OVPN lan to lan Bridge Beispiel
Version vom 8. September 2022, 15:09 Uhr von Thomas.will (Diskussion | Beiträge) (→Openvpn Konfiguration)
Netzwerkkonfiguration
Server
Netzwerkkonfiguration
- cat /etc/network/interfaces
auto vmbr0 iface vmbr0 inet manual pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev ens20 post-up ip link set ens20 up post-up ip link set ens20 promisc on post-up ip address add 0/0 dev tap1 post-up ip link set tap1 up post-up ip link set tap1 promisc on bridge-ports tap1 ens20 bridge-stp off bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
#Bridge Modus
dev tap1
daemon
cipher AES-256-CBC
tls-server
proto udp
port 5555
ca /etc/openvpn/ca.crt
cert /etc/openvpn/frieda.xx.de.crt
key /etc/openvpn/frieda.xx.de.key
dh /etc/openvpn/dh2048.pem
mssfix
persist-key
persist-tun
log /var/log/openvpn
status /var/log/openvpn-status.log
verb 4
keepalive 10 120
mute 50
log-append /var/log/openvpn
compress lzo
verb 3
Client
Netzwerkkonfiguration
auto vmbr0 iface vmbr0 inet manual bridge-ports none bridge-stp off pre-up openvpn --mktun --dev tap1 post-up ip address add 0/0 dev tap1 post-up ip address add 0/0 dev ens19 post-up ip link set tap1 up post-up ip link set ens19 up post-up ip link set tap1 promisc on post-up ip link set ens19 promisc on bridge-ports tap1 ens19 bridge-fd 0
Openvpn Konfiguration
- cat /etc/openvpn/lan-bridge.conf
port 5555 daemon cipher AES-256-CBC dev tap1 remote frieda.xx.de tls-client ca /etc/openvpn/ca.crt cert /etc/openvpn/ovpn-client.crt key /etc/openvpn/ovpn-client.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3