====== OpenVPN on Debian ======

<strong>/etc/openvpn/server.conf</strong>:

<code>
port 1194
proto udp
dev tap0
ca ca.crt
cert server1.crt
key server1.key
dh dh1024.pem
server-bridge
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
</code>
<strong>/etc/openvpn/client.conf</strong>:

<code>
client
dev tap0
remote server1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert web01.crt
key web01.key
ns-cert-type server
comp-lzo
verb 3
</code>
If you want to use openvpn to bridge a remote LAN to your local LAN via eth1 (which has no IP):

<strong>/etc/network/interfaces</strong>:

<code>
auto br0
iface br0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      pre-up /usr/sbin/brctl addbr br0
      address 10.1.1.9
      netmask 255.255.255.0
      post-up /sbin/ip link set tap0 up
      post-up /usr/sbin/brctl addif br0 tap0
      post-up /sbin/ip link set eth1 up
      post-up /usr/sbin/brctl addif br0 eth1
      post-down /sbin/ip link set br0 down
      post-down /usr/sbin/brctl delbr br0
      post-down /sbin/ip link set eth1 down
</code>
If use use openvpn to access only the local machine the configuration is simpler and does not need bridge-utils:

<code>
auto tap0
iface tap0 inet static
      pre-up /usr/sbin/openvpn --mktun --dev tap0
      address 10.1.1.10
      netmask 255.255.255.0
</code>