Config ServerNET Bridging

Aus OpenVPN Wiki

Wechseln zu: Navigation, Suche



This configuration has the advantage that the clients to behave as if they were involved in the local network - they got all the NetBIOS broadcasts, etc., can easily access network shares, participate in LAN gaming or log on locally available services (eg on the Web interface of the router or IP range limited VNC server).

Installing OpenVPN on the server and the client

see Install_Windows and Install_Linux,

Loading the DO-Drivers (Linux only)

The kernel must have compiled to provide a corresponding module (or tun.o tun.ko) or TUN / TAP support. Then you can load it as root with the command:

root @ earth # modprobe tun

If the TUN / TAP driver is not found (especially in virtual machines in the case) you need to create the device by hand:

mkdir-p / dev / net
mknod / dev / net / tun c 10 200
chmod 600 / dev / net / do

Note:The TUN driver also provides the TAP interface.

Generating certificates / keys

Windows: see C: \ Program Files \ OpenVPN \ easy-rsa \ readme.txt Procedure in this file to the key steps for server and client (s) to produce. Copy the following files to the server:

  • Ca.crt
  • Server.crt
  • Server.key
  • Dh1024.pem

The files to copy to the client:

  • Ca.crt
  • Client.crt
  • Client.key

Linux / Unix: easy-rsa is in the tarball of the source code or can be downloaded from The procedure is similar to Windows.

Open the needed firewall ports

If the server behind a firewall / router one so there must be forwarded to the appropriate port on the server. The default port of OpenVPN is 1194/UDP .

Creating the network bridge on the server

Windows XP: OpenVPN has already created a virtual network adapter. Switch to the Details view network connections - a network connection should wear the device name "TAP-Win32 Adapter V8" - that is the OpenVPN virtual network adapter. Select This network connection and the normal outdoor fountains network connection, right click and "bridge connections" option. Then in the properties of the newly created network bridge to assign a fixed IP.

Linux / Unix At the end of the instructions on Bridge is a start / stop script for Linux. This must be matched and executed before the start of OpenVPN.

Note: On Windows 2000 and earlier is not creating a network bridge possible. Windows 2003 Server only allowed in certain versions of the creation of network bridges. In Linux is when you run the script in some cases, the default route lost brooks to the router (and therefore the Internet connection), then this must be added manually using the "route" command or you write the script for accordingly.

Tip Windows 2000: With the "Ethernet Bridge" from man can build on Windows 2000 (Server) a bridge.

Customizing the configuration files

Configuration file for the Client (s ):

# client complies with the directives: tls-client and pull

remote 1194 # Host Name / external IP of the server / router port to adjust accordingly
proto udp # UDP protocol, TCP: proto tcp-client
dev tap tap0 # possibly on Linux

# Adjust Here the paths to point to the generated keys
ca ca.crt
client.crt cert
key client.key
ns-cert-type server # A security measure

verb 3 # For debugging increase
mute 50 # For debugging, comment out

Config file for the OpenVPN server:

server-bridge # gateway of the network subnet mask _ _ _ StarTip EndIP

port 1194 # listen on port 1194
proto udp # UDP protocol, TCP: proto tcp-server
dev tap tap0 # possibly on Linux

# Adjust Here the paths to point to the generated keys
ca ca.crt
cert server.crt
key server.key
ie dh1024.pem

# client-to-client data from VPN client to VPN client will be directly in OpenVPN

# Float # Only if clients change their IPs during the connection

keepalive 20 180 # ping every 20 seconds. 3 minutes timeout for client connections

verb 3 # For debugging increase
mute 50 # For debugging, comment out 

Startup set on the server, connect to the client

OpenVPN must now be started on the server with the server.ovpn configuration file:

Windows XP: The OpenVPN installer has already created a service which only started or to "Automatic" is set to be (Admin Privileges required).

Thereafter, the Client Connect is by starting with the client.ovpn OpenVPN configuration file. For Windows clients, a comfortable GUI exists under [[1]]

Persönliche Werkzeuge