Emaculation.com

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
bridged_openvpn_server_setup [2015/05/08 14:01] – [Final Settings in the VM] nucarbridged_openvpn_server_setup [2015/11/15 19:18] nucar
Line 1: Line 1:
 ====== Bridged OpenVPN Server Setup ====== ====== Bridged OpenVPN Server Setup ======
  
-(Last updated May 8, 2015.  The forum thread is [[http://www.emaculation.com/forum/viewtopic.php?f=3&t=8336|here]].)+(Last updated November 15, 2015.  The forum thread is [[http://www.emaculation.com/forum/viewtopic.php?f=3&t=8336|here]].)
  
 ===== Introduction ===== ===== Introduction =====
Line 7: Line 7:
 This guide describes how to set up a bridge-mode [[http://openvpn.net/index.php/open-source.html|OpenVPN]] server in a VirtualBox Linux virtual machine (VM).  Debian and Ubuntu are the Linux distributions used.  These instructions are intended for home users who wish to run the VM on a Mac or Windows PC.  We'll use only free and open-source software, but other virtualization software such as Parallels or VMware can be used instead.  This guide may look long and intimidating, but that's only because many of the steps are spelled out in detail so that it can be as beginner-friendly as possible.  A lot just involves copying and pasting.  You don't need to read the appendices unless you're interested in their specific topics. This guide describes how to set up a bridge-mode [[http://openvpn.net/index.php/open-source.html|OpenVPN]] server in a VirtualBox Linux virtual machine (VM).  Debian and Ubuntu are the Linux distributions used.  These instructions are intended for home users who wish to run the VM on a Mac or Windows PC.  We'll use only free and open-source software, but other virtualization software such as Parallels or VMware can be used instead.  This guide may look long and intimidating, but that's only because many of the steps are spelled out in detail so that it can be as beginner-friendly as possible.  A lot just involves copying and pasting.  You don't need to read the appendices unless you're interested in their specific topics.
  
-An OpenVPN server in a bridged configuration creates a virtual private network (VPN) that can be thought of as a virtual Ethernet switch to your network.  It allows people you trust to make a virtual Ethernet connection to your LAN from over the Internet.  Therefore, people that connect, called clients, are able to send and receive all the same data that they could if they were physically connected to your LAN by Ethernet, while still maintaining their own normal LAN and Internet connections.  Traffic going to and from the clients is tunneled over a single UDP port.  This means that local traffic of any protocol (TCP, UDP, AppleTalk, IPX, etc.), including broadcasts, will be sent over that UDP port.  All data over the VPN connection is encrypted and compressed.+An OpenVPN server in a bridged configuration creates a virtual private network (VPN) that can be thought of as a virtual Ethernet switch to your network.  It allows people you trust to make a virtual Ethernet connection to your LAN from over the Internet.  Therefore, people that connect, called clients, are able to send and receive all the same data that they could if they were physically connected to your LAN by Ethernet, while still maintaining their own normal LAN and Internet connections.  Local traffic of any protocol (TCP, UDP, AppleTalk, IPX, etc.) going to and from the clients, including broadcasts, will be tunneled over a single UDP port.  All data over the VPN connection is encrypted and compressed.
  
 Possible uses of this VPN include:\\ Possible uses of this VPN include:\\
Line 20: Line 20:
  
 The computer on which you want to run the OpenVPN server **//must be wired to your router by Ethernet//**, and you must have the ability to forward a UDP port.  The IANA port number for OpenVPN is port 1194, but you can use any free port you want.  Clients can use wireless or Ethernet and do not need to forward any ports. The computer on which you want to run the OpenVPN server **//must be wired to your router by Ethernet//**, and you must have the ability to forward a UDP port.  The IANA port number for OpenVPN is port 1194, but you can use any free port you want.  Clients can use wireless or Ethernet and do not need to forward any ports.
 +
 ===== Using a Unique Subnet ===== ===== Using a Unique Subnet =====
  
Line 81: Line 82:
 Choose whether you want to participate in the package usage survey. Choose whether you want to participate in the package usage survey.
  
