal network.
Clients are WinXP.

Server start script
===================
#!/bin/bash

modprobe tun
modprobe bridge

openvpn --mktun --dev tap-pool01
openvpn --mktun --dev tap-nstewart1
# Add further tap devices here for multiple incoming connections

brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap-pool01
brctl addif br0 tap-nstewart1
# Add further tap devices here

ifconfig eth0          0.0.0.0 promisc up
ifconfig tap-pool01    0.0.0.0 promisc up
ifconfig tap-nstewart1 0.0.0.0 promisc up

# Set br0 to same settings as eth0 used to have
ifconfig br0 192.168.2.6 netmask 255.255.255.0 broadcast 192.168.2.255
route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.2.254

# End of script


Server VPN Config
=================
# Bind to IP address of local machine on eth0
local 192.168.2.6
port 9201
dev tap-nstewart1

secret keys/pc-nstewart1.key

# Restart control
persist-key
persist-tun
ping-timer-rem
ping-restart 60
ping 10

# Compression
comp-lzo

# UID
user nobody
group nobody

# Verbosity
verb 3

# Logging
log /usr/local/sbin/vpn-config/logs/pc-nstewart1.log


Client VPN config
=================
remote XX.XX.XX.XX    [public internet address]
port 9201

dev tap

# For some reason the TAP ignores this and uses DHCP.
# Need to find out why...
ifconfig 192.168.2.240 255.255.255.0

secret pc-nstewart1.key

ping-restart 60
ping-timer-rem
persist-tun
persist-key
resolv-retry 86400

# keep-alive ping
ping 10

# enable LZO compression
comp-lzo

# moderate verbosity
verb 3
mute 10


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users