OpenVPN 2 Cookbook
上QQ阅读APP看书,第一时间看更新

Bridging—Windows

This recipe will demonstrate how to set up a bridged OpenVPN server on Windows. Bridging on Windows is slightly different from Linux or UNIX, but the concept is the same.

This recipe is very similar to the previous recipe, apart from the different methods used to set up bridging.

Getting ready

We use the following network layout:

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only networks.

For this recipe, the server computer was running Windows XP and OpenVPN 2.1.1. The client computer was running Fedora 12 Linux and OpenVPN 2.1.1. For the Linux client, keep the client configuration file example3-1-client.conf at hand.

How to do it...

  1. Create the server configuration file:
    proto udp
    port 1194
    dev tap
    dev-node tap-bridge
    
    server-bridge 172.30.0.50 255.255.255.0 172.30.0.80 170.32.0.250
    ca       "c:/program files/openvpn/config/ca.crt"
    cert     "c:/program files/openvpn/config/server.crt"
    key      "c:/program files/openvpn/config/server.key"
    dh       "c:/program files/openvpn/config/dp024.pem"
    tls-auth "c:/program files/openvpn/config/ta.key" 0
    push "route 172.30.0.0 255.255.255.0"
    
    persist-key
    persist-tun
    keepalive 10 60

    Save it as example-3-4-server.conf.

  2. Next, create the network bridge:
    • Each TAP-Win32 adapter on Windows is assigned a name like Local Area Connection 2. Go to the Network Connections control panel and rename it to tap-bridge.
    • Next, select tap-bridge and your Ethernet adapter with the mouse, right click, and then select Bridge Connections:
      How to do it...

    This will create a new bridge adapter icon in the control panel, usually named Network Bridge (…).

  3. The network bridge is now ready to be configured:
    How to do it...
  4. In a command window, verify that the bridge is configured correctly:
    [winserver]C:> netsh interface ip show address "Network Bridge"
      Configuration for interface "Network Bridge"
      DHCP enabled:                         No
      IP Address:                           172.30.0.50
      SubnetMask:                           255.255.255.128
      Default Gateway:                      172.30.0.1
      GatewayMetric:                        5
      InterfaceMetric:                      0
  5. Start the OpenVPN server:
    [winserver]C:> cd \program files\openvpn\config
    [winserver]C:> ..\bin\openvpn --config example3-4-server.ovpn
    
  6. Start the client:
    [root@client]# openvpn --config example3-1-client.conf
    
  7. Now, check the assigned VPN address and verify that we can ping a machine on the remote server LAN:
    [client]$ /sbin/ifconfig tap1
      tap1  Link encap:Ethernet  HWaddr A2:F4:D4:E7:99:CF
            inet addr:172.30.0.80  Bcast:172.30.0.255    
            Mask:255.255.255.0
    […]
    [client]$ ping -c 2 172.30.0.12
      PING 172.30.0.12 (172.30.0.12) 56(84) bytes of data.
      64 bytes from 172.30.0.12: icmp_seq=1 ttl=128 time=24.0 ms
      64 bytes from 172.30.0.12: icmp_seq=2 ttl=128 time=26.0 ms

How it works...

Apart from the way the bridge is created and configured, this recipe is very similar to the previous one. The one thing to keep in mind is how the adapter is selected in the server configuration file:

dev tap
dev-node tap-bridge

On Linux and other UNIX variants, this could be achieved using a single line:

dev tap0

But the naming scheme for the TAP adapters on Windows is different. To overcome this, the dev-node directive needs to be added.

See also

The previous recipe, where bridging on Linux is explained.