[SOLVED] Open VPN Bridge

[xilus]

I am trying to install openVPN on ubuntu server 10
I am working through
htt ps://hel p.ubuntu.c om/comm unity/OpenVPN
but I am running into problems. I think that I configured my network interfaces file incorrectly
/etc/network/interfaces
This is what it looked like before.

Code:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

And this is what I tried (and failed) to add the bridge

Code:

auto lo br0
iface lo inet loopback

iface br0 inet dhcp
  bridge_ports eth0
  bridge_fd 9      ## from the libvirt docs (forward delay time)
  bridge_hello 2   ## from the libvirt docs (hello time)
  bridge_maxage 12 ## from the libvirt docs (maximum message age)
  bridge_stp off   ## from the libvirt docs (spanning tree protocol)


auto eth0 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  up ip link set $IFACE promisc on
  down ip link set $IFACE promisc off
  down ifconfig $IFACE down

this is apparently not correct, because it just killed my internet connection.

Can somebody help me write this configuration file?
Also, I does anybody know where I can get documentation on this configuration syntax?
Do you know what books will help me understand this?
what is a network bridge?

[xilus]

Code:

openvpn --mktun --dev tap0 //creates the virutal interface
brctl addbr br0 //creates a bridge interface
brctl addif br0 eth0 //adds my normal ethernet interface to the bridge
brctl addif br0 tap0 // adds my virtual interface to the bridge
ifconfig tap0 0.0.0.0 promisc up //I assume this tells it to assign itself an ip
ifconfig eth0 0.0.0.0 up //I have a static IP so I dont know if this does much
ifconfig br0 192.168.2.233 netmask 255.255.255.0 broadcast 192.168.2.255
// that last line assigns ip settings to the bridge

The moment I run the command brctladdif br0 eth0, adding the eth0 interface to the bridge, my internet is gone.

[ptkobe]

Hi, xilus

Are you trying to set a VPN server, to allow VPN access to your LAN,
I mean you are not only wanting to connect to a VPN, right?

What protocol will you be using?
VPN Tunneling - Tutorial on VPN Tunnels

Do you need really need a bridge?

Too many questions?

Regards
Luis

[xilus]

A bridged VPN allows the clients to appear as though they are on the same local area network (LAN) as the server system.

I think you are right, thank you.
I don't think I need it. I can still set up a openvpn server that allows clients to connect to the world but not the LAN.

[ptkobe]

Ok. Thanks to linuxforum notification I was able to see your reply and your edit.

I'll say that
a openvpn server allows clients to connect to the openvpn server's LAN, not to the world. That's probably something like a router.

What do you say about that?

And I had another question:
Are you trying to set a VPN server, to allow VPN access to your LAN,
I mean you are not only wanting to connect to a VPN, right?

If you are just playing with it, that's fine. For me, at least.

Regards
Luis

[xilus]

I am trying to configure an OpenVPN server miles away from me
so that I can connect to it on my laptop, and access the internet from my laptop when I am not on a secure internet connection.

So when I am out on my laptop and I connect to a wifi network called "FreeSketchyWifi"
I can still be safe.

when I start openvpn, it tells me that it needs a bridge br0
probably because I started to configure it with the instructions from ubuntu.
So I am going to try to tinker with the openvpn configuration files and see if I can get it working without the bridge.

[ptkobe]

Ok, I asked because I could (may) help you if it was client side.

Never tried to set a server. Any way, I think you have to decide on a protocol for the VPN tunneling (PPTP, IPsec,etc)

Hope someone else may give you any help

Regards
Luis

[xilus]

Do you think I do indeed have to bridge a eth0 and tap device like the Ubuntu article describes?

[ptkobe]

All I can say is that on the client side, if using pptp, I only have to install
$ apt-get install pptp-linux

configure
/etc/ppp/peers/isel
/etc/ppp/options.isel
/etc/ppp/chap-secrets

isel is my vpn. I set server, user, password, and pptp settings on those files

run
sudo /usr/sbin/pppd call isel nodetach

I'm connected. That creates a ppp0

add a route
$ sudo route add -net 10.0.0.0 netmask 255.0.0.0 dev ppp0

and remote to a machine
$ rdesktop -k pt 10.0.x.y -u Administrator -g 1024x768

And I'm on. But that's all client side. Can't help on the server. Sorry

Regards
Luis

[xilus]

I got it working without the bridge.
The instructions in the attached rtf is what worked for me.