OpenVPN в режиме сетевого моста br0

pacman -S openvpn bridge-utils netcfg
cd /etc/network.d/
cp examples/tuntap openvpn_tap

vi /etc/rc.conf

...
NETWORKS=(openvpn_tap openvpn_bridge)
...
DAEMONS=(hwclock syslog-ng net-profiles sshd crond)

vi /etc/network.d/openvpn_bridge

INTERFACE="br0"
CONNECTION="bridge"
DESCRIPTION="Example Bridge connection"
BRIDGE_INTERFACES="eth0 tap0"
IP='static'
ADDR='192.168.0.1'
GATEWAY='192.168.0.1'

vi /etc/network.d/openvpn_tap

 
INTERFACE='tun0'
CONNECTION='tuntap'
MODE='tun'
USER='nobody'
GROUP='nobody'

DNS=(‘192.168.0.4’)

echo "echo 1 > /proc/sys/net/ipv4/ip_forward">>/etc/rc.local

echo «/etc/rc.d/openvpn restart»>>/etc/rc.local
echo «sleep 5»>>/etc/rc.local
echo «/etc/rc.d/net-profiles restart»>>/etc/rc.local

cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa/

Устанавливаем параметры генерации ключей.
vi vars

export KEY_COUNTRY="RU"
export KEY_PROVINCE="RU"
export KEY_CITY="Moscow"
export KEY_ORG="My Firm"
export KEY_EMAIL="uname@mydomain.net"
export KEY_EMAIL=uname2@mydomain.ru
export KEY_CN=MyFirm
export KEY_NAME=MyFirm
export KEY_OU=MyFirm
export PKCS11_MODULE_PATH=MyFirm
export PKCS11_PIN=1234
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key client1
./build-key client2
...

Сервер

cd ../
vi openvpn.conf
#ip этого компа
local 192.168.0.1
port 11194
proto tcp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh1024.pem

#this will assign connecting clients address between the range of 100 and 150
server-bridge 192.168.0.1 255.255.255.0 192.168.0.150 192.168.0.155

#this will allow for people to get the same IP address after a reconnect
ifconfig-pool-persist /etc/openvpn/ipp.txt

push «route 192.168.0.0 255.255.255.0»

#change this to your companies DNS server or omit it entirely
push «dhcp-option DNS 192.168.0.4»
keepalive 10 120
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status /tmp/openvpn-status.log
log-append /var/log/openvpn.log
verb 6

Клиент

client
dev tap
proto tcp
remote xx.xxx.xxx.xx 11194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
ns-cert-type server
user openvpn
group openvpn
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/user1.crt
key /etc/openvpn/keys/user1.key

status /tmp/openvpn-status.log
log-append /var/log/openvpn.log

Запуск
Как обычно или:
openvpn —config < путь до конфига>

Запись опубликована в рубрике Arch, Linux, Десктоп, Сервер. Добавьте в закладки постоянную ссылку.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

Анти-спам: выполните заданиеWordPress CAPTCHA