Configuring an openvpn bridge on CentOS

First, edit /etc/sysconfig/network-scripts/ifcfg-eth0
Remove, or comment the interfaces ip configuration and add it to the bridge:
DEVICE=eth0
#BOOTPROTO=static
HWADDR=70:72:BC:A3:21:51
ONBOOT=yes
#IPADDR=192.168.1.192
#NETMASK=255.255.255.0
#NETWORK=192.168.1.0
BRIDGE=br0
Edit /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
TYPE=Bridge
IPADDR=192.168.1.192
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
#The follwing is of course optional
IPV6INIT=yes

restart network and check that the i/f is ok:
ifconfig br0


You have to create 2 custom scripts in order to add the tap interface in the bridge everytime your openvpn server is started and add the 2 follwing lines on your openvpn config:
up "/etc/openvpn/bridge-start.sh"
down-pre "/etc/openvpn/bridge-stop.sh"


bridge-start.sh
#!/bin/sh
/usr/sbin/brctl addif br0 $1
/sbin/ifconfig $1 up


bridge-stop.sh
/sbin/ifconfig $1 down
/usr/sbin/brctl delif br0 $


After your openvpn server is started, you may check that the interface is addes to the bridge:
brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.7072bca32151       no              tap0
                                                                       eth0


Σχόλια

Δημοσίευση σχολίου

Δημοφιλείς αναρτήσεις από αυτό το ιστολόγιο

Get Telegram notifications for APC UPS using SNMP traps in Linux

In this post I am going to explain how I used SNMP traps on a Linux Debian system in order to get some telegram notifications. I used them in order to be informed in case our company UPS systems runs on battery. First of all, you have to setup and test a Telegram Notification script. I used the one here: https://github.com/samsulmaarif/telegram-notify , it is very easy to install and use. The binary is installed in: /usr/local/bin/telegram-notify We assume that you already have a telegram bot running. The two things you 've got to find are your bot api-key and chat id or Channel id. In case you are not yet using a telegram bot, there are plenty of guides showing how to setup one and how to get your user-id. In order to get SNMP traps from your UPS Network management card, you should first enable them in the "Notifications". Just enter your Linux hostname as a trap receiver. First install snmpd and snmptrapd sudo apt install snmpd snmptrapd Edit your config files: The o...
Διαβάστε περισσότερα

OpenVPN + LDAP + OTP MFA

In the following post I will describe how to configure your existing OpenVPN server to support OTP MFA along with LDAP authentication. I already had a working OpenVPN + Radius authentication with Active Directory on a Debian Server, but in order to add OTP as MFA, I had to switch to LDAP authentication. Packages installed: sudo apt install libpam-ldapd oathtool libpam-oath qrencode pamtester After installing libpam-ldapd , you are asked to Configure nslcd and nssswitch . You may enter some default config and edit this later. The most importand config file is /etc/nslcd.conf , and after each edit remember to restart nslcd service!   sudo service nslcd restart /etc/nslcd.conf uri ldap://ldap.local # The search base that will be used for all queries. base dc=domain,dc=com binddn cn=user,ou=hosted,dc=domain,dc=com bindpw pass tls_reqcert never tls_cacertfile /etc/ssl/certs/ca-certificates.crt # Mappings for Active Directory pagesize 1000 referrals off idle_timelimit 800 filter passwd ...
Διαβάστε περισσότερα

Using IFTTT recipe to run a shell script

Requirements: -an IFTTT account -a Dropbpx account linked to your IFTTT account -a server running linux (mine runs Debian linux). - incrontab package, available on most linux distros. First of all, install Dropbox on your linux box. You may find instructions here: https://www.dropbox.com/install?os=lnx Run Dropbox and create a folder named IFTTT on your home Dropbox folder. mkdir ~/Dropbox/IFTTT Then, you have to create your IFTTT recipe at ifttt.com. You may use whatever "this" statement you wish. On "that" statement you chose Dropbox, and create a file. Give a name to your file, for my example I use "runme". In the content you may put whatever you want. In Dropbox folder path you use IFTTT. Create your script file on your home folder named "script.sh" and make it executable: chmod  +x script.sh. Make sure your script executes properly: ./script.sh Add the user that has both rights to run the script and to write into the Drop...
Διαβάστε περισσότερα