-Use the **space bar** to select only "standard system utilities," then hit return.  The SSH server software is useful for accessing the Linux terminal from another computer, but that isn't covered here.+Use the **space bar** and arrow keys to select only "standard system utilities," then hit return.  The SSH server software is useful for accessing the Linux terminal remotely or when the VM is run in "headless" mode (as a background process).  These features help to streamline your usage of the OpenVPN server, but aren't covered in this guide.
  
 Select “Yes” to install the GRUB boot loader, use the down arrow key to choose the /dev/sda device, and hit return. Select “Yes” to install the GRUB boot loader, use the down arrow key to choose the /dev/sda device, and hit return.
Line 289: Line 290:
     done     done
  
-    sleep 10+#    sleep ?
  
     ifconfig $eth 0.0.0.0 promisc up     ifconfig $eth 0.0.0.0 promisc up
 +
 +#    sleep ?
  
     ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast     ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
 +
 +    sleep 1
  
     route add default gw $eth_gateway     route add default gw $eth_gateway
Line 318: Line 323:
 Use the arrow keys to edit the script.  Edit the four lines beginning with eth_ip, eth_netmask, eth_broadcast and eth_gateway.  Those four variables must be set equal to the free IP address for the Linux VM, netmask, broadcast address and router's IP address, respectively, in quotes as shown.  Edit only those four lines.  Press control+X, then Y to accept changes, and return to save the file.  Entering "ls" should now show the file "openvpn-bridge" in the list of files in the directory.  If you need to edit the script again, enter the same command above used to create it. Use the arrow keys to edit the script.  Edit the four lines beginning with eth_ip, eth_netmask, eth_broadcast and eth_gateway.  Those four variables must be set equal to the free IP address for the Linux VM, netmask, broadcast address and router's IP address, respectively, in quotes as shown.  Edit only those four lines.  Press control+X, then Y to accept changes, and return to save the file.  Entering "ls" should now show the file "openvpn-bridge" in the list of files in the directory.  If you need to edit the script again, enter the same command above used to create it.
  
-The duration of the "sleep" command may need to be increased for slow hard drives.  If, in the future, there is no Internet connection in the VM after booting (ping google.com from the Linux terminal, for example), then try increasing the sleep command.  My Ubuntu VM needed "sleep 25to be reliable, but "sleep 10was sufficient for my Debian VM.+The duration of one or more of the "sleep" commands may need to be changed depending or your version of Linux and hard drive speed.  The working value is usually around 1 to 10but could be greater.  If (after this setup is complete) there is no Internet connection in the VM after booting (ping google.com from the Linux terminal, for example), then try increasing or decreasing the sleep command.  (Advanced users can also use the command "netstat -nr".)  How Linux behaves for the commands following these "sleep" commands seems to depend largely on the version of Linux and how busy the hard drive is.  The behavior can change even between minor-version updates for the same major release of Debian.  What appears in the script above is what currently works for me.
  
 This script is adapted from the "bridge-start" and "bridge-stop" scripts at OpenVPN's [[http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html|Ethernet bridging page]].  It bridges the Ethernet interface, eth0, and OpenVPN's TAP interface, tap0, as members of the bridge interface, br0.  It also sets the Linux VM's private IP address to the free address that you chose, **effectively giving the server a static IP address**. This script is adapted from the "bridge-start" and "bridge-stop" scripts at OpenVPN's [[http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html|Ethernet bridging page]].  It bridges the Ethernet interface, eth0, and OpenVPN's TAP interface, tap0, as members of the bridge interface, br0.  It also sets the Linux VM's private IP address to the free address that you chose, **effectively giving the server a static IP address**.
Line 526: Line 531:
   *Some LAN-based programs don't specify which ports they use.  Unless you can determine the ports, a VPN is necessary for networking these programs over the Internet.   *Some LAN-based programs don't specify which ports they use.  Unless you can determine the ports, a VPN is necessary for networking these programs over the Internet.
  
-  *You can play shared-screen and "hot seat" games using remote desktop software.+  *You can play shared-screen and "hot seat" games over the Internet using remote desktop software.