1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Patrick Holthaus wrote: |
5 |
> Now my questions are: |
6 |
> Do I need bridging for making the DHCP server work in the VPN? |
7 |
> How should the configuration files look like? |
8 |
|
9 |
I don't think you can do it, because the openvpn client needs an IP provided by the OpenVPN server |
10 |
software to obtain the tunnel. If you want OpenVPN to provide a certain subnet range for your |
11 |
openvpn clients, then check out: |
12 |
|
13 |
- --server network netmask |
14 |
A helper directive designed to simplify the configuration of OpenVPN's server mode. This |
15 |
directive will set up an OpenVPN server which will allocate addresses to clients out of the given |
16 |
network/netmask. The server itself will take the ".1" address of the given network for use as the |
17 |
server-side endpoint of the local TUN/TAP interface. |
18 |
|
19 |
For example, --server 10.8.0.0 255.255.255.0 expands as follows: |
20 |
|
21 |
mode server |
22 |
tls-server |
23 |
push "topology [topology]" |
24 |
|
25 |
if dev tun AND (topology == net30 OR topology == p2p): |
26 |
ifconfig 10.8.0.1 10.8.0.2 |
27 |
ifconfig-pool 10.8.0.4 10.8.0.251 |
28 |
route 10.8.0.0 255.255.255.0 |
29 |
if client-to-client: |
30 |
push "route 10.8.0.0 255.255.255.0" |
31 |
else if topology == net30: |
32 |
push "route 10.8.0.1" |
33 |
|
34 |
if dev tap OR (dev tun AND topology == subnet): |
35 |
ifconfig 10.8.0.1 255.255.255.0 |
36 |
ifconfig-pool 10.8.0.2 10.8.0.254 255.255.255.0 |
37 |
push "route-gateway 10.8.0.1" |
38 |
|
39 |
|
40 |
Don't use --server if you are ethernet bridging. Use --server-bridge instead. |
41 |
- --server-bridge gateway netmask pool-start-IP pool-end-IP |
42 |
|
43 |
A helper directive similar to --server which is designed to simplify the configuration of |
44 |
OpenVPN's server mode in ethernet bridging configurations. |
45 |
|
46 |
To configure ethernet bridging, you must first use your OS's bridging capability to bridge the |
47 |
TAP interface with the ethernet NIC interface. For example, on Linux this is done with the brctl |
48 |
tool, and with Windows XP it is done in the Network Connections Panel by selecting the ethernet and |
49 |
TAP adapters and right-clicking on "Bridge Connections". |
50 |
|
51 |
Next you you must manually set the IP/netmask on the bridge interface. The gateway and netmask |
52 |
parameters to --server-bridge can be set to either the IP/netmask of the bridge interface, or the |
53 |
IP/netmask of the default gateway/router on the bridged subnet. |
54 |
|
55 |
Finally, set aside a IP range in the bridged subnet, denoted by pool-start-IP and pool-end-IP, |
56 |
for OpenVPN to allocate to connecting clients. |
57 |
|
58 |
For example, server-bridge 10.8.0.4 255.255.255.0 10.8.0.128 10.8.0.254 expands as follows: |
59 |
|
60 |
mode server |
61 |
tls-server |
62 |
|
63 |
ifconfig-pool 10.8.0.128 10.8.0.254 255.255.255.0 |
64 |
push "route-gateway 10.8.0.4" |
65 |
|
66 |
|
67 |
[taken from: http://openvpn.net/man.html no Named Anchors there...] |
68 |
|
69 |
- -- |
70 |
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica |
71 |
Enigform for Firefox: A secure browsing experience: http://enigform.mozdev.org |
72 |
Mail Hosting Seguro y Consultoria - http://www.buanzo.com.ar/pro/ |
73 |
-----BEGIN PGP SIGNATURE----- |
74 |
Version: GnuPG v1.4.6 (GNU/Linux) |
75 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
76 |
|
77 |
iD8DBQFF+9NiAlpOsGhXcE0RCrNbAJ924t72yJMexav/3YESNXHziZm4OACeJy6s |
78 |
tLlNylW4KHjPt4ngjest/jE= |
79 |
=gIhv |
80 |
-----END PGP SIGNATURE----- |
81 |
-- |
82 |
gentoo-user@g.o mailing list |