This recipe will demonstrate how to set up a bridged OpenVPN server on Windows. Bridging on Windows is slightly different from Linux or UNIX, but the concept is the same.
This recipe is very similar to the previous recipe, apart from the different methods used to set up bridging.
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only networks.
For this recipe, the server computer was running Windows 7 64 bit and OpenVPN 2.3.10. The client computer was running Fedora 20 Linux and OpenVPN 2.3.10. For the Linux client, keep the client configuration file example3-1-client.conf
at hand.
We use the following network layout:
proto udp port 1194 dev tap dev-node tapbridge server-bridge 192.168.3.15 255.255.255.0 192.168.3.128 192.168.3.250 dh "c:/program files/openvpn/config/dh2048.pem" tls-auth "c:/program files/openvpn/config/ta.key" 0 ca "c:/program files/openvpn/config/ca.crt" cert "c:/program files/openvpn/config/server.crt" key "c:/program files/openvpn/config/server.key" push "route 192.168.3.0 255.255.255.0" persist-key persist-tun keepalive 10 60
Save it as example-3-4-server.conf
.
TAP-Win
adapter as tapbridge
by right-clicking on it and selecting Rename. On the test computer used, the Ethernet adapter connected to the LAN was renamed to eth0
.
This will create a new bridge adapter icon in the control panel, usually named Network Bridge (...).
[winserver]C:> netsh interface ip show address "Network Bridge" Configuration for interface "Network Bridge" DHCP enabled: No IP Address: 192.168.3.15 SubnetMask: 255.255.255.0 Default Gateway: 192.168.3.1 GatewayMetric: 5 InterfaceMetric: 0
[winserver]C:> cd program filesopenvpnconfig [winserver]C:> ..inopenvpn --config example3-4-server.ovpn
[root@client]# openvpn --config example3-1-client.conf
[client]$ /sbin/ifconfig tap1 tap1 Link encap:Ethernet HWaddr A2:F4:E2:41:05:BF inet addr:192.168.3.128 Bcast:192.168.3.255 Mask:255.255.255.0 [...] [client]$ ping -c 2 192.168.3.1 PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data. 64 bytes from 192.168.3.1: icmp_seq=1 ttl=128 time=24.0 ms 64 bytes from 192.168.3.1: icmp_seq=2 ttl=128 time=26.0 ms
Apart from the way the bridge is created and configured, this recipe is very similar to the previous one. The one thing to keep in mind is how the adapter is selected in the server configuration file:
dev tap dev-node tapbridge
On Linux and other UNIX variants, this could be achieved using a single line:
dev tap0
But the naming scheme for the TAP adapters on Windows is different. To overcome this, the dev-node
directive needs to be added.
3.145.20.21