vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

OPENVPN: T6555: add documentation bridge feature

Browse Source
This commit is contained in:
fett0 2024-08-09 18:30:42 -03:00
parent 8748df5c77
commit 71050ef7f3
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
docs/configuration/interfaces/openvpn.rst
View File

@ -660,6 +660,51 @@ config file. The path and arguments need to be single- or double-quoted.
quotes. This is done through a hack on our config generator. You can pass quotes. This is done through a hack on our config generator. You can pass
quotes using the ``"`` statement. quotes using the ``"`` statement.
Server bridge
=============
In Ethernet bridging configurations, OpenVPN's server mode can be set as a
'bridge' where the VPN tunnel encapsulates entire Ethernet frames
(up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup
allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below,
we outline a basic configuration to achieve this:
Server Side:
.. code-block:: none
set interfaces bridge br10 member interface eth1.10
set interfaces bridge br10 member interface vtun10
set interfaces openvpn vtun10 device-type 'tap'
set interfaces openvpn vtun10 encryption data-ciphers 'aes192'
set interfaces openvpn vtun10 hash 'sha256''
set interfaces openvpn vtun10 local-host '172.18.201.10'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 server bridge gateway '10.10.0.1'
set interfaces openvpn vtun10 server bridge start '10.10.0.100'
set interfaces openvpn vtun10 server bridge stop '10.10.0.200'
set interfaces openvpn vtun10 server bridge subnet-mask '255.255.255.0'
set interfaces openvpn vtun10 server topology 'subnet'
set interfaces openvpn vtun10 tls ca-certificate 'ca-1'
set interfaces openvpn vtun10 tls certificate 'srv-1'
set interfaces openvpn vtun10 tls dh-params 'srv-1'
Client Side :
.. code-block:: none
set interfaces openvpn vtun10 device-type 'tap'
set interfaces openvpn vtun10 encryption data-ciphers 'aes192'
set interfaces openvpn vtun10 hash 'sha256''
set interfaces openvpn vtun10 mode 'client'
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 remote-host '172.18.201.10'
set interfaces openvpn vtun10 remote-port '1194'
set interfaces openvpn vtun10 tls ca-certificate 'ca-1'
set interfaces openvpn vtun10 tls certificate 'client-1'
*************************** ***************************
Multi-factor Authentication Multi-factor Authentication
*************************** ***************************