VOIP-Solutions.org

How to Install and Configure Openvpn on linux with bridge

by( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )

I am writing this howto with examples for all the users and administrator looking for a step by step guide of openvpn bridge mode as it is very much difficult for new users to install and configure openvpn in bridge mode . There are very much detailed howto and wiki on openvpn official website OpenVPN 2.0 HOWTO and Official document: but still it is difficult for new users.

Please follow the step by step configuration guide to install openvpn in bridge mode on linux ( fedora , centos, redhat) and other linux distributions as well .

Openvpn Ethernet Bridging

Step 1:

first of all you need install the linux on your system having two Network (Ethernet ) interface eth0 and eth1 . then you need to check the configuration for the network with "ifconfig -a" command and you will be having result as below :

#> ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

Then you need to save the above ip configuration and proceed with another command "route -n " and the results will be as below :

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth0
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 eth1

you need to save this configuration on a notepad so you can use in future for comparision .

Step 2 :

Now you have completed the first step you need to install the bridge-utils.rpm package for your linux distribution , you can use either yum or you can download rpm and proceed . bridge-utils rpm build for : Fedora 10
once the bridge-utils installed on your system you need to create a bridge script so we will be creating a bridge scrip in next step .

Step 3:

Now you need to write the script for bridge to start so we are creating bridge-start file as below

#> cat /etc/openvpn/bridge-start
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0?

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2?.
tap="tap0?

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0?
eth_ip="10.4.3.17?
eth_netmask="255.255.255.0?
eth_broadcast="10.4.3.255?

for t in $tap; do
openvpn –mktun –dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t
done

for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

and then we need to create a bridge-stop file as below

#> cat /etc/openvpn/bridge-stop
#!/bin/bash

####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br="br0?

# Define list of TAP interfaces to be bridged together
tap="tap0?

ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn –rmtun –dev $t
done

Step 4:

Now we have completed the bridge script we need to start the openvpn with below commands the need to add a route with commands mentioned below :

#> cat /etc/rc.d/rc.local
# Start OpenVPN service
/etc/openvpn/bridge-start
/sbin/service openvpn start
# Add route
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1
#route add default gw 10.4.3.1 eth0
route add default gw 10.4.3.1 br0
Note 1:
We should add the default gateway after we started the OpenVPN server, the bridge-start script will clear the default gateway.
Note2:
The default route should changed to br0 not eth0 – the bridged interface.

Once we have made the changes according to the step 4 we need to confirm our configuration as we did in our first step with below commands and results

#> ifconfig -a
br0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:48639 errors:0 dropped:0 overruns:0 frame:0
TX packets:15365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4152487 (3.9 MiB) TX bytes:1727401 (1.6 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F
inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:51999 errors:0 dropped:0 overruns:0 frame:0
TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80
inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5747 errors:0 dropped:0 overruns:0 frame:0
TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

tap0 Link encap:Ethernet HWaddr AE:11:02:37:F7:88
inet6 addr: fe80::ac11:2ff:fe37:f788/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:301 errors:0 dropped:0 overruns:0 frame:0
TX packets:34402 errors:0 dropped:17 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:30484 (29.7 KiB) TX bytes:3010000 (2.8 MiB)

#> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth1
0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 br0

Step 5 :

Once you have confirmed the configuration as mentioned in step 4 so need to move further to created openvpn server.conf file which is openvpn main configuration file for server to be run in bridge mode , so we start the server.conf file as below

#> cat /etc/openvpn/server.conf
;local a.b.c.d

port 1194
;port 5000

# TCP or UDP server?
;proto tcp
proto udp

dev tap0
;dev tun

;dev-node MyTap

ca sample-keys/tmp-ca.crt
cert sample-keys/server.crt
key sample-keys/server.key # This file should be kept secret

dh sample-keys/dh1024.pem

;server 10.8.0.0 255.255.255.0

;ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
server-bridge 10.4.3.17 255.255.0.0 10.4.3.221 10.4.3.230

;push "route 192.168.10.0 255.255.255.0?
;push "route 192.168.20.0 255.255.255.0?
push "route 10.4.0.0 255.255.0.0 10.4.3.1?

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script

;push "redirect-gateway"

;push "dhcp-option DNS 10.8.0.1?
;push "dhcp-option WINS 10.8.0.1?

;client-to-client
client-to-client

;duplicate-cn
duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

;log openvpn.log
;log-append openvpn.log

verb 4

;mute 20

Note: It is very easy to install and config OpenVPN server on Windows XP. We should remember add the bridge between the local network interface and the virtual network interface.

Congratulation! you are done with openvpn bridge setup on linux . Please vote this howto and also send us your feedback on This e-mail address is being protected from spambots. You need JavaScript enabled to view it