Proxy-arp
In
this recipe, we will use the proxy-arp feature of the Linux kernel to make the VPN clients appear as part of the server-side LAN. This eliminates the need to use bridging, which is desirable in most cases.
Getting ready
We use the following network layout:
This recipe uses the PKI files created in the first recipe of this chapter. For this recipe, we used the server computer that run CentOS 5 Linux and OpenVPN 2.1.1. The client was running Windows XP SP3 and OpenVPN 2.1.1. For the server, one should keep the configuration file basic-udp-server.conf from the recipe Server-side routing at hand. For the Windows client, keep the configuration file, basic-udp-client.ovpn, from the recipe Using an ifconfig-pool block at hand.
How to do it...
Create the server config file by adding the following lines to the
basic-udp-server.conffile:script-security 2 client-connect /etc/openvpn/cookbook/proxyarp-connect.sh client-disconnect /etc/openvpn/cookbook/proxyarp-disconnect.sh
Save it as...
