3. Unusual OpenVPN configuration.

Unusual OpenVPN configuration.

Every time the VPN is started the TAP interface is created. This is why it gets removed from the bridge and you have to add it again.

A L2 VPN using OpenVPN usually has a start.sh where you create a separate bridge and then bridge the tap and the physical interface.

I have something along the lines:

remote X.X.X.X
dev somename
dev-type tap
float


port 12345
persist-tun
persist-local-ip
persist-remote-ip
comp-lzo
ping 15
secret somekey
user openvpn
group openvpn
cipher somechipher
mssfix 0
fragment 0


log somewhere.log
log-append  somewhere.log

verb 3

up /etc/openvpn/somename/somenameup.sh
down /etc/openvpn/somename/somenamedown.sh

VPN start bridge script somenameup.sh

#!/bin/sh

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="VlanXXX"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="somename"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"

/usr/sbin/brctl addbr $br
/usr/sbin/brctl addif $br $eth

for t in $tap; do
    /usr/sbin/brctl addif $br $t
done

for t in $tap; do
    /sbin/ifconfig $t 0.0.0.0 promisc up
done

/sbin/ifconfig $eth 0.0.0.0 promisc up

VPN stop bridge kill script

#!/bin/sh

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="VlanXXX"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="somename"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth1"

brctl delbr $br
/r/networking Thread
Previous
Next

Recently removed from /r/networking

How to keep 2 identical IP addresses on the same network and make it work (temporary) VLAN design/safety sanity check DMVPN Dual ISP Redundancy Vulnerability Scans & Outdated/Weak Ciphers for SSL/early TLS Versions - Is Disabling The Web Interface and Opting for SSH-only management the solution? I'm a software engineer at a major networking vendor. Is there an alternate to RDP (Remote Desktop) when simply needing to connect to a localhost via VPN Cisco 891 Networking | network-policy traffic shaping Troubleshooting tools for remote VPN Users I'm not sure if it's lack of terminology that's holding me back from finding any specifics but I'm unsure why I cannot ping a router through L3 Etherchannel. Good optical fiber and sFP transceiver type for DIY termination? Automation has spooked me and i feel sticking to technical line will make us less vulnerable. What's your opinion? Are there any side hustles being a network engineer? Do you constantly have to prove the networks innocents? Firepower rant How do you survive in networking if you are a colour blind?

More Random Comments

In La Haine (1995) there is a scene where Vinz talks to himself in the mirror. In the filming of this scene however, there is no mirror involved. The actor is in another room with a body double standing across him mimicking his movements. LG’s New Affordable UltraGear Gaming Monitor, 23.6″ 144Hz 24GN50W (Warning: sexual assault) I (17F) am feeling myself start to hate men Does anybody know the name of that beautiful Canadian wife of an NHL player? BV and UTI's What’s the stupidest reason you got in trouble in school? r/SDSGrandCross Basic Questions, Advice, and General Discussion Daily Megathread Software for Building My First MYOG With Hidalgo running Harris County, a pandemic becomes political People don't know as much about vampires as they think they do Anyone feel bad for Polo? This American life wins fist pulitzir award through its episode no688 People who work in Human Resources, what is the weirdest shit you have seen? Niveaulos und frauenverachtend: Wer stoppt Oliver Pocher? Podcasts similar to Stuff You Should Know but actually researched?