The basic setup
The basic setup for OpenVPN in tap mode is almost exactly the same as in the tun mode. In tap mode, we use the following line in the server configuration file:
dev tap
While in tun mode, we use the following lines:
dev tun topology subnet
The option topology subnet
is not required, but provides a network addressing scheme that is more sensible and will be the default in a future version of OpenVPN.
For the sake of completeness, we first create the server configuration file:
proto udp port 1194 dev tap server 10.222.0.0 255.255.255.0 persist-key persist-tun keepalive 10 60 remote-cert-tls client tls-auth /etc/openvpn/movpn/ta.key 0 dh /etc/openvpn/movpn/dh2048.pem ca /etc/openvpn/movpn/movpn-ca.crt cert /etc/openvpn/movpn/server.crt key /etc/openvpn/movpn/server.key user nobody group nobody verb 3 daemon log-append /var/log/openvpn.log
We will reuse this basic tap-mode server configuration file in this chapter and others. Save it as tap-udp-server.conf
so...