OVPN lan to lan Bridge Beispiel: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
=Netzwerkkonfiguration= | =Netzwerkkonfiguration= | ||
| − | == | + | =Server= |
| + | ==Netzwerkkonfiguration== | ||
| + | *cat /etc/network/interfaces | ||
auto vmbr0 | auto vmbr0 | ||
iface vmbr0 inet manual | iface vmbr0 inet manual | ||
| − | |||
| − | |||
pre-up openvpn --mktun --dev tap1 | pre-up openvpn --mktun --dev tap1 | ||
| + | post-up ip address add 0/0 dev ens20 | ||
| + | post-up ip link set ens20 up | ||
| + | post-up ip link set ens20 promisc on | ||
post-up ip address add 0/0 dev tap1 | post-up ip address add 0/0 dev tap1 | ||
| − | |||
post-up ip link set tap1 up | post-up ip link set tap1 up | ||
| − | |||
post-up ip link set tap1 promisc on | post-up ip link set tap1 promisc on | ||
| − | + | bridge-ports tap1 ens20 | |
| − | bridge- | + | bridge-stp off |
bridge-fd 0 | bridge-fd 0 | ||
| − | == | + | ==Openvpn Konfiguration== |
| − | */etc/ | + | *cat /etc/openvpn/lan-bridge.conf |
| + | dev tap1 | ||
| + | daemon | ||
| + | cipher AES-256-CBC | ||
| + | tls-server | ||
| + | proto udp | ||
| + | port 5555 | ||
| + | ca /etc/openvpn/ca.crt | ||
| + | cert /etc/openvpn/frieda.xx.de.crt | ||
| + | key /etc/openvpn/frieda.xx.de.key | ||
| + | dh /etc/openvpn/dh2048.pem | ||
| + | mssfix | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | log /var/log/openvpn | ||
| + | status /var/log/openvpn-status.log | ||
| + | verb 4 | ||
| + | keepalive 10 120 | ||
| + | mute 50 | ||
| + | log-append /var/log/openvpn | ||
| + | compress lzo | ||
| + | verb 3 | ||
| + | |||
| + | =Client= | ||
| + | ==Netzwerkkonfiguration= | ||
auto vmbr0 | auto vmbr0 | ||
iface vmbr0 inet manual | iface vmbr0 inet manual | ||
| + | bridge-ports none | ||
| + | bridge-stp off | ||
pre-up openvpn --mktun --dev tap1 | pre-up openvpn --mktun --dev tap1 | ||
| − | |||
| − | |||
| − | |||
post-up ip address add 0/0 dev tap1 | post-up ip address add 0/0 dev tap1 | ||
| + | post-up ip address add 0/0 dev ens19 | ||
post-up ip link set tap1 up | post-up ip link set tap1 up | ||
| + | post-up ip link set ens19 up | ||
post-up ip link set tap1 promisc on | post-up ip link set tap1 promisc on | ||
| − | + | post-up ip link set ens19 promisc on | |
| − | bridge- | + | bridge-ports tap1 ens19 |
bridge-fd 0 | bridge-fd 0 | ||
| + | ==Openvpn Konfiguration== | ||
| + | *cat /etc/openvpn/lan-bridge.conf | ||
| + | port 5555 | ||
| + | daemon | ||
| + | cipher AES-256-CBC | ||
| + | dev tap1 | ||
| + | remote frieda.xx.de | ||
| + | tls-client | ||
| + | ca /etc/openvpn/ca.crt | ||
| + | cert /etc/openvpn/ovpn-client.crt | ||
| + | key /etc/openvpn/ovpn-client.key | ||
| + | tun-mtu 1500 | ||
| + | tun-mtu-extra 32 | ||
| + | mssfix 1450 | ||
| + | pull | ||
| + | comp-lzo | ||
| + | verb 3 | ||
Version vom 8. September 2022, 15:05 Uhr
Netzwerkkonfiguration
Server
Netzwerkkonfiguration
- cat /etc/network/interfaces
auto vmbr0 iface vmbr0 inet manual pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev ens20 post-up ip link set ens20 up post-up ip link set ens20 promisc on post-up ip address add 0/0 dev tap1 post-up ip link set tap1 up post-up ip link set tap1 promisc on bridge-ports tap1 ens20 bridge-stp off bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
dev tap1 daemon cipher AES-256-CBC tls-server proto udp port 5555 ca /etc/openvpn/ca.crt cert /etc/openvpn/frieda.xx.de.crt key /etc/openvpn/frieda.xx.de.key dh /etc/openvpn/dh2048.pem mssfix persist-key persist-tun log /var/log/openvpn status /var/log/openvpn-status.log verb 4 keepalive 10 120 mute 50 log-append /var/log/openvpn compress lzo verb 3
Client
=Netzwerkkonfiguration
auto vmbr0 iface vmbr0 inet manual bridge-ports none bridge-stp off pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev tap1 post-up ip address add 0/0 dev ens19 post-up ip link set tap1 up post-up ip link set ens19 up post-up ip link set tap1 promisc on post-up ip link set ens19 promisc on bridge-ports tap1 ens19 bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
port 5555 daemon cipher AES-256-CBC dev tap1 remote frieda.xx.de tls-client ca /etc/openvpn/ca.crt cert /etc/openvpn/ovpn-client.crt key /etc/openvpn/ovpn-client.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3