Bridged OpenVPN Server Setup

Anything not about Mac emulation.

Moderators: Cat_7, Ronald P. Regensburg

Post Reply
NucAr
Tinkerer
Posts: 69
Joined: Mon Aug 13, 2012 1:42 am

Bridged OpenVPN Server Setup

Post by NucAr »

The guide in this post is moved to the wiki:

Bridged OpenVPN Server Setup (Needed for getting AppleTalk going over wireless and over the Internet)
Last edited by Ronald P. Regensburg on Mon Apr 14, 2014 7:40 am, edited 1 time in total.
Reason: Guide moved to the wiki
User avatar
adespoton
Forum All-Star
Posts: 4208
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Bridged OpenVPN Server Setup

Post by adespoton »

This is great! Just a reminder that these instructions can be used for almost* full network domination -- you can use the OpenVPN client for all your mobile devices and other remote "internet things" to create a private, encrypted network for all VMs, emulators, desktops, laptops, phones, etc. inside and outside your local network. This means that if you connect to public wifi for example, and then tunnel to your local network, all that an outsider sees is encrypted traffic.

* Still waiting for official LTOE and TCP/IP stack replacement for Mini vMac; I hope it's coming soon :)
iDShaDoW
Space Cadet
Posts: 1
Joined: Mon Nov 09, 2015 6:45 pm

Re: Bridged OpenVPN Server Setup

Post by iDShaDoW »

Nice, had been looking around for something like this in the past.

The other ones I found didn't work and people at the OpenVPN forums didn't respond to my thread asking for help...

Do you know if this will work with Red Hat Linux? If not, happen to know where I can find a detailed guide for it?

Thanks.
NucAr
Tinkerer
Posts: 69
Joined: Mon Aug 13, 2012 1:42 am

Re: Bridged OpenVPN Server Setup

Post by NucAr »

iDShaDoW wrote:The other ones I found didn't work and people at the OpenVPN forums didn't respond to my thread asking for help...
Thanks.
Yes, and furthermore, the OpenVPN forums are unfortunately chock-full of incorrect information, especially regarding bridge mode.

Since Red Hat uses systemd, you should be able to adapt this guide to it. I recommend following it step by step as you would for Debian. If you run into something that differs, you'll have to figure out what the Red Hat equivalent is.
5aq1b
Space Cadet
Posts: 2
Joined: Sat Feb 06, 2016 3:14 pm

Re: Bridged OpenVPN Server Setup

Post by 5aq1b »

Hey,

Followed this great guide to the letter...twice! But having trouble getting the service to start.

My setup, if this makes a difference, is an ESXi 5.5 host running a couple of VMs, with the one I'm using for the OpenVPN being a Debian 'Jessie' VM. Promiscuous mode is enabled within the vSwitch that the VM is connected to.

When doing testing after the configuration, the br0 interface doesn't appear.

When doing "systemctl status openvpn@server.service" I receive

Code: Select all

● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled)
   Active: failed (Result: exit-code) since Sat 2016-02-06 15:02:50 GMT; 1min 37s ago
  Process: 550 ExecStartPre=/etc/openvpn/openvpn-bridge start (code=exited, status=203/EXEC)

Feb 06 15:02:50 debian systemd[1]: openvpn@server.service: control process exited, code=exited status=203
Feb 06 15:02:50 debian systemd[1]: Failed to start OpenVPN connection to server.
Feb 06 15:02:50 debian systemd[1]: Unit openvpn@server.service entered failed state.
Can anyone assist?
5aq1b
Space Cadet
Posts: 2
Joined: Sat Feb 06, 2016 3:14 pm

Re: Bridged OpenVPN Server Setup

Post by 5aq1b »

Update: when doing a 'service openvpn stop' then 'service openvpn start' I receive the following:

Code: Select all

● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled)
   Active: failed (Result: exit-code) since Sat 2016-02-06 15:40:43 GMT; 19s ago
  Process: 1835 ExecStartPre=/etc/openvpn/openvpn-bridge start (code=exited, status=203/EXEC)

Feb 06 15:40:43 debian systemd[1835]: Failed at step EXEC spawning /etc/openvpn/openvpn-bridge: No such file or directory
Feb 06 15:40:43 debian systemd[1]: openvpn@server.service: control process exited, code=exited status=203
Feb 06 15:40:43 debian systemd[1]: Failed to start OpenVPN connection to server.
Feb 06 15:40:43 debian systemd[1]: Unit openvpn@server.service entered failed state.
Not sure why it says 'no such file or directory' as I can confirm that the openvpn-bridge file definitely exists in that location.
NucAr
Tinkerer
Posts: 69
Joined: Mon Aug 13, 2012 1:42 am

Re: Bridged OpenVPN Server Setup

Post by NucAr »

The only thing I can suggest, other than the obvious checking for spelling errors, is to check the permissions of the openvpn-bridge script. But you should get "Permission denied" if the script was not executable (if you missed the "chmod" step of the setup instructions), not "No such file or directory." I think you just have to retrace your steps carefully. Be sure to do everything as root.
User avatar
adespoton
Forum All-Star
Posts: 4208
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Bridged OpenVPN Server Setup

Post by adespoton »

Is it a process ACL issue as managed by systemd?
User avatar
mabam
Master Emulator
Posts: 497
Joined: Wed Apr 10, 2013 9:32 am

Re: Bridged OpenVPN Server Setup

Post by mabam »

I would like to set up this OpenVPN server on a NAS drive. Is there anyone who could give me an advice on how to do that? I just need a simple single drive NAS for private use with Ubuntu or Debian as OS so I can set up the OpenVPN server without the use of a VM.

