OpenVPN:创建第 2 层交换机

tag-icon tag-icon vpn openvpn pppoe
OpenVPN:创建第 2 层交换机

我有一台带有 2 个接口的服务器(OS Ubuntu Server):eth0&eth1

  • eth0已连接到另一台服务器(服务器2) 可通过 PPPoE 连接使用。
  • eth1已连接至互联网。

我需要一个第 2 层虚拟 OpenVPN 交换机tap0eth0使远程地点能够通过 OpenVPN 连接到服务器2通过 PPPoE。方案草案:

Remote <=============== PPPoE ==============> Server2
        | eth1 <=> OpenVPN switch <=> eth0 |

我当前的server.conf:

mode server

port 51177
proto udp6
dev tap
user nobody
group nogroup
persist-key
persist-tun
txqueuelen 250
keepalive 300 900
topology subnet
server-bridge
tun-ipv6
push tun-ipv6

script-security 2
up up.sh #Just logs when is up
down down.sh #Just logs when is down

dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_cert.crt
key server_key.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

我当前的客户端.ovpn:

client
proto udp
explicit-exit-notify

remote [IPv6] 1194

dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_pppoe name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>

服务器ip a内容:

root@pppoe:/etc/openvpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether fa:96:e6:e9:c9:8b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether fa:96:98:06:0c:79 brd ff:ff:ff:ff:ff:ff
    inet6 2a00:a:b:c::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::f896:98ff:fe06:c79/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ea:0b:16:93:bb:f0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f896:e6ff:fee9:c98b/64 scope link
       valid_lft forever preferred_lft forever
17: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 250
    link/ether ea:0b:16:93:bb:f0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e80b:16ff:fe93:bbf0/64 scope link
       valid_lft forever preferred_lft forever

相关内容