The server is installed on an Intel Nuc computer running Ubuntu 16.04 LTS operating system. The Nuc has a single NIC which is connected to the router Asus RT-AC68u.
What I want to do: connecting two networks on the same subnet in two different locations (homes) using TAP BRIDGE. I am able to do this using the built in openvpn server and client on my two routers and it is working like a charm. However, because of the low CPU power of the routers I need to run the openvpn server on two computers with more powerful CPU in order to achieve more bandwidth. I have 20 megabits of upload from my ISP and I am able to use only 8 megabits with the openvpn system built into the routers.
my network:
House 1
Router1 address (openvpn server): 192.168.2.1
Router1 DHCP server pool addresses 192.168.2.2 - 192.168.2.79
House 2
Router2 address (openvpn client): 192.168.2.80
Router2 DHCP server pool addresses 192.168.2.81 - 192.168.2.159
This openvpn server/client system is working perfectly and is very stable. The network devices are getting their IP addresses from the two DHCP servers and are able to "see" all the devices in the other network. No Ip conflicts at all.
I want to move both openvpn bridge server and client from the routers to two Intel Nucs. The DHCP and the Internet access should remain routers tasks as they are in this moment.I want only to establish and ethernet connection between the two networks (houses)
What I have done yet:
- I give the Intel Nuc running openvpn server the 192.168.2.29 address
- I installed Openvpn
- I generated the servers certificates and keys
- I setup the server in bridge mode
- I generated the clients .ovpn files
- I made the bridge-start.sh and bridge-stop.sh scripts.
Here is the SERVER configuration:
server-bridge
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto udp
port 1986
dev tap0
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth SHA256
keepalive 15 60
verb 3
client-to-client
duplicate-cn
push "dhcp-option DNS 192.168.2.1"
tls-auth ta.key
ca ca.crt
dh dh2048.pem
cert servervpn.crt
key servervpn.key
status-version 2
status status 10
Code: Select all
#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.2.29"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.2.255"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
Code: Select all
#!/bin/bash
####################################
# Tear Down Ethernet bridge on Linux
####################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged together
tap="tap0"
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
Code: Select all
matej@matej-desktop:/etc/openvpn$ ifconfig -a
eth0 Link encap:Ethernet HWaddr b8:ae:ed:ec:25:8b
inet addr:192.168.2.29 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::e1da:f3ae:c633:30c9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20409 errors:0 dropped:0 overruns:0 frame:0
TX packets:16666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2923758 (2.9 MB) TX bytes:1934047 (1.9 MB)
Interrupt:16 Memory:df100000-df120000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10246 errors:0 dropped:0 overruns:0 frame:0
TX packets:10246 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1998901 (1.9 MB) TX bytes:1998901 (1.9 MB)
tap0 Link encap:Ethernet HWaddr 9e:e0:fa:f1:ee:3e
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:c2:c6:ca:6a:66
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
If if type "ifconfig-a" into the terminal I get the following:
Code: Select all
matej@matej-desktop:/etc/openvpn$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I read thousands of forum posts and I understand that the bridge should be started first, before starting the openvpn server.
These are the commands that I use in this case:
sudo service openvpn stop
cd /etc/openvpn/
sudo ./bridge-start.sh
sudo service openvpn start
By doing this, the Intel Nuc si not able to connect to internet in order to download the updates, nor the clients are able to connect to it from the internet. I need the NUC to be able to access the internet.
Where am I failing?