[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Bridge LAN Setup?

  • Subject: Re: [Openvpn-users] Bridge LAN Setup?
  • From: "bronson mathews" <gibbz1@xxxxxxxxxxx>
  • Date: Sun, 05 Dec 2004 08:30:59 +1030

ok so is this correct to disable encryption?

#local ip
lport 5000

#server shiz
dev tap
mode server
ca sample-keys/tmp-ca.crt
cert sample-keys/server.crt
dh sample-keys/dh1024.pem
key sample-keys/key.key

#disable encryption
cipher none
auth none

#vpn ip ifconfig ifconfig-noexec ifconfig-pool

#client shiz

#push to clients
;push "route"
push "ping 10"
push "ping-restart 120"

#local keep alive
ping 10
ping-restart 120
verb 4

From: James Yonan <jim@xxxxxxxxx>
To: bronson mathews <gibbz1@xxxxxxxxxxx>
CC: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Bridge LAN Setup?
Date: Sat, 4 Dec 2004 12:54:48 -0700 (MST)

On Sat, 4 Dec 2004, bronson mathews wrote:

> ok im not really understanding the config files that much i could use some
> help.
> I have both ends bridged, so we want to be able to ping each others local
> ip's(for games)
> Note : for some reason the mailing list isnt emailing me the emails so if
> you could also forward the emails to gibbz1@xxxxxxxxxxx for me thanks.
> Ive got 2 lans, at
> -my end(server) local ip of the bridge is
> -vpn ip (should the vpn even have an ip when bridged?)
> -client end local ip of bridge is
> -vpn ip
> Now ive followed the guide here...
> http://www.pavelec.net/adam/openvpn/bridge/
> ive modified the scripts but hving no luck with them....
> Also we have no need for this encryption as its for gamming, is it possible
> to get just a key and none of the other stuff, but still have master with
> multiple clients?

You can use:

  cipher none
  auth none

in the config file to disable tunnel security.  This works even in
client/server mode -- make sure to add this to both the server config and
all client configs.

If I were you, I think a better choice for gaming if you think the
standard OpenVPN security is more than you need, would be to keep HMAC
authentication turned on and just dispose of the encryption.  That's a
good choice when you don't care about eavesdropping, but you want to
secure against active attacks, i.e. someone maliciously creating packets
which masquerade as OpenVPN packets in order to slip past your firewall.
For that, you just need to add "cipher none".

That will cause all packets to be cryptographically signed, so they can be
verified as legitimate, but the tunnel data will still be sent as
cleartext, i.e. not encrypted.


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users