====== OpenVPN on Debian ======
/etc/openvpn/server.conf:
port 1194
proto udp
dev tap0
ca ca.crt
cert server1.crt
key server1.key
dh dh1024.pem
server-bridge
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
/etc/openvpn/client.conf:
client
dev tap0
remote server1 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert web01.crt
key web01.key
ns-cert-type server
comp-lzo
verb 3
If you want to use openvpn to bridge a remote LAN to your local LAN via eth1 (which has no IP):
/etc/network/interfaces:
auto br0
iface br0 inet static
pre-up /usr/sbin/openvpn --mktun --dev tap0
pre-up /usr/sbin/brctl addbr br0
address 10.1.1.9
netmask 255.255.255.0
post-up /sbin/ip link set tap0 up
post-up /usr/sbin/brctl addif br0 tap0
post-up /sbin/ip link set eth1 up
post-up /usr/sbin/brctl addif br0 eth1
post-down /sbin/ip link set br0 down
post-down /usr/sbin/brctl delbr br0
post-down /sbin/ip link set eth1 down
If use use openvpn to access only the local machine the configuration is simpler and does not need bridge-utils:
auto tap0
iface tap0 inet static
pre-up /usr/sbin/openvpn --mktun --dev tap0
address 10.1.1.10
netmask 255.255.255.0