Bridging- Windows

This recipe will demonstrate how to set up a bridged OpenVPN server on Windows. Bridging on Windows is slightly different from Linux or UNIX, but the concept is the same.

This recipe is very similar to the previous recipe, apart from the different methods used to set up bridging.

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only networks.

For this recipe, the server computer was running Windows 7 64 bit and OpenVPN 2.3.10. The client computer was running Fedora 20 Linux and OpenVPN 2.3.10. For the Linux client, keep the client configuration file example3-1-client.conf at hand.

We use the following network layout:

Getting ready

How to do it...

  1. Create the server configuration file:
            proto udp 
            port 1194 
            dev tap 
            dev-node tapbridge 
     
            server-bridge 192.168.3.15 255.255.255.0 192.168.3.128 
            192.168.3.250 
     
            dh       "c:/program files/openvpn/config/dh2048.pem" 
            tls-auth "c:/program files/openvpn/config/ta.key" 0 
            ca       "c:/program files/openvpn/config/ca.crt" 
            cert     "c:/program files/openvpn/config/server.crt" 
            key      "c:/program files/openvpn/config/server.key" 
     
            push "route 192.168.3.0 255.255.255.0" 
     
            persist-key 
            persist-tun 
            keepalive 10 60 
    

    Save it as example-3-4-server.conf.

  2. Next, create the network bridge:
    • Go to Network and Sharing Center and Change adapter settings.
    •  Rename the TAP-Win adapter as tapbridge by right-clicking on it and selecting Rename. On the test computer used, the Ethernet adapter connected to the LAN was renamed to eth0.
    • Select the two adapters that need to be bridged by pressing the Ctrl key and clicking on each adapter, then right-clicking and selecting Bridge Connections:
      How to do it...

    This will create a new bridge adapter icon in the control panel, usually named Network Bridge (...).

  3. The network bridge is now ready to be configured:
    How to do it...
  4. In a command window, verify that the bridge is configured correctly:
          [winserver]C:> netsh interface ip show address "Network 
              Bridge"
      Configuration for interface "Network Bridge"
      DHCP enabled:                     No
      IP Address:                       192.168.3.15
      SubnetMask:                       255.255.255.0
      Default Gateway:                  192.168.3.1
      GatewayMetric:                    5
      InterfaceMetric:                  0
    
  5. Start the OpenVPN server:
          [winserver]C:> cd program filesopenvpnconfig
          [winserver]C:> ..inopenvpn --config example3-4-server.ovpn
    
  6. The Windows firewall will pop up a security warning. Allow OpenVPN access to the VPN:
    How to do it...
  7. Start the client:
          [root@client]# openvpn --config example3-1-client.conf
    
  8. Now, check the assigned VPN address and verify that we can ping a machine on the remote server LAN:
          [client]$ /sbin/ifconfig tap1
      tap1  Link encap:Ethernet  HWaddr A2:F4:E2:41:05:BF
            inet addr:192.168.3.128  Bcast:192.168.3.255    
            Mask:255.255.255.0
    [...]
          [client]$ ping -c 2 192.168.3.1
      PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data.
      64 bytes from 192.168.3.1: icmp_seq=1 ttl=128 time=24.0 ms
      64 bytes from 192.168.3.1: icmp_seq=2 ttl=128 time=26.0 ms
    

How it works...

Apart from the way the bridge is created and configured, this recipe is very similar to the previous one. The one thing to keep in mind is how the adapter is selected in the server configuration file:

dev tap 
dev-node tapbridge 

On Linux and other UNIX variants, this could be achieved using a single line:

dev tap0 

But the naming scheme for the TAP adapters on Windows is different. To overcome this, the dev-node directive needs to be added.

See also

  • The previous recipe, where bridging on Linux is explained
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.20.21