Or would this work with OMV? It is built around Debian Linux Jessie, as mentioned in the setup guide? I don't necessarily need wireless AFP (but would be nice to have).
User avatar
adespoton
Forum All-Star
Posts: 4208
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Bridged OpenVPN Server Setup

Post by adespoton »

I don't see why it wouldn't work -- worth a try.
User avatar
mabam
Master Emulator
Posts: 497
Joined: Wed Apr 10, 2013 9:32 am

Re: Bridged OpenVPN Server Setup

Post by mabam »

I just realised I have misunderstood things. I don't need the OpenVPN server.
I'm trying OMV and go on in my original thread.
coops82517
Space Cadet
Posts: 1
Joined: Sun Feb 05, 2017 1:01 am

Re: Bridged OpenVPN Server Setup

Post by coops82517 »

hi folks i was wondering if anyone could help please
am trying set this up on a raspberry pi 2 using raspbian

when i do 'service openvpn start' and watch ifconfig the br0 gets the ip address for a few seconds then tap0 gets the ip address.
i think i have narrowed this down to the server.conf setting the ip address of tap0

i stopped the openvpn service then ran the bridge script manually which created the tap0 device and the bridge, setting the ip address on the bridge as it should
i than start openvpn --confg /etc/openvpn/server.conf and the ip address is then assigned to tap0
does anyone know whats going on,
i can provide the config files if need

thanks for any help
NucAr
Tinkerer
Posts: 69
Joined: Mon Aug 13, 2012 1:42 am

Re: Bridged OpenVPN Server Setup

Post by NucAr »

The problem could be in the openvpn-bridge script, which is the script that deals with the IP addresses.
readysetawesome
Space Cadet
Posts: 1
Joined: Mon May 10, 2021 2:45 pm

Re: Bridged OpenVPN Server Setup

Post by readysetawesome »

Can you update the guide with a large warning about how this setup DOES NOT WORK for iPhone which can't (and will probably never) support Tap interfaces.


Save then next guy like me approximately 4 hours. please!
User avatar
adespoton
Forum All-Star
Posts: 4208
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Bridged OpenVPN Server Setup

Post by adespoton »

readysetawesome wrote: Mon May 10, 2021 2:47 pm Can you update the guide with a large warning about how this setup DOES NOT WORK for iPhone which can't (and will probably never) support Tap interfaces.


Save then next guy like me approximately 4 hours. please!
I'm a bit confused here. None of the emulators are available in the App store. This means you have to have either side loaded the emulators or jailbroken your phone. If you've jailbroken, you can install the Tap interfaces, can't you? So the only issue is when you've side loaded an emulator but can't side load the Tap interface.

However, having said all that, there's another issue on iOS/iPadOS/TVOS devices, which is that the module will get unloaded in the background, making using Tap instead of SLIP a bad idea in the first place, as you'll find your bridge keeps dropping and needs manual setup.

So just adding a "this setup does not work in iOS" to the guide isn't very useful, as the use case is minimal and the statement isn't really accurate if you've already gone through the work of jailbreaking the phone.

Oh, and there's one other bit: the bridging for LocalTalk so far requires a physical ethernet connection... which means any device using WiFi (including iOS devices) won't be able to use the bridged network for anything useful. And that's already in the document. Maybe that's the place to note that iOS devices don't have a physical Ethernet port?
henrykburzan
Space Cadet
Posts: 1
Joined: Sun Jul 25, 2021 1:56 pm

Re: Bridged OpenVPN Server Setup

Post by henrykburzan »

I wonder what effect forwarding port 443 will have on https browsing traffic. Will it be passed through VPN server on client and/or server side?

To be specific I'd like to connect to my local PC through remote desktop protocol from university (which blocks every possible port except 80 and 443 AFAIK) without passing all https traffic through my home network. Optimally I'd also like to avoid passing traffic from my local (server side) devices through VPN server to reduce latency.

I plan to use Raspberry Pi 4 for the server if that matters.
NucAr
Tinkerer
Posts: 69
Joined: Mon Aug 13, 2012 1:42 am

Re: Bridged OpenVPN Server Setup

Post by NucAr »

I think there's some confusion about ports vs. addresses. Only traffic addressed to your server will go to your server. So unless your server hosts a website that someone's trying to browse, HTTPS browsing traffic elsewhere on your network won't be going to your server. The fact that you have a port forwarded to your server doesn't affect how other machines on the network use that port to reach the Internet.

The server setup described in the guide does not forward all client traffic through the server. That requires using the "redirect-gateway" option.
Post Reply