OpenVPN Support Forum

Code: Select all

port 1194
proto tcp-server
dev tap0
ca keys/echo2/ca.crt
cert keys/echo2/echo1.crt
key keys/echo2/echo1.key
dh keys/echo2/dh2048.pem
server-bridge 192.168.0.100 255.255.255.0 192.168.0.150 192.168.0.199 #@@ br0 eth0
crl-verify keys/echo2/crl.pem
tls-auth servers/EchoServer/ta.key 0
cipher BF-CBC
user nobody
group nogroup
status servers/EchoServer/logs/openvpn-status.log
log-append servers/EchoServer/logs/openvpn.log
verb 2
mute 20
max-clients 100
management 127.0.0.1 10001
keepalive 10 120
[color=#BF4040]client-config-dir /etc/openvpn/servers/EchoServer/ccd[/color]
client-to-client
duplicate-cn
comp-lzo
persist-key
#persist-tun
ccd-exclusive
up servers/EchoServer/bin/EchoServer.up
plugin /usr/lib/openvpn/openvpn-down-root.so "/etc/openvpn/servers/EchoServer/bin/EchoServer.down-root"

Code: Select all

client
proto tcp-client
dev tap
ca ca.crt
dh dh2048.pem
cert echo1client.crt
key echo1client.key
remote 192.168.0.100 1194
tls-auth ta.key 1
cipher BF-CBC
user nobody
group nogroup
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
float
resolv-retry infinite
nobind
route 192.168.0.0 255.255.255.0
script-security 3 system

Code: Select all

Wed Apr  2 22:15:31 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Wed Apr  2 22:15:31 2014 WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail
Wed Apr  2 22:15:31 2014 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Apr  2 22:15:31 2014 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Apr  2 22:15:31 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Apr  2 22:15:31 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr  2 22:15:31 2014 WARNING: file 'keys/echo2/echo1.key' is group or others accessible
Wed Apr  2 22:15:31 2014 WARNING: file 'servers/EchoServer/ta.key' is group or others accessible
Wed Apr  2 22:15:31 2014 Control Channel Authentication: using 'servers/EchoServer/ta.key' as a OpenVPN static key file
Wed Apr  2 22:15:31 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr  2 22:15:31 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr  2 22:15:31 2014 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Apr  2 22:15:31 2014 TUN/TAP device tap0 opened
Wed Apr  2 22:15:31 2014 servers/EchoServer/bin/EchoServer.up tap0 1500 1576   init
Wed Apr  2 22:15:31 2014 WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
Wed Apr  2 22:15:31 2014 WARNING: Failed running command (--up/--down): external program fork failed
Wed Apr  2 22:15:31 2014 Exiting

Code: Select all

#!/bin/bash

/usr/share/webmin/openvpn/br_scripts/bridge_start --setbr br=br0 eth=eth0 tap=tap0 ip=192.168.0.100 netmask=255.255.255.0 > /dev/null

##### add your commands below #####
route add default gw 192.168.0.1

Code: Select all

-rwxr-xr-x 1 rootuser rootuser 216 kwi  2 21:50 EchoServer.up

Code: Select all

script-security 2

Code: Select all

Sun Apr  6 17:17:02 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Sun Apr  6 17:17:02 2014 WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail
Sun Apr  6 17:17:02 2014 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Sun Apr  6 17:17:02 2014 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Sun Apr  6 17:17:02 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Apr  6 17:17:02 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr  6 17:17:02 2014 WARNING: file 'keys/echo2/echo1.key' is group or others accessible
Sun Apr  6 17:17:02 2014 WARNING: file 'servers/EchoServer/ta.key' is group or others accessible
Sun Apr  6 17:17:02 2014 Control Channel Authentication: using 'servers/EchoServer/ta.key' as a OpenVPN static key file
Sun Apr  6 17:17:02 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr  6 17:17:02 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr  6 17:17:02 2014 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Apr  6 17:17:02 2014 TUN/TAP device tap0 opened
Sun Apr  6 17:17:02 2014 servers/EchoServer/bin/EchoServer.up tap0 1500 1576   init
/usr/share/webmin/openvpn/br_scripts/bridge_start: line 39: brctl: command not found
/usr/share/webmin/openvpn/br_scripts/bridge_start: line 99: brctl: command not found
SIOCADDRT: File exists
Sun Apr  6 17:17:02 2014 WARNING: Failed running command (--up/--down): external program exited with error status: 7
Sun Apr  6 17:17:02 2014 Exiting

Code: Select all

Wed Apr  9 17:21:07 2014 Initialization Sequence Completed