|
|
sadfub@xxxxxxx wrote:
> Hello everyone,
>
> actually I've here a multiple client tun-server running, but I need a
> client with a tap device. (I'll use this in a VMware instance with
> bridging, and tun doesn't work) Since each connection has to have
> identically tun xor tap interfaces my server.conf has a "dev tun" line
> in its configuration file. Hence I feel impossible to make a tap-client.
>
I don't know if this is a limitation of your VM guest, but I've used tun
devices in OpenVPN (both as a Linux and Windows guest using VMware's
bridging configuration for the client adapter.)
> A solution could be to run multiple OpenVPN instances on my box, and
> connect the networks with routing. So I inspected the
> /etc/init.d/openvpn script and I saw that there seems to be support for
> multiple instances:
>
> [...]
> for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
> NAME=${CONFIG%%.conf}
> start_vpn
> done
> [...]
>
Most distribution's initscripts do the same thing which allows you to
run as many OpenVPN daemons as you want. Just create another
/etc/openvpn/bridge.conf (or whatever you want to call it) and set it up
to use a tap adapter. Don't forget to take care of the interface
bridging on your server if you want to bring this client onto your
existing LAN.
As a small side note, different distributions may have slightly
different initscripts, so consult any documentation that's in your
file. I don't recognize that snipit of code from the official OpenVPN
initscript (which only works on Redhat or similar init systems) which is
why I bring this up.
> My question, is there a small guide somewhere that I could read? Is it
> possible to use the certificates I already using for the tun-openvpn
> network, since the new instance would need a sever certificate, or am I
> wrong?
>
You can use the same set of certificates on both servers, but just
remember that this means a client with a valid certificate could choose
to connect to either server, so be mindful of your security needs. If
that poses a problem you might want to either use a verify script to
only allow specific clients or consider a separate set of certificates
for each instance.
As far as a guide goes, here's the OpenVPN.net example of a bridged
configuration: http://openvpn.net/bridge.html.
--
Josh
Attachment:
signature.asc
Description: OpenPGP digital signature
|