OpenVPN

Bridged OpenVPN

Server part:

openvpn.conf
float
daemon
dev tap
proto udp
mode server
 
port 61194
local 172.25.111.126
 
server-bridge nogw
 
comp-lzo
persist-key
persist-tun
reneg-sec 0
duplicate-cn
tls-timeout 90
hand-window 120
keepalive 30 300
client-to-client
script-security 2
 
username-as-common-name
client-cert-not-required
plugin /opt/openvpn/lib/openvpn-auth-pam.so login
;plugin /opt/openvpn/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
 
tls-server
ca /etc/opt/openvpn/bridge/server/ca-crt.pem
key /etc/opt/openvpn/bridge/server/server-key.pem
cert /etc/opt/openvpn/bridge/server/server-crt.pem
 
dh /etc/opt/openvpn/bridge/server/dh-key.pem
tls-auth /etc/opt/openvpn/bridge/server/ta-key.pem 0
 
 
up /etc/opt/openvpn/bridge/server/openvpn.sh
down /etc/opt/openvpn/bridge/server/openvpn.sh
client-connect /etc/opt/openvpn/bridge/server/openvpn.sh
client-disconnect /etc/opt/openvpn/bridge/server/openvpn.sh
 
verb 1
mute 10
status-version 2 
log /var/opt/openvpn/bridge-server.log
writepid /var/opt/openvpn/bridge-server.pid
status /var/opt/openvpn/bridge-server.stat 60
log-append /var/opt/openvpn/bridge-server.log
 
tmp-dir /var/opt/openvpn

В /etc/opt/openvpn/bridge/server/openvpn.sh кладем файл

openvpn.sh
!/bin/sh
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
 
exec 1>/dev/null 2>&1
 
TAP=$dev
NIC=vlan21
BIF=bridge0
 
case "$script_type" in
	up)
		ifconfig $BIF || ifconfig $BIF create
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" || ifconfig $BIF addm $NIC up
	;;
	down)
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" && ifconfig $BIF deletem $NIC
		ifconfig $BIF && ifconfig $BIF destroy
	;;
esac

Client side part:

openvpn.conf
float
client
daemon
dev tap
proto udp
 
nobind
comp-lzo
persist-key
persist-tun
reneg-sec 0
tls-timeout 90
hand-window 120
keepalive 30 300
script-security 2
mute-replay-warnings
 
remote-random
resolv-retry infinite
 
remote 111.222.333.444 61194
 
up /etc/opt/openvpn/bridge/client/openvpn.sh
down /etc/opt/openvpn/bridge/client/openvpn.sh
 
ca /etc/opt/openvpn/bridge/client/ca-crt.pem
tls-auth /etc/opt/openvpn/bridge/client/ta-key.pem 1
auth-user-pass /etc/opt/openvpn/bridge/client/openvpn.pwd
 
verb 3
mute 10
status-version 2 
log /var/opt/openvpn/bridge-client.log
writepid /var/opt/openvpn/bridge-client.pid
status /var/opt/openvpn/bridge-client.stat 60
log-append /var/opt/openvpn/bridge-client.log
openvpn.sh
#!/bin/sh
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
 
exec 1>/dev/null 2>&1
 
TAP=$dev
NIC=ext1
BIF=bridge0
 
case "$script_type" in
	up)
		ifconfig $TAP up
		ifconfig $BIF || ifconfig $BIF create
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" || ifconfig $BIF addm $NIC up
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$TAP" || ifconfig $BIF addm $TAP up
	;;
	down)
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$TAP" && ifconfig $BIF deletem $TAP
		ifconfig $BIF | awk '/member: / { print $2 }' | grep -w "$NIC" && ifconfig $BIF deletem $NIC
		ifconfig $BIF && ifconfig $BIF destroy
		ifconfig $TAP destroy
	;;
esac
openvpn.pwd
ClientName
ClientPassword
freebsd/openvpn.txt · Last modified: 2017/10/14 18:33 by rybario
About this template
CC Attribution-Share Alike 4.0 International
Powered by PHP Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 Valid HTML5