Project

General

Profile

Actions
Copy link

Feature #1518

closed

Openvpn server + bridge

Added by kropalik - about 14 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
05/10/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

I have this interface config on FreeBSD server, and it works ok:
#ifconfig
.....
msk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c011a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4,VLAN_HWTSO,LINKSTATE>
ether 48:5b:39:01:d7:af
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether a6:13:ed:8c:5e:3a
inet 192.168.1.207 netmask 0xffffff00 broadcast 192.168.1.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 8 priority 128 path cost 2000000
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: msk0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 55
.....

#cat /usr/local/etc/openvpn/openvpn.conf
port 1194
proto udp
dev tap0
ca ca.crt
cert srv.crt
key srv.key
dh dh2048.pem
mode server
tls-server
client-config-dir ccd_artur
ccd-exclusive
client-to-client
keepalive 40 300
#tls-auth ta.key 0
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/artur.status
log /var/log/openvpn/artur.log
verb 4
mute 20
#cipher AES-128-CBC

Now I want to use pfSense as OpenVPN server with same config.
(I have to use bridge + tap because I need to tunnel non-IP packets)

#cat /var/etc/openvpn/server1.conf
dev ovpns1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
tls-server
server 10.17.5.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
ifconfig 10.17.5.1 10.17.5.2
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 8
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
comp-lzo

There is line "server 10.17.5.0 255.255.255.0" and "ifconfig 10.17.5.1 10.17.5.2"
witch is required by configuration GUI. but I need just "mode server" instead.
I think it should be easy to add this mode to GUI....

Actions
Copy link
 #1

Updated by Chris Buechler about 14 years ago

  • Status changed from New to Rejected

duplicate of #1326

Actions
Copy link
 #2

Updated by Chris Buechler almost 10 years ago

  • Target version deleted (2.0)
Actions
Copy link

Also available in: Atom PDF