|
346.
|
|
|
![](/@@/translation-newline)
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
|
![](/@@/translation-newline)
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
|
|
Translated and reviewed by
Adolfo Jayme Barrientos
|
|
|
|
Located in
serverguide/C/vpn.xml:568(programlisting)
|
|
347.
|
|
|
Please read the OpenVPN <ulink url="http://openvpn.net/index.php/open-source/documentation/howto.html#security">hardening security guide</ulink> for further security advice.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:572(para)
|
|
348.
|
|
|
Advanced bridged VPN configuration on server
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:578(title)
|
|
349.
|
|
|
<application>OpenVPN</application> can be setup for either a routed or a bridged VPN mode. Sometimes this is also referred to as OSI layer-2 versus layer-3 VPN. In a bridged VPN all layer-2 frames - e.g. all ethernet frames - are sent to the VPN partners and in a routed VPN only layer-3 packets are sent to VPN partners. In bridged mode all traffic including traffic which was traditionally LAN-local like local network broadcasts, DHCP requests, ARP requests etc. are sent to VPN partners whereas in routed mode this would be filtered.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:580(para)
|
|
350.
|
|
|
Prepare interface config for bridging on server
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:586(title)
|
|
351.
|
|
|
Make sure you have the bridge-utils package installed:
|
|
|
|
Asegúrese de tener instalado el paquete bridge-utils:
|
|
Translated and reviewed by
Monkey
|
|
|
|
Located in
serverguide/C/vpn.xml:588(para)
|
|
352.
|
|
|
sudo apt install bridge-utils
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:592(command) serverguide/C/network-config.xml:542(command)
|
|
353.
|
|
|
Before you setup OpenVPN in bridged mode you need to change your interface configuration. Let's assume your server has an interface eth0 connected to the internet and an interface eth1 connected to the LAN you want to bridge. Your /etc/network/interfaces would like this:
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:595(para)
|
|
354.
|
|
|
![](/@@/translation-newline)
auto eth0 ![](/@@/translation-newline)
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.248
default 1.2.3.1
![](/@@/translation-newline)
auto eth1 ![](/@@/translation-newline)
iface eth1 inet static
address 10.0.0.4
netmask 255.255.255.0
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
represents a space character.
Enter a space in the equivalent position in the translation.
|
|
|
|
![](/@@/translation-newline)
auto eth0 ![](/@@/translation-newline)
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.248
default 1.2.3.1
![](/@@/translation-newline)
auto eth1 ![](/@@/translation-newline)
iface eth1 inet static
address 10.0.0.4
netmask 255.255.255.0
|
|
Translated by
Federico Lazcano
|
|
Reviewed by
Paco Molinero
|
|
|
|
Located in
serverguide/C/vpn.xml:599(programlisting)
|
|
355.
|
|
|
This straight forward interface config needs to be changed into a bridged mode like where the config of interface eth1 moves to the new br0 interface. Plus we configure that br0 should bridge interface eth1. We also need to make sure that interface eth1 is always in promiscuous mode - this tells the interface to forward all ethernet frames to the IP stack.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/vpn.xml:612(para)
|