Openvpn lan to lan: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(6 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Server Seite=
 
=Server Seite=
==Script==
+
==Network==
<syntaxhighlight lang="bash">
+
*[[ovpn-lan-to-lan-server-script]]
#!/bin/bash
+
*[[ovpn-lan-to-lan-server-interfaces]]
BR=vmbr0
+
 
INT=ens30
+
==Openvpn==
TAP=tap1
+
*cd /etc/openvpn
IP="10.86.0.1 netmask 255.255.0.0"
+
*openssl dhparam -out dh4096.pem 4096
case $1 in
+
*cat lan-bridge.conf
start)
+
<pre>
openvpn --mktun --dev $TAP
+
dev tap1
brctl addbr $BR
+
daemon
brctl addif $BR $INT
+
cipher AES-256-CBC
brctl addif $BR $TAP
+
tls-server
ifconfig $INT 0.0.0.0 promisc up
+
proto udp
ifconfig $TAP 0.0.0.0 promisc up
+
port 5555
ifconfig $BR $IP up
+
ca /etc/openvpn/ca.crt
;;
+
cert /etc/openvpn/bortus.xmen.de.crt
stop)
+
key /etc/openvpn/bortus.xmen.de.key
ifconfig $BR $IP down
+
dh /etc/openvpn/dh4096.pem
ifconfig $TAP 0.0.0.0 promisc down
+
mssfix
ifconfig $INT 0.0.0.0 promisc down
+
persist-key
brctl delif $BR $TAP
+
persist-tun
brctl delif $BR $INT
+
log /var/log/openvpn
brctl delbr $BR
+
status /var/log/openvpn-status.log
openvpn --rmtun --dev $TAP
+
verb 4
;;
+
keepalive 10 120
esac
+
mute 50
</syntaxhighlight>
+
log-append /var/log/openvpn
 +
compress lzo
 +
verb 3
 +
</pre>
 +
 
 
=Client=
 
=Client=
==Script==
+
==Network==
<syntaxhighlight lang="bash">
+
*[[ovpn-lan-to-lan-client-script]]
#!/bin/bash
+
*[[ovpn-lan-to-lan-client-interfaces]]
BR=vmbr4
+
 
INT=dummy1
+
==Openvpn==
TAP=tap1
+
*cd /etc/openvpn
IP="10.86.0.2 netmask 255.255.0.0"
+
*cat lan-bridge.conf
case $1 in
+
<pre>
start)
+
cat lan-bridge.conf
openvpn --mktun --dev $TAP
+
port 5555
brctl addbr $BR
+
daemon
brctl addif $BR $INT
+
cipher AES-256-CBC
brctl addif $BR $TAP
+
dev tap1
ifconfig $INT 0.0.0.0 promisc up
+
remote bortus.xmen.de
ifconfig $TAP 0.0.0.0 promisc up
+
tls-client
ifconfig $BR $IP up
+
ca /etc/openvpn/ca.crt
;;
+
cert /etc/openvpn/nyxia.xmen.de.crt
stop)
+
key /etc/openvpn/nyxia.xmen.de.key
ifconfig $BR $IP down
+
tun-mtu 1500
ifconfig $TAP 0.0.0.0 promisc down
+
tun-mtu-extra 32
ifconfig $INT 0.0.0.0 promisc down
+
mssfix 1450
brctl delif $BR $TAP
+
pull
brctl delif $BR $INT
+
comp-lzo
brctl delbr $BR
+
verb 3
openvpn --rmtun --dev $TAP
+
</pre>
;;
 
esac
 
</syntaxhighlight>
 

Aktuelle Version vom 23. Juli 2021, 14:44 Uhr

Server Seite

Network

Openvpn

  • cd /etc/openvpn
  • openssl dhparam -out dh4096.pem 4096
  • cat lan-bridge.conf
dev tap1
daemon
cipher AES-256-CBC
tls-server
proto udp
port 5555
ca /etc/openvpn/ca.crt
cert /etc/openvpn/bortus.xmen.de.crt
key /etc/openvpn/bortus.xmen.de.key
dh /etc/openvpn/dh4096.pem
mssfix
persist-key
persist-tun
log /var/log/openvpn
status /var/log/openvpn-status.log
verb 4
keepalive 10 120
mute 50
log-append /var/log/openvpn
compress lzo
verb 3

Client

Network

Openvpn

  • cd /etc/openvpn
  • cat lan-bridge.conf
cat lan-bridge.conf 
port 5555 
daemon
cipher AES-256-CBC
dev tap1
remote bortus.xmen.de
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/nyxia.xmen.de.crt
key /etc/openvpn/nyxia.xmen.de.key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 3
Abgerufen von „http://wiki.ixheim.de/index.php?title=Openvpn_lan_to_lan&oldid=26127