OpenVPN: Connect your LANs over the Internet

Bridged PKI setup

by ross at 09:02:22 on April 7, 2017

Here we will connect server and any number of clients. All the LANs are 192.168.0.0/24 and use device bge0.

Server

/usr/local/etc/openvpn/openvpn_officelan.conf:

port 1194
dev tap0 # use unique tapN for every config
server-bridge nogw
up openvpn_officelan.up.sh
down openvpn_officelan.down.sh
client-to-client

dh openvpn_officelan.dh.pem
ca openvpn_officelan.ca.crt
cert openvpn_officelan.crt
key openvpn_officelan.key
remote-cert-tls client

script-security 2

/usr/local/etc/openvpn/openvpn_officelan.up.sh:

#!/bin/sh

test=`/sbin/ifconfig bridge0 > /dev/null 2>&1`
if [ $? -ne 0 ]; then
    /sbin/ifconfig bridge0 create
    # Replace bge0 with your LAN interface:
    /sbin/ifconfig bridge0 addm bge0 up
    /sbin/ifconfig bridge0 up
fi

/sbin/ifconfig bridge0 addm $1
/sbin/ifconfig $1 up

/usr/local/etc/openvpn/openvpn_officelan.down.sh:

#!/bin/sh

/sbin/ifconfig bridge0 deletem $1
# chmod a+x *.sh

Clients

/usr/local/etc/openvpn/openvpn_officelan.conf (the same for every client):

remote vpn.example.com 1194 # replace with your server address
dev tap0 # use unique tapN for every config
client
up openvpn_officelan.up.sh
down openvpn_officelan.down.sh

dh openvpn_officelan.dh.pem
ca openvpn_officelan.ca.crt
cert openvpn_officelan.crt
key openvpn_officelan.key

script-security 2

Create the same openvpn_officelan.up.sh and openvpn_officelan.down.sh scripts. Don't forget to chmod a+x them.

Run

Create rc.d script and run the daemon as described on the last page.

Comments