[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] mixed tun-tap setup

  • Subject: Re: [Openvpn-users] mixed tun-tap setup
  • From: sadfub@xxxxxxx
  • Date: Wed, 12 Dec 2007 09:42:37 +0100

Josh Cepek schrieb:
> sadfub@xxxxxxx wrote:
>> Hello everyone,
>> actually I've here a multiple client tun-server running, but I need a
>> client with a tap device. (I'll use this in a VMware instance with
>> bridging, and tun doesn't work) Since each connection has to have
>> identically tun xor tap interfaces my server.conf has a "dev tun" line
>> in its configuration file. Hence I feel impossible to make a tap-client.
> I don't know if this is a limitation of your VM guest, but I've used tun
> devices in OpenVPN  (both as a Linux and Windows guest using VMware's
> bridging configuration for the client adapter.)

no, my vmware-config.pl script complains that it cannot bridge vmnet2 to
the tun0 interface on my vmware-server. At this point no guest operating
system is involved. The guests shouldn't see that their eth0 interface
is  bridged to a openvpn tunnel.

My setup was: tun0 on vmware-server, where some vmware-instances should
be able to bridge via vmware-network vmnetXY to this tunnel. And the
briding from tun0 <-> vmnetXY let's say vmnet2, failed. I used
vmware-server 1.0.1, and I thought, that tun0 might not be capable of

> As a small side note, different distributions may have slightly
> different initscripts, so consult any documentation that's in your
> file.  I don't recognize that snipit of code from the official OpenVPN
> initscript (which only works on Redhat or similar init systems) which is
> why I bring this up.

yes you are right, I use ubuntu, thanks for the advice.

>> My question, is there a small guide somewhere that I could read? Is it
>> possible to use the certificates I already using for the tun-openvpn
>> network, since the new instance would need a sever certificate, or am I
>> wrong?
> You can use the same set of certificates on both servers, but just
> remember that this means a client with a valid certificate could choose
> to connect to either server, so be mindful of your security needs.  If
> that poses a problem you might want to either use a verify script to
> only allow specific clients or consider a separate set of certificates
> for each instance.

Ooops, yes indeed, so I will create a new set of certificates, thank you!

Openvpn-users mailing list