OVPN lan to lan Bridge Beispiel: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 19: | Zeile 19: | ||
<span style="color:#000FFF">#Bridge Modus</span> | <span style="color:#000FFF">#Bridge Modus</span> | ||
dev tap1 | dev tap1 | ||
| + | <span style="color:#000FFF">#Startet im Hintergrund</span> | ||
daemon | daemon | ||
| + | <span style="color:#000FFF">#Symetrisches Protokoll</span> | ||
cipher AES-256-CBC | cipher AES-256-CBC | ||
| + | <span style="color:#000FFF">#Starten als TLS Server</span> | ||
tls-server | tls-server | ||
| + | <span style="color:#000FFF">#Standard Protokoll</span> | ||
proto udp | proto udp | ||
| + | <span style="color:#000FFF">#Port</span> | ||
port 5555 | port 5555 | ||
| + | <span style="color:#000FFF">#Diffie Hellman Key</span> | ||
| + | dh /etc/openvpn/dh2048.pem | ||
| + | <span style="color:#000FFF">#Zertifikat der Zertifizierungsstelle</span> | ||
ca /etc/openvpn/ca.crt | ca /etc/openvpn/ca.crt | ||
| + | <span style="color:#000FFF">#Zertifikat des Servers</span> | ||
cert /etc/openvpn/frieda.xx.de.crt | cert /etc/openvpn/frieda.xx.de.crt | ||
| + | <span style="color:#000FFF">#Privater Schlüssel des Servers</span> | ||
key /etc/openvpn/frieda.xx.de.key | key /etc/openvpn/frieda.xx.de.key | ||
| − | |||
mssfix | mssfix | ||
| + | <span style="color:#000FFF">#sorgen für einen problemlosen Restart</span> | ||
persist-key | persist-key | ||
persist-tun | persist-tun | ||
| − | |||
status /var/log/openvpn-status.log | status /var/log/openvpn-status.log | ||
| − | |||
keepalive 10 120 | keepalive 10 120 | ||
mute 50 | mute 50 | ||
| + | <span style="color:#000FFF">#Logdatei</span> | ||
log-append /var/log/openvpn | log-append /var/log/openvpn | ||
| + | <span style="color:#000FFF">#Kompressionsformat</span> | ||
compress lzo | compress lzo | ||
| + | <span style="color:#000FFF">#Loglevel</span> | ||
verb 3 | verb 3 | ||
Version vom 8. September 2022, 15:16 Uhr
Netzwerkkonfiguration
Server
Netzwerkkonfiguration
- cat /etc/network/interfaces
auto vmbr0 iface vmbr0 inet manual pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev ens20 post-up ip link set ens20 up post-up ip link set ens20 promisc on post-up ip address add 0/0 dev tap1 post-up ip link set tap1 up post-up ip link set tap1 promisc on bridge-ports tap1 ens20 bridge-stp off bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
#Bridge Modus dev tap1 #Startet im Hintergrund daemon #Symetrisches Protokoll cipher AES-256-CBC #Starten als TLS Server tls-server #Standard Protokoll proto udp #Port port 5555 #Diffie Hellman Key dh /etc/openvpn/dh2048.pem #Zertifikat der Zertifizierungsstelle ca /etc/openvpn/ca.crt #Zertifikat des Servers cert /etc/openvpn/frieda.xx.de.crt #Privater Schlüssel des Servers key /etc/openvpn/frieda.xx.de.key mssfix #sorgen für einen problemlosen Restart persist-key persist-tun status /var/log/openvpn-status.log keepalive 10 120 mute 50 #Logdatei log-append /var/log/openvpn #Kompressionsformat compress lzo #Loglevel verb 3
Client
Netzwerkkonfiguration
auto vmbr0 iface vmbr0 inet manual bridge-ports none bridge-stp off pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev tap1 post-up ip address add 0/0 dev ens19 post-up ip link set tap1 up post-up ip link set ens19 up post-up ip link set tap1 promisc on post-up ip link set ens19 promisc on bridge-ports tap1 ens19 bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
port 5555 daemon cipher AES-256-CBC dev tap1 remote frieda.xx.de tls-client ca /etc/openvpn/ca.crt cert /etc/openvpn/ovpn-client.crt key /etc/openvpn/ovpn-client.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3