port 1194
proto udp
dev tap0
ca ca.crt
cert server1.crt
key server1.key
dh dh1024.pem
server-bridge
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

/etc/openvpn/client.conf:

client
dev tap0
remote server1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert web01.crt
key web01.key
ns-cert-type server
comp-lzo
verb 3

If you want to use openvpn to bridge a remote LAN to your local LAN via eth1 (which has no IP):

/etc/network/interfaces:

auto br0
iface br0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      pre-up /usr/sbin/brctl addbr br0
      address 10.1.1.9
      netmask 255.255.255.0
      post-up /sbin/ip link set tap0 up
      post-up /usr/sbin/brctl addif br0 tap0
      post-up /sbin/ip link set eth1 up
      post-up /usr/sbin/brctl addif br0 eth1
      post-down /sbin/ip link set br0 down
      post-down /usr/sbin/brctl delbr br0
      post-down /sbin/ip link set eth1 down

If use use openvpn to access only the local machine the configuration is simpler and does not need bridge-utils:

auto tap0
iface tap0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      address 10.1.1.10
      netmask 255.255.255.0

Reference

http://braindump.mrzesty.net/Main/OpenvpnOnDebian

Comments: 0

New comment

Citrix XenServer

opsview

Home | Main | Linux | FreeBSD