Page 1 of 1

Bridged OpenVPN Server Setup

Posted: Sat Apr 05, 2014 7:24 am
by NucAr
The guide in this post is moved to the wiki:

Bridged OpenVPN Server Setup (Needed for getting AppleTalk going over wireless and over the Internet)

Re: Bridged OpenVPN Server Setup

Posted: Mon Apr 07, 2014 4:32 pm
by adespoton
This is great! Just a reminder that these instructions can be used for almost* full network domination -- you can use the OpenVPN client for all your mobile devices and other remote "internet things" to create a private, encrypted network for all VMs, emulators, desktops, laptops, phones, etc. inside and outside your local network. This means that if you connect to public wifi for example, and then tunnel to your local network, all that an outsider sees is encrypted traffic.

* Still waiting for official LTOE and TCP/IP stack replacement for Mini vMac; I hope it's coming soon :)

Re: Bridged OpenVPN Server Setup

Posted: Mon Nov 09, 2015 7:08 pm
by iDShaDoW
Nice, had been looking around for something like this in the past.

The other ones I found didn't work and people at the OpenVPN forums didn't respond to my thread asking for help...

Do you know if this will work with Red Hat Linux? If not, happen to know where I can find a detailed guide for it?

Thanks.

Re: Bridged OpenVPN Server Setup

Posted: Mon Nov 16, 2015 2:40 am
by NucAr
iDShaDoW wrote:The other ones I found didn't work and people at the OpenVPN forums didn't respond to my thread asking for help...
Thanks.
Yes, and furthermore, the OpenVPN forums are unfortunately chock-full of incorrect information, especially regarding bridge mode.

Since Red Hat uses systemd, you should be able to adapt this guide to it. I recommend following it step by step as you would for Debian. If you run into something that differs, you'll have to figure out what the Red Hat equivalent is.

Re: Bridged OpenVPN Server Setup

Posted: Sat Feb 06, 2016 3:21 pm
by 5aq1b
Hey,

Followed this great guide to the letter...twice! But having trouble getting the service to start.

My setup, if this makes a difference, is an ESXi 5.5 host running a couple of VMs, with the one I'm using for the OpenVPN being a Debian 'Jessie' VM. Promiscuous mode is enabled within the vSwitch that the VM is connected to.

When doing testing after the configuration, the br0 interface doesn't appear.

When doing "systemctl status openvpn@server.service" I receive

Code: Select all

● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled)
   Active: failed (Result: exit-code) since Sat 2016-02-06 15:02:50 GMT; 1min 37s ago
  Process: 550 ExecStartPre=/etc/openvpn/openvpn-bridge start (code=exited, status=203/EXEC)

Feb 06 15:02:50 debian systemd[1]: openvpn@server.service: control process exited, code=exited status=203
Feb 06 15:02:50 debian systemd[1]: Failed to start OpenVPN connection to server.
Feb 06 15:02:50 debian systemd[1]: Unit openvpn@server.service entered failed state.
Can anyone assist?

Re: Bridged OpenVPN Server Setup

Posted: Sat Feb 06, 2016 3:50 pm
by 5aq1b
Update: when doing a 'service openvpn stop' then 'service openvpn start' I receive the following:

Code: Select all

● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled)
   Active: failed (Result: exit-code) since Sat 2016-02-06 15:40:43 GMT; 19s ago
  Process: 1835 ExecStartPre=/etc/openvpn/openvpn-bridge start (code=exited, status=203/EXEC)

Feb 06 15:40:43 debian systemd[1835]: Failed at step EXEC spawning /etc/openvpn/openvpn-bridge: No such file or directory
Feb 06 15:40:43 debian systemd[1]: openvpn@server.service: control process exited, code=exited status=203
Feb 06 15:40:43 debian systemd[1]: Failed to start OpenVPN connection to server.
Feb 06 15:40:43 debian systemd[1]: Unit openvpn@server.service entered failed state.
Not sure why it says 'no such file or directory' as I can confirm that the openvpn-bridge file definitely exists in that location.

Re: Bridged OpenVPN Server Setup

Posted: Sun Feb 28, 2016 2:31 am
by NucAr
The only thing I can suggest, other than the obvious checking for spelling errors, is to check the permissions of the openvpn-bridge script. But you should get "Permission denied" if the script was not executable (if you missed the "chmod" step of the setup instructions), not "No such file or directory." I think you just have to retrace your steps carefully. Be sure to do everything as root.

