Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.

vineri, 10 iunie 2011

Openvpn network with tap (bridge mode)

In this configuration all clients are in bridge.
This config is without encryption.

Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates


#Begin server.conf

local x.x.x.x
port 1194
proto udp
dev tap
server-bridge 192.168.100.10 255.255.255.0 192.168.100.129 192.168.100.254
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem

#Make sure this is your tunnel address pool
#server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary

#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
#cipher BF-CBC #Blowfish encryption
cipher none
###comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
#client-config-dir /usr/local/etc/openvpn/ccd
ping-restart 0

=====================================================

cat ipp.txt

1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48

===============================================================
===============================================================
CLIENT SIDE


client
dev tap
proto udp
remote x.x.x.x 1194 #server ip address
resolv-retry infinite
nobind
persist-key
persist-tun
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
#comp-lzo
ping-restart 0
cipher none

Niciun comentariu:

Map


Visitor Map