Config ServerNET Bridging
Aus OpenVPN Wiki
Introduction
This configuration has the advantage that the clients to behave as if they were involved in the local network - they got all the NetBIOS broadcasts, etc., can easily access network shares, participate in LAN gaming or log on locally available services (eg on the Web interface of the router or IP range limited VNC server).
Installing OpenVPN on the server and the client
see Install_Windows and Install_Linux,
Loading the DO-Drivers (Linux only)
The kernel must have compiled to provide a corresponding module (or tun.o tun.ko) or TUN / TAP support. Then you can load it as root with the command:
root @ earth # modprobe tun
If the TUN / TAP driver is not found (especially in virtual machines in the case) you need to create the device by hand:
mkdir-p / dev / net mknod / dev / net / tun c 10 200 chmod 600 / dev / net / do
Note:The TUN driver also provides the TAP interface.
Generating certificates / keys
Windows: see C: \ Program Files \ OpenVPN \ easy-rsa \ readme.txt Procedure in this file to the key steps for server and client (s) to produce. Copy the following files to the server:
- Ca.crt
- Server.crt
- Server.key
- Dh1024.pem
The files to copy to the client:
- Ca.crt
- Client.crt
- Client.key
Linux / Unix: easy-rsa is in the tarball of the source code or can be downloaded from http://openvpn.net/easyrsa.html. The procedure is similar to Windows.
Open the needed firewall ports
If the server behind a firewall / router one so there must be forwarded to the appropriate port on the server. The default port of OpenVPN is 1194/UDP .
Creating the network bridge on the server
Windows XP: OpenVPN has already created a virtual network adapter. Switch to the Details view network connections - a network connection should wear the device name "TAP-Win32 Adapter V8" - that is the OpenVPN virtual network adapter. Select This network connection and the normal outdoor fountains network connection, right click and "bridge connections" option. Then in the properties of the newly created network bridge to assign a fixed IP.
Linux / Unix At the end of the instructions on http://openvpn.net/bridge.html Bridge is a start / stop script for Linux. This must be matched and executed before the start of OpenVPN.
Note: On Windows 2000 and earlier is not creating a network bridge possible. Windows 2003 Server only allowed in certain versions of the creation of network bridges. In Linux is when you run the script in some cases, the default route lost brooks to the router (and therefore the Internet connection), then this must be added manually using the "route" command or you write the script for accordingly.
Tip Windows 2000: With the "Ethernet Bridge" from http://www.ntkernel.com/ man can build on Windows 2000 (Server) a bridge.
Customizing the configuration files
Configuration file for the Client (s ):
# client complies with the directives: tls-client and pull remote my-openvpn-server.dyndns.com 1194 # Host Name / external IP of the server / router port to adjust accordingly proto udp # UDP protocol, TCP: proto tcp-client dev tap tap0 # possibly on Linux # Adjust Here the paths to point to the generated keys ca ca.crt client.crt cert key client.key ns-cert-type server # A security measure verb 3 # For debugging increase mute 50 # For debugging, comment out
Config file for the OpenVPN server:
server-bridge 192.168.1.10 255.255.255.0 192.168.1.220 192.168.1.230 # gateway of the network subnet mask _ _ _ StarTip EndIP port 1194 # listen on port 1194 proto udp # UDP protocol, TCP: proto tcp-server dev tap tap0 # possibly on Linux # Adjust Here the paths to point to the generated keys ca ca.crt cert server.crt key server.key ie dh1024.pem # client-to-client data from VPN client to VPN client will be directly in OpenVPN # Float # Only if clients change their IPs during the connection ping-timer-rem keepalive 20 180 # ping every 20 seconds. 3 minutes timeout for client connections verb 3 # For debugging increase mute 50 # For debugging, comment out
Startup set on the server, connect to the client
OpenVPN must now be started on the server with the server.ovpn configuration file:
Windows XP: The OpenVPN installer has already created a service which only started or to "Automatic" is set to be (Admin Privileges required).
Thereafter, the Client Connect is by starting with the client.ovpn OpenVPN configuration file. For Windows clients, a comfortable GUI exists under [[1]]
