Openvpn lan to lan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Script) |
|||
| Zeile 28: | Zeile 28: | ||
esac | esac | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | ==Openvpn== | ||
| + | *openssl dhparam -out dh4096.pem 4096 | ||
| + | *cat lan-bridge.conf | ||
| + | <pre> | ||
| + | dev tap1 | ||
| + | daemon | ||
| + | cipher AES-256-CBC | ||
| + | tls-server | ||
| + | proto udp | ||
| + | port 5555 | ||
| + | ca /etc/openvpn/ca.crt | ||
| + | cert /etc/openvpn/bortus.tuxmen.de.crt | ||
| + | key /etc/openvpn/bortus.tuxmen.de.key | ||
| + | dh /etc/openvpn/dh4096.pem | ||
| + | mssfix | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | log /var/log/openvpn | ||
| + | status /var/log/openvpn-status.log | ||
| + | verb 4 | ||
| + | keepalive 10 120 | ||
| + | mute 50 | ||
| + | log-append /var/log/openvpn | ||
| + | compress lzo | ||
| + | verb 3 | ||
| + | </pre> | ||
| + | |||
=Client= | =Client= | ||
==Script== | ==Script== | ||
Version vom 23. Juli 2021, 13:43 Uhr
Server Seite
Script
#!/bin/bash
BR=vmbr0
INT=ens30
TAP=tap1
IP="10.86.0.1 netmask 255.255.0.0"
case $1 in
start)
openvpn --mktun --dev $TAP
brctl addbr $BR
brctl addif $BR $INT
brctl addif $BR $TAP
ifconfig $INT 0.0.0.0 promisc up
ifconfig $TAP 0.0.0.0 promisc up
ifconfig $BR $IP up
;;
stop)
ifconfig $BR $IP down
ifconfig $TAP 0.0.0.0 promisc down
ifconfig $INT 0.0.0.0 promisc down
brctl delif $BR $TAP
brctl delif $BR $INT
brctl delbr $BR
openvpn --rmtun --dev $TAP
;;
esac
Openvpn
- openssl dhparam -out dh4096.pem 4096
- cat lan-bridge.conf
dev tap1 daemon cipher AES-256-CBC tls-server proto udp port 5555 ca /etc/openvpn/ca.crt cert /etc/openvpn/bortus.tuxmen.de.crt key /etc/openvpn/bortus.tuxmen.de.key dh /etc/openvpn/dh4096.pem mssfix persist-key persist-tun log /var/log/openvpn status /var/log/openvpn-status.log verb 4 keepalive 10 120 mute 50 log-append /var/log/openvpn compress lzo verb 3
Client
Script
#!/bin/bash
BR=vmbr4
INT=dummy1
TAP=tap1
IP="10.86.0.2 netmask 255.255.0.0"
case $1 in
start)
openvpn --mktun --dev $TAP
brctl addbr $BR
brctl addif $BR $INT
brctl addif $BR $TAP
ifconfig $INT 0.0.0.0 promisc up
ifconfig $TAP 0.0.0.0 promisc up
ifconfig $BR $IP up
;;
stop)
ifconfig $BR $IP down
ifconfig $TAP 0.0.0.0 promisc down
ifconfig $INT 0.0.0.0 promisc down
brctl delif $BR $TAP
brctl delif $BR $INT
brctl delbr $BR
openvpn --rmtun --dev $TAP
;;
esac