Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
technical:openvpn-bridges-prep-os [2023/10/20 08:01] admin created |
technical:openvpn-bridges-prep-os [2023/10/23 14:47] (current) admin [Configure the Interfaces] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Prepare the hardware and OS ====== | ====== Prepare the hardware and OS ====== | ||
| ===== Install VLAN Module ===== | ===== Install VLAN Module ===== | ||
| - | * In order for us to run VLANs on the server we need to install the VLAN module | + | * We need to install the VLAN module |
| <code bash> | <code bash> | ||
| #Install the VLAN package | #Install the VLAN package | ||
| Line 15: | Line 15: | ||
| ===== Install Bridge Utilities ===== | ===== Install Bridge Utilities ===== | ||
| - | * In order for us be be able to use the bridging capabilities on the server, we need to install the bridge utilities. | + | * We need to install the bridge utilities |
| <code bash> | <code bash> | ||
| #Install the bridge-utils package | #Install the bridge-utils package | ||
| Line 24: | Line 24: | ||
| ===== Configure the Interfaces ===== | ===== Configure the Interfaces ===== | ||
| * If your server has** only one** interface card, edit the **/ | * If your server has** only one** interface card, edit the **/ | ||
| - | <code bash> | + | |
| - | # This script is executed at the end of each multiuser runlevel. | + | <WRAP center round tip 90%> |
| - | # Make sure that the script will "exit 0" on success or any other | + | We assume here the eth0 port now has the public IP address and give the dummy interface the name of eth1. Please consider this in the configurations after this page and change accordingly. |
| - | # value on error. | + | </ |
| - | # | + | |
| - | # In order to enable or disable this script just change the execution | + | <file bash rc.local> |
| - | # bits. | + | #!/bin/bash |
| - | # | + | |
| - | # By default this script does nothing. | + | |
| #Set up the dummy interface | #Set up the dummy interface | ||
| Line 38: | Line 36: | ||
| /sbin/ip link add dummy0 type dummy | /sbin/ip link add dummy0 type dummy | ||
| /sbin/ip link set name eth1 dev dummy0 | /sbin/ip link set name eth1 dev dummy0 | ||
| - | /sbin/ifconfig | + | /sbin/ip link set dev eth1 address |
| /sbin/ip link set eth1 up promisc on | /sbin/ip link set eth1 up promisc on | ||
| Line 64: | Line 62: | ||
| exit 0 | exit 0 | ||
| + | </ | ||
| + | * If your server has two or more physical interfaces we do on need to first define a dummy interface. | ||
| + | <file bash rc.local> | ||
| + | #!/bin/bash | ||
| + | |||
| + | #Now add the VLAN | ||
| + | /sbin/ip link add link eth1 name eth1.101 type vlan id 101 | ||
| + | /sbin/ip link set eth1.101 up promisc on | ||
| + | /sbin/brctl addbr br0.101 | ||
| + | /sbin/brctl addif br0.101 eth1.101 | ||
| + | /sbin/ip addr add 10.101.0.1/ | ||
| + | /sbin/ip link set dev br0.101 up | ||
| + | |||
| + | /sbin/ip link add link eth1 name eth1.102 type vlan id 102 | ||
| + | /sbin/ip link set eth1.102 up promisc on | ||
| + | /sbin/brctl addbr br0.102 | ||
| + | /sbin/brctl addif br0.102 eth1.102 | ||
| + | /sbin/ip addr add 10.102.0.1/ | ||
| + | /sbin/ip link set dev br0.102 up | ||
| + | |||
| + | /sbin/ip link add link eth1 name eth1.103 type vlan id 103 | ||
| + | /sbin/ip link set eth1.103 up promisc on | ||
| + | /sbin/brctl addbr br0.103 | ||
| + | /sbin/brctl addif br0.103 eth1.103 | ||
| + | /sbin/ip addr add 10.103.0.1/ | ||
| + | /sbin/ip link set dev br0.103 up | ||
| + | |||
| + | exit 0 | ||
| + | </ | ||
| + | <WRAP center round info 90%> | ||
| + | We don't use a Netplan file since it does not currently support things like setting a card in promiscuous mode. | ||
| + | </ | ||
| + | |||
| + | |||
| + | ===== Add a Systemd Service for rc.local ===== | ||
| + | * Ubuntu changed the startup system in the more recent releases to Systemd. | ||
| + | * In order for the rc.local file to be run during startup under Systemd, we need a couple of extra steps | ||
| + | * Create the file **/ | ||
| + | <code bash> | ||
| + | # / | ||
| + | [Unit] | ||
| + | | ||
| + | | ||
| + | |||
| + | [Service] | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | [Install] | ||
| + | | ||
| </ | </ | ||
| + | * Then | ||
| + | <code bash> | ||
| + | sudo touch / | ||
| + | sudo chmod +x / | ||
| + | sudo systemctl enable rc-local | ||
| + | </ | ||
| + | * Check with | ||
| + | <code bash> | ||
| + | sudo systemctl start rc-local.service | ||
| + | sudo systemctl status rc-local.service | ||
| + | </ | ||
| + | ===== Confirm it is correct ===== | ||
| + | * Reboot the server and confirm that it came up with these bridges configured. | ||
| + | <code bash> | ||
| + | #Issue the **ip a** command to confirm the br0.101, br0.102 and br0.103 are up and has the correct IP Address. | ||
| + | #Also use the brctl command to show you the bridges present | ||
| + | system@rd: | ||
| + | bridge name bridge id STP enabled interfaces | ||
| + | br0.101 8000.000c294aafdf no eth0.101 | ||
| + | br0.102 8000.000c294aafdf no eth0.102 | ||
| + | br0.103 8000.000c294aafdf no eth0.103 | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||