Re: Bridged OpenVPN Server Setup

Posted: Mon Feb 29, 2016 9:47 pm
by adespoton
Is it a process ACL issue as managed by systemd?

Re: Bridged OpenVPN Server Setup

Posted: Wed Nov 02, 2016 1:02 am
by mabam
I would like to set up this OpenVPN server on a NAS drive. Is there anyone who could give me an advice on how to do that? I just need a simple single drive NAS for private use with Ubuntu or Debian as OS so I can set up the OpenVPN server without the use of a VM.

Or would this work with OMV? It is built around Debian Linux Jessie, as mentioned in the setup guide? I don't necessarily need wireless AFP (but would be nice to have).

Re: Bridged OpenVPN Server Setup

Posted: Wed Nov 02, 2016 8:30 pm
by adespoton
I don't see why it wouldn't work -- worth a try.

Re: Bridged OpenVPN Server Setup

Posted: Thu Nov 03, 2016 12:33 am
by mabam
I just realised I have misunderstood things. I don't need the OpenVPN server.
I'm trying OMV and go on in my original thread.

Re: Bridged OpenVPN Server Setup

Posted: Sun Feb 05, 2017 1:17 am
by coops82517
hi folks i was wondering if anyone could help please
am trying set this up on a raspberry pi 2 using raspbian

when i do 'service openvpn start' and watch ifconfig the br0 gets the ip address for a few seconds then tap0 gets the ip address.
i think i have narrowed this down to the server.conf setting the ip address of tap0

i stopped the openvpn service then ran the bridge script manually which created the tap0 device and the bridge, setting the ip address on the bridge as it should
i than start openvpn --confg /etc/openvpn/server.conf and the ip address is then assigned to tap0
does anyone know whats going on,
i can provide the config files if need

thanks for any help

Re: Bridged OpenVPN Server Setup

Posted: Tue Feb 07, 2017 5:02 am
by NucAr
The problem could be in the openvpn-bridge script, which is the script that deals with the IP addresses.

Re: Bridged OpenVPN Server Setup

Posted: Mon May 10, 2021 2:47 pm
by readysetawesome
Can you update the guide with a large warning about how this setup DOES NOT WORK for iPhone which can't (and will probably never) support Tap interfaces.


Save then next guy like me approximately 4 hours. please!

Re: Bridged OpenVPN Server Setup

Posted: Mon May 10, 2021 4:38 pm
by adespoton
readysetawesome wrote: Mon May 10, 2021 2:47 pm Can you update the guide with a large warning about how this setup DOES NOT WORK for iPhone which can't (and will probably never) support Tap interfaces.


Save then next guy like me approximately 4 hours. please!
I'm a bit confused here. None of the emulators are available in the App store. This means you have to have either side loaded the emulators or jailbroken your phone. If you've jailbroken, you can install the Tap interfaces, can't you? So the only issue is when you've side loaded an emulator but can't side load the Tap interface.

However, having said all that, there's another issue on iOS/iPadOS/TVOS devices, which is that the module will get unloaded in the background, making using Tap instead of SLIP a bad idea in the first place, as you'll find your bridge keeps dropping and needs manual setup.

So just adding a "this setup does not work in iOS" to the guide isn't very useful, as the use case is minimal and the statement isn't really accurate if you've already gone through the work of jailbreaking the phone.

Oh, and there's one other bit: the bridging for LocalTalk so far requires a physical ethernet connection... which means any device using WiFi (including iOS devices) won't be able to use the bridged network for anything useful. And that's already in the document. Maybe that's the place to note that iOS devices don't have a physical Ethernet port?

Re: Bridged OpenVPN Server Setup

Posted: Sun Jul 25, 2021 2:16 pm
by henrykburzan
I wonder what effect forwarding port 443 will have on https browsing traffic. Will it be passed through VPN server on client and/or server side?

To be specific I'd like to connect to my local PC through remote desktop protocol from university (which blocks every possible port except 80 and 443 AFAIK) without passing all https traffic through my home network. Optimally I'd also like to avoid passing traffic from my local (server side) devices through VPN server to reduce latency.

I plan to use Raspberry Pi 4 for the server if that matters.