I would like to connect OpenVPN clients with server to allow clients access to VMs in the same subnet:
172.17.167.1 - router gw
172.17.167.4 - openvpn server
172.17.167.100-200 ip range for openvpn clients
172.17.167.10-99 ip range for VMs
all IPs are static
executing:
bridge-start
openvpn server.conf
No Internet access avaliable after bridging so clients cannot connect to openvpn server.
server.conf:
Code: Select all
port 1194
proto tcp-server
dev tap0
#dev-node tap-bridge
ca ca.crt
cert cert.crt
key key.key
dh dh2048.pem
tls-auth ta.key 0
server-bridge 172.17.167.4 255.255.255.0 172.17.167.100 172.17.167.200
mode server
tls-server
ifconfig 172.17.167.4 255.255.255.0
push "route 172.17.167.1 255.255.255.0"
topology subnet
#ifconfig-pool-persist ipp.txt 0
#daemon
client-to-client
duplicate-cn
keepalive 10 120
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="172.17.167.4"
eth_netmask="255.255.255.0"
eth_broadcast="172.17.167.255"
gw="172.17.168.1"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast