linux bridge eth interface with openvpn and DHCP

[rajeshku]

Hi,

Can you please help me to bridge with DHCP in openVPN.I found the topic

http://openvpn.net/index.php/open-sourc ... dging.html


But it is for using client IP pool.I need to configure with DHCP.Any help will be appreciated.

Thanks

[gladiatr72]

This comes directly from the openvpn man page (which I'd recommend reading)

Code: Select all

       --server-bridge ['nogw']

              A helper directive similar to --server which is designed to sim-
              plify the configuration of OpenVPN's  server  mode  in  ethernet
              bridging configurations.

              If  --server-bridge  is  used  without  any  parameters, it will
              enable a DHCP-proxy mode, where connecting OpenVPN clients  will
              receive an IP address for their TAP adapter from the DHCP server
              running on the OpenVPN server-side LAN.  Note that only  clients
              that  support  the binding of a DHCP client with the TAP adapter
              (such as Windows) can support this mode.  The optional nogw flag
              (advanced)  indicates  that  gateway  information  should not be
              pushed to the client.

[rajeshku]

Thanks for your reply.

I have OpenVPN installed and accepting connections from users.

What i need is eth1 to be bridged onto the VPN.

Also OpenVPN needs to be configured to assign IPs from a DHCP server, which has already been setup and configured on the same machine.

Can you please provide the steps ?
Thanks

[gladiatr72]

What OS are you using?

[rajeshku]

CentOS please give me a step by step instrestion asap.

Thanks

[gladiatr72]

To configure a your ethernet device for bridging in centos/rhel:

I'm assuming your internal ethernet device is eth1.

/etc/sysconfig/network-scripts/ifcfg-br0

Code: Select all

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=[internal IP address]
NETMASK=255.255.255.0
ONBOOT=yes
USERCTL=yes
IPV6INIT=no
PEERDNS=no
PROMISC=yes

/etc/sysconfig/network-scripts/ifcfg-eth1

Code: Select all

DEVICE=eth1
TYPE=Ethernet
USERCTL=yes
ONBOOT=yes
IPV6INIT=no
PEERDNS=no
BRIDGE=br0
PROMISC=yes

to add the tap device to the bridge, use the up directive in your openvpn server configuration as follows:

Code: Select all

up /etc/openvpn/bridge-start.sh

/etc/openvpn/bridge-start.sh

Code: Select all

#!/bin/bash

echo "adding $1 to bridge"

brctl addif br0 $1

ifconfig $1 up

chmod 755 /etc/openvpn/bridge-start.sh

[rajeshku]

Thank you very much for your reply.