|
|
Josh Cepek schrieb: > sadfub@xxxxxxx wrote: >> Hello everyone, >> >> actually I've here a multiple client tun-server running, but I need a >> client with a tap device. (I'll use this in a VMware instance with >> bridging, and tun doesn't work) Since each connection has to have >> identically tun xor tap interfaces my server.conf has a "dev tun" line >> in its configuration file. Hence I feel impossible to make a tap-client. > > I don't know if this is a limitation of your VM guest, but I've used tun > devices in OpenVPN (both as a Linux and Windows guest using VMware's > bridging configuration for the client adapter.) no, my vmware-config.pl script complains that it cannot bridge vmnet2 to the tun0 interface on my vmware-server. At this point no guest operating system is involved. The guests shouldn't see that their eth0 interface is bridged to a openvpn tunnel. My setup was: tun0 on vmware-server, where some vmware-instances should be able to bridge via vmware-network vmnetXY to this tunnel. And the briding from tun0 <-> vmnetXY let's say vmnet2, failed. I used vmware-server 1.0.1, and I thought, that tun0 might not be capable of briding. > As a small side note, different distributions may have slightly > different initscripts, so consult any documentation that's in your > file. I don't recognize that snipit of code from the official OpenVPN > initscript (which only works on Redhat or similar init systems) which is > why I bring this up. yes you are right, I use ubuntu, thanks for the advice. >> My question, is there a small guide somewhere that I could read? Is it >> possible to use the certificates I already using for the tun-openvpn >> network, since the new instance would need a sever certificate, or am I >> wrong? > > You can use the same set of certificates on both servers, but just > remember that this means a client with a valid certificate could choose > to connect to either server, so be mindful of your security needs. If > that poses a problem you might want to either use a verify script to > only allow specific clients or consider a separate set of certificates > for each instance. Ooops, yes indeed, so I will create a new set of certificates, thank you! ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |