On Sat, Nov 24, 2012 at 01:29:20PM -0800, Marc Chamberlin wrote:
On 11/24/2012 9:48 AM, Lars Müller wrote:
On Fri, Nov 23, 2012 at 10:01:03PM -0800, Marc Chamberlin wrote:
From what I can grok about setting up and running an openvpn server, because I want to allow a Windoz client to connect to the server, I need to set up a tap and br interface and set up an ethernet bridge. I have a few questions which I don't seem to be finding answers for -
1. openvpn supplies a sample script for creating the tap and br interfaces. I know I need to modify it and run the bridge-start script before starting up the openvpn server. Also the bridge-stop script when shutting down the openvpn service. But where and how is this script incorporated into the boot up/server start up processes if I want the openvpn server to run as an automatic service? I don't see anything that references it in the /etc/openvpn/server.conf file or in the /etc/rc.d/openvpn file. That's not required.
Either use the YaST System Services (runlevel) module and enable the openvpn service or use on the command line
chkconfig -a openvpn Thanks Lars for your reply, but my confusion is growing! If the bridge-start script is no longer required to set up the tap0 interface, then how is it to done in openSuSE?
It's all handled by the network service scripts. Since a long time. That's nothing new. Please read the man page of ifcfg-bridge Nothing more is required.
And doesn't this script need to be run each time the server computer is rebootedl in order to keep the tap0 and br0 interfaces persistent across reboots?
As soon as you create a bridged device configuration and this device is in start mode STARTMODE="auto" all is done for you. This also is persistent across reboots.
And yes, I plan to enable the openvpn service in the YaST Runlevel module, but I don't fully grok how the tap0 and br0 interfaces are to be defined.....
No additional define is required.
2. Within the bridge-start script there is a parameter called eth_ip that wants to be set to some IP address. Is this the IP address of the NIC that interfaces my server to my internal LAN? I never needed to tweak with this parameter. I would start with the ifcfg-bridge(5) man page instead.
My very basic /etc/sysconfig/network/ifcfg-br0 has:
BOOTPROTO='dhcp4' BRIDGE='yes' BRIDGE_FORWARDDELAY='0' BRIDGE_PORTS='eth0' BRIDGE_STP='off' STARTMODE='onboot' NAME='Intel Ethernet controller' I think I understand that this is how to create the br0 bridge interface manually.
Either with an editor or you do it via YaST. If you go via YaST you'll see as the result a file named like /etc/sysconfig/network/ifcfg-br0 List /etc/sysconfig/network/ before and afterwards. You also might create a copy of /etc/sysconfig/network/ and later run diff -r <copy of etc/sysconfig/network> /etc/sysconfig/network/
Though I don't understand how this connects it to the tap0 interface. What is the difference between setting up the br0 interface this way and using the administration utility - brctl?
The ifcfg-br0 abstracts all the brctl details for you. If you like to know how all this is plumped together you're able to check the scripts. But that's not required. Good luck! Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany