Board logo

subject: Voip Solutions For Blocked Voip Countires [print this page]

I am writing this howto with examples for all the users and administrator looking for a step by step guide of openvpn bridge mode as it is very much difficult for new users to install and configure openvpn in bridge mode . There are very much detailed howto and wiki on openvpn official website OpenVPN 2.0 HOWTO and Official document: but still it is difficult for new users.

Please follow the step by step configuration guide to install openvpn in bridge mode on linux ( fedora , centos, redhat) and other linux distributions as well .

Openvpn Ethernet Bridging

Step 1:

first of all you need install the linux on your system having two Network (Ethernet ) interface eth0 and eth1 . then you need to check the configuration for the network with "ifconfig -a" command and you will be having result as below :

#> ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F

inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0

inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:51999 errors:0 dropped:0 overruns:0 frame:0

TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80

inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0

inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:5747 errors:0 dropped:0 overruns:0 frame:0

TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:491 errors:0 dropped:0 overruns:0 frame:0

TX packets:491 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

Then you need to save the above ip configuration and proceed with another command "route -n " and the results will be as below :

#> route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth1

169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0

192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth0

0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 eth1

you need to save this configuration on a notepad so you can use in future for comparision .

Step 2 :

Now you have completed the first step you need to install the bridge-utils.rpm package for your linux distribution , you can use either yum or you can download rpm and proceed . bridge-utils rpm build for : Fedora 10

once the bridge-utils installed on your system you need to create a bridge script so we will be creating a bridge scrip in next step .

Step 3:

Now you need to write the script for bridge to start so we are creating bridge-start file as below

#> cat /etc/openvpn/bridge-start

#!/bin/bash

#################################

# Set up Ethernet bridge on Linux

# Requires: bridge-utils

#################################

# Define Bridge Interface

br="br0?

# Define list of TAP interfaces to be bridged,

# for example tap="tap0 tap1 tap2?.

tap="tap0?

# Define physical ethernet interface to be bridged

# with TAP interface(s) above.

eth="eth0?

eth_ip="10.4.3.17?

eth_netmask="255.255.255.0?

eth_broadcast="10.4.3.255?

for t in $tap; do

openvpn ""mktun ""dev $t

done

brctl addbr $br

brctl addif $br $eth

for t in $tap; do

brctl addif $br $t

done

for t in $tap; do

ifconfig $t 0.0.0.0 promisc up

done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

and then we need to create a bridge-stop file as below

#> cat /etc/openvpn/bridge-stop

#!/bin/bash

####################################

# Tear Down Ethernet bridge on Linux

####################################

# Define Bridge Interface

br="br0?

# Define list of TAP interfaces to be bridged together

tap="tap0?

ifconfig $br down

brctl delbr $br

for t in $tap; do

openvpn ""rmtun ""dev $t

done

Step 4:

Now we have completed the bridge script we need to start the openvpn with below commands the need to add a route with commands mentioned below :

#> cat /etc/rc.d/rc.local

# Start OpenVPN service

/etc/openvpn/bridge-start

/sbin/service openvpn start

# Add route

route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.100.254 eth1

#route add default gw 10.4.3.1 eth0

route add default gw 10.4.3.1 br0

Note 1:

We should add the default gateway after we started the OpenVPN server, the bridge-start script will clear the default gateway.

Note2:

The default route should changed to br0 not eth0 "" the bridged interface.

Once we have made the changes according to the step 4 we need to confirm our configuration as we did in our first step with below commands and results

#> ifconfig -a

br0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F

inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0

inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:48639 errors:0 dropped:0 overruns:0 frame:0

TX packets:15365 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:4152487 (3.9 MiB) TX bytes:1727401 (1.6 MiB)

eth0 Link encap:Ethernet HWaddr 00:13:72:40:26:7F

inet addr:10.4.3.17 Bcast:10.4.3.255 Mask:255.255.255.0

inet6 addr: fe80::213:72ff:fe40:267f/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:51999 errors:0 dropped:0 overruns:0 frame:0

TX packets:15652 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:5051569 (4.8 MiB) TX bytes:1757669 (1.6 MiB)

eth1 Link encap:Ethernet HWaddr 00:13:72:40:26:80

inet addr:192.168.100.17 Bcast:192.168.100.255 Mask:255.255.255.0

inet6 addr: fe80::213:72ff:fe40:2680/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:5747 errors:0 dropped:0 overruns:0 frame:0

TX packets:2340 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:470066 (459.0 KiB) TX bytes:253434 (247.4 KiB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:491 errors:0 dropped:0 overruns:0 frame:0

TX packets:491 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:130767 (127.7 KiB) TX bytes:130767 (127.7 KiB)

tap0 Link encap:Ethernet HWaddr AE:11:02:37:F7:88

inet6 addr: fe80::ac11:2ff:fe37:f788/64 Scope:Link

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1

RX packets:301 errors:0 dropped:0 overruns:0 frame:0

TX packets:34402 errors:0 dropped:17 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:30484 (29.7 KiB) TX bytes:3010000 (2.8 MiB)

#> route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

10.4.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1

192.168.0.0 192.168.100.254 255.255.0.0 UG 0 0 0 eth1

0.0.0.0 10.4.3.1 0.0.0.0 UG 0 0 0 br0

Step 5 :

Once you have confirmed the configuration as mentioned in step 4 so need to move further to created openvpn server.conf file which is openvpn main configuration file for server to be run in bridge mode , so we start the server.conf file as below

#> cat /etc/openvpn/server.conf

;local a.b.c.d

port 1194

;port 5000

# TCP or UDP server?

;proto tcp

proto udp

dev tap0

;dev tun

;dev-node MyTap

ca sample-keys/tmp-ca.crt

cert sample-keys/server.crt

key sample-keys/server.key # This file should be kept secret

dh sample-keys/dh1024.pem

;server 10.8.0.0 255.255.255.0

;ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

server-bridge 10.4.3.17 255.255.0.0 10.4.3.221 10.4.3.230

;push "route 192.168.10.0 255.255.255.0?

;push "route 192.168.20.0 255.255.255.0?

push "route 10.4.0.0 255.255.0.0 10.4.3.1?

;client-config-dir ccd

;route 192.168.40.128 255.255.255.248

;client-config-dir ccd

;route 10.9.0.0 255.255.255.252

;learn-address ./script

;push "redirect-gateway"

;push "dhcp-option DNS 10.8.0.1?

;push "dhcp-option WINS 10.8.0.1?

;client-to-client

client-to-client

;duplicate-cn

duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC # Blowfish (default)

;cipher AES-128-CBC # AES

;cipher DES-EDE3-CBC # Triple-DES

comp-lzo

# The maximum number of concurrently connected

# clients we want to allow.

;max-clients 100

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

;log openvpn.log

;log-append openvpn.log

verb 4

;mute 20

Note: It is very easy to install and config OpenVPN serverconfig OpenVPN server on Windows XP. We should remember add the bridge between the local network interface and the virtual network interface.

Congratulation! you are done with openvpn bridge setup on linux .

by: VOIP Expert



welcome to loan (http://www.yloan.com/) Powered by Discuz! 5.5.0