Simple configuration—non-bridged
This recipe will demonstrate how to set up a TAP-based connection in client or server mode using certificates. It also uses masquerading to allow the OpenVPN clients to reach all the machines behind the OpenVPN server. The advantage of masquerading is that no special routes are needed on the server LAN. Masquerading for OpenVPN servers is available only on the Linux and UNIX variants. This recipe is similar to the recipe Server-side routing from the previous chapter.
Getting ready
We use the following network layout:
Set up the client and server certificates using the first recipe from Chapter 2,Client-server IP-only Networks. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The first client was running Fedora 12 Linux and OpenVPN 2.1.1.
How to do it...
Create the server configuration file:
tls-server proto udp port 1194 dev tap server 192.168.99.0 255.255.255.0 ca /etc/openvpn/cookbook/ca.crt cert /etc/openvpn/cookbook...
