Table of Contents

OpenVPN Bridges

Prepare OpenVPN

sudo rm /etc/openvpn/server.conf

OpenVPN server config for br0.101

server_vlan_101.conf
mode server
 
auth none
 
tmp-dir /dev/shm
 
auth-user-pass-verify "/etc/openvpn/openvpn_auth.pl" via-file
verify-client-cert none
username-as-common-name
script-security 2
 
local 178.1.1.20
port 1194
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
 
up "/etc/openvpn/up.sh br0.101 eth1.101"
server-bridge 10.101.0.1 255.255.0.0 10.101.0.2 10.101.0.100
 
ifconfig-pool-persist ipp.txt
;client-config-dir ccd
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 4
allow-compression no
data-ciphers none
cipher none

OpenVPN server config for br0.102

server_vlan_102.conf
mode server
 
auth none
 
tmp-dir /dev/shm
 
auth-user-pass-verify "/etc/openvpn/openvpn_auth.pl" via-file
verify-client-cert none
username-as-common-name
script-security 2
 
local 178.1.1.20
port 1195
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
 
up "/etc/openvpn/up.sh br0.102 eth1.102"
server-bridge 10.102.0.1 255.255.0.0 10.102.0.2 10.102.0.100
 
ifconfig-pool-persist ipp.txt
;client-config-dir ccd
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 4
allow-compression no
data-ciphers none
cipher none

OpenVPN server config for br0.103

server_vlan_103.conf
mode server
 
auth none
 
tmp-dir /dev/shm
 
auth-user-pass-verify "/etc/openvpn/openvpn_auth.pl" via-file
verify-client-cert none
username-as-common-name
script-security 2
 
local 178.1.1.20
port 1196
proto udp
dev tap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
 
up "/etc/openvpn/up.sh br0.103 eth1.103"
server-bridge 10.103.0.1 255.255.0.0 10.103.0.2 10.103.0.100
 
ifconfig-pool-persist ipp.txt
;client-config-dir ccd
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 4
allow-compression no
data-ciphers none
cipher none

Prepare /etc/openvpn/up.sh

sudo vi /etc/openvpn/up.sh
up.sh
#!/bin/sh
 
BR=$1
ETHDEV=$2
TAPDEV=$3
 
/sbin/ip link set "$TAPDEV" up
/sbin/ip link set "$ETHDEV" promisc on
/sbin/brctl addif $BR $TAPDEV
sudo chmod 755 /etc/openvpn/up.sh

Prepare openvpn_auth.pl

my $protocol='http';
my $server_name_or_ip='198.27.111.78';
my $api_path="/cake4/rd_cake/openvpn-servers/auth-client.json";
sudo chmod 755 /etc/openvpn/openvpn_auth.pl
sudo apt-get install liblwp-protocol-https-perl

Test Start OpenVPN service

#start 101
sudo systemctl start openvpn@server_vlan_101
#check the output for any errors
journalctl -xeu openvpn@server_vlan_101.service
#start 102
sudo systemctl start openvpn@server_vlan_102
#check the output for any errors
journalctl -xeu openvpn@server_vlan_102.service
#start 103
sudo systemctl start openvpn@server_vlan_103
#check the output for any errors
journalctl -xeu openvpn@server_vlan_103.service

Check the bridges

brctl show
bridge name	bridge id		STP enabled	interfaces
br0.101		8000.000c294aafdf	no		eth0.101
							tap0
br0.102		8000.000c294aafdf	no		eth0.102
							tap1
br0.103		8000.000c294aafdf	no		eth0.103
							tap2

Install ifconfig

sudo apt install net-tools

Test ifconfig

tap0      Link encap:Ethernet  HWaddr 22:1a:35:b6:01:d7  
          inet6 addr: fe80::201a:35ff:feb6:1d7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:768 (768.0 B)  TX bytes:820 (820.0 B)
 
tap1      Link encap:Ethernet  HWaddr ca:e0:7d:c0:ea:a0  
          inet6 addr: fe80::c8e0:7dff:fec0:eaa0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)
 
tap2      Link encap:Ethernet  HWaddr f2:36:e7:d2:da:c1  
          inet6 addr: fe80::f036:e7ff:fed2:dac1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

OpenVPN Startup

sudo systemctl disable openvpn
/sbin/ip addr add 10.103.0.1/16 dev br0.103
/sbin/ip link set dev br0.103 up
 
#Add the startup of OpenVPN
systemctl start openvpn@server_vlan_101
systemctl start openvpn@server_vlan_102
systemctl start openvpn@server_vlan_103
 
exit 0
sudo reboot