Tom Eastep wrote: > Mike Lander wrote: >> Mike -- You seem to be one of the folks who mistakenly believes that >> every interface needs a default gateway. That is simply not true. You >> only need multiple default routes when you have multiple links to the >> internet. >> >> Tom >> >> >> >> >> No I was not thinking I needed two routes. Its just that this script >> kept complaining that there was no gateway. So I went to the example >> script I used and I think that guy was using rfc 1918 gateways now that >> I think about it. I was very tired last night desperate to get joy. >> Then first thing this morning that was the only mistake left in this >> config left. Other than the shorewall entries you advised to correct. >> I came straight from bed first cup coffee. My brain needs a sec you know. >> Behold joy this morning. >> Now I am configing the client. Any tips I need there? >> I am hoping I can do this with two firewalls in my shop to test >> one with eth0 75.149.172.88 server br0 10.194.79.191 >> one with eth0 75.149.172.89 client br0 not sure yet. >> both with isp gateway 75.149.172.94 >> Then I am taking them to their intended location. > > Mike, > > I realized earlier this morning that I've not tried to bridge an OpenVPN > client to a LAN -- only a server. So I would have to research that and > experiment myself if I needed to do it.
Mike,
Looks like you want a simple p2p OpenVPN configuration rather than a
client-server configuration.
I tested this using a simple shared-key setup.
I set up the bridge between two systems:
172.20.1.102 - ursa
172.20.1.254 - gateway
Both systems, I configured a bridge with a single tun0 port.
ursa br0 is 10.0.0.1/24
gateway br0 is 10.0.0.2/24
On ursa, I executed this command:
openvpn --genkey --secret bridgekey
I used scp to copy the 'bridgekey' file to the other system.
On ursa, I then executed this command:
openvpn --remote 172.20.1.254 --dev tap0 --key bridgekey
and on gateway, I executed this command:
openvpn --remote 172.20.1.102 --dev tap0 --key bridgekey
Voila!!
r...@ursa:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=2.24 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=2.08 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=2.43 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=1.84 ms
64 bytes from 10.0.0.2: icmp_seq=5 ttl=64 time=2.10 ms
64 bytes from 10.0.0.2: icmp_seq=6 ttl=64 time=3.32 ms
^C
--- 10.0.0.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 1.846/2.340/3.326/0.476 ms
r...@ursa:~#
Hope that helps,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
