Moxa Technologies W341 Manual De Usuario
ThinkCore W311/321/341 Linux User’s Manual
Managing Communications
4-27
OpenVPN
OpenVPN provides two types of tunnels for users to implement VPNS: Routed IP Tunnels and
Bridged Ethernet Tunnels. To begin with, check to make sure that the system has a virtual
device /dev/net/tun. If not, issue the following command:
Bridged Ethernet Tunnels. To begin with, check to make sure that the system has a virtual
device /dev/net/tun. If not, issue the following command:
# mknod /dev/net/tun c 10 200
An Ethernet bridge is used to connect different Ethernet networks together. The Ethernets are
bundled into one bigger, “logical” Ethernet. Each Ethernet corresponds to one physical interface
(or port) that is connected to the bridge.
bundled into one bigger, “logical” Ethernet. Each Ethernet corresponds to one physical interface
(or port) that is connected to the bridge.
On each OpenVPN machine, you should generate a working directory, such as /etc/openvpn,
where script files and key files reside. Once established, all operations will be performed in that
directory.
where script files and key files reside. Once established, all operations will be performed in that
directory.
Setup 1: Ethernet Bridging for Private Networks on Different Subnets
1. Set up four machines, as shown in the following diagram.
OpenVPN A
OpenVPN B
Host A
LAN1: 192.168.2.171
Host B
LAN1: 192.168.4.172
LAN1: 192.168.8.174
LAN1: 192.168.2.173
local net
local net
InternetInternet
LAN2: 192.168.4.174
LAN2: 192.168.8.173
Host A (B) represents one of the machines that belongs to OpenVPN A (B). The two remote
subnets are configured for a different range of IP addresses. When this setup is moved to a
public network, the external interfaces of the OpenVPN machines should be configured for
static IPs, or connect to another device (such as a firewall or DSL box) first.
subnets are configured for a different range of IP addresses. When this setup is moved to a
public network, the external interfaces of the OpenVPN machines should be configured for
static IPs, or connect to another device (such as a firewall or DSL box) first.
# openvpn --genkey --secret secrouter.key
Copy the file that is generated to the OpenVPN machine.
2. Generate a script file named openvpn-bridge on each OpenVPN machine. This script
reconfigures interface “eth1” as IP-less, creates logical bridge(s) and TAP interfaces, loads
modules, enables IP forwarding, etc.
modules, enables IP forwarding, etc.
#---------------------------------Start-----------------------------
#!/bin/sh
iface=eth1 # defines the internal interface
maxtap=`expr 1`
#!/bin/sh
iface=eth1 # defines the internal interface
maxtap=`expr 1`
# defines the number of tap devices. I.e., # of tunnels
IPADDR=