I've got a server (OS Ubuntu Server) with 2 interfaces: eth0 & eth1:
- eth0 is connected to another server (Server2), which is available through the PPPoE connection.
- eth1 is connected to the Internet.
I need a layer 2 virtual OpenVPN switch between tap0 and eth0 to make it possible to connect via OpenVPN from remote places to Server2 by PPPoE. Draft scheme:
Remote <=============== PPPoE ==============> Server2
| eth1 <=> OpenVPN switch <=> eth0 |
My current server.conf:
mode server
port 51177
proto udp6
dev tap
user nobody
group nogroup
persist-key
persist-tun
txqueuelen 250
keepalive 300 900
topology subnet
server-bridge
tun-ipv6
push tun-ipv6
script-security 2
up up.sh #Just logs when is up
down down.sh #Just logs when is down
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_cert.crt
key server_key.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
My current client.ovpn:
client
proto udp
explicit-exit-notify
remote [IPv6] 1194
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_pppoe name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>
Server ip a contents:
root@pppoe:/etc/openvpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether fa:96:e6:e9:c9:8b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether fa:96:98:06:0c:79 brd ff:ff:ff:ff:ff:ff
inet6 2a00:a:b:c::/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f896:98ff:fe06:c79/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:0b:16:93:bb:f0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f896:e6ff:fee9:c98b/64 scope link
valid_lft forever preferred_lft forever
17: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 250
link/ether ea:0b:16:93:bb:f0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::e80b:16ff:fe93:bbf0/64 scope link
valid_lft forever preferred_lft forever
