Re: openvpn bridge using NetBSD 4.0(i86) and XP?

To: Carl Brewer <carl%bl.echidna.id.au@localhost>, netbsd-users%NetBSD.org@localhost
Subject: Re: openvpn bridge using NetBSD 4.0(i86) and XP?
From: thilo <jeremias%optushome.com.au@localhost>
Date: Wed, 02 Apr 2008 17:13:09 +1000

The internal network is 192.168.0.*
And the server is *.9

Keys and certs are as described in the openvpn manual


===========WINDOWS PC configuration======================================
# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.

remote --SERVERNAME THAT RESOLVES (ip or dns name)
tls-client
ns-cert-type server

dh dh1024.pem == I'm not sure if the diffie hellman isused, Its an artefact==

port 8843

proto tcp-client

dev tap
tun-mtu 1500
tun-mtu-extra 32
mssfix

;dev-node VPN-TAP === You can specify which TAP to use on the PC ifyou want

ca C:\\Program\ Files\\OpenVPN\\config\\ca.crt == Those arethe created certs (use ossl to create them)

cert C:\\Program\ Files\\OpenVPN\\config\\boy.crt
key  C:\\Program\ Files\\OpenVPN\\config\\boy.key


# keep-alive ping
ping 10

# enable LZO compression
comp-lzo

# moderate verbosity
verb 4
mute 10

===========================================================================
NetBSD configuration

bash-2.05b# ps -lw1615
UID  PID PPID CPU PRI NI  VSZ  RSS WCHAN STAT TTY    TIME COMMAND

0 1615 1 0 2 0 1124 3072 poll Ss ? 0:16.65/usr/pkg/sbin/openvpn --config /etc/openvpn/maggi2.cfg --daemon

bash-2.05b# cat /etc/openvpn/maggi2.cfg
mode server
duplicate-cn
push "dhcp-option DNS 192.168.0.9" # push DNS entries to openvpn client
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
comp-lzo
status openvpn-status.log
verb 4


dev tap
dev-node /dev/tap0
port 8843
proto tcp-server

==NOTE: I'm not sure if these have any effect, they are an artefact...(thilo)

push "dhcp-option DNS 192.168.0.9";
push "dhcp-option  domain-name-servers maggi.local.jeremias.homeunix.net";
push "dhcp-option  domain-name local.jeremias.homeunix.net";

push "route 192.168.0.0 255.255.255.0"

tls-server
ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/dh1024.pem
cert /etc/openvpn/easy-rsa/keys/maggi.crt
key /etc/openvpn/easy-rsa/keys/maggi.key
management localhost 913

===============================================================================================

Carl Brewer wrote:

thilo wrote:
I have a Win-PC (openvpn using tcp) -> netbsd firewall/openvpntap-bridge connection working reliable.
Pinging in all directions etc works fine. The roaming pc is part ofthe local nw. Nbsd(4.0).
The only issue I encounter, is that the /etc/ifconfig.br0 and/etc/ifconfig.tap0 don't actually work.I have to manually create the bridge&tap and restart (i think) theopenvpn server.
Of course the mac address is different and the dhcp server needs toknow that.
If interested I can post the configurations I use.
yes please!

Carl

References:
- openvpn bridge using NetBSD 4.0(i86) and XP?
  - From: Carl Brewer

Prev by Date: openvpn bridge using NetBSD 4.0(i86) and XP?
Next by Date: Re: openvpn bridge using NetBSD 4.0(i86) and XP?
Previous by Thread: openvpn bridge using NetBSD 4.0(i86) and XP?
Next by Thread: Re: openvpn bridge using NetBSD 4.0(i86) and XP?
Indexes:

Home | Main Index | Thread Index | Old Index