{"id":5529,"date":"2022-10-26T17:30:27","date_gmt":"2022-10-26T08:30:27","guid":{"rendered":"\/blog\/?p=5529"},"modified":"2023-09-21T09:26:23","modified_gmt":"2023-09-21T00:26:23","slug":"udp-%ea%b2%8c%ec%9e%84-%ed%94%8c%eb%a0%88%ec%9d%b4%eb%a5%bc-%ec%9c%84%ed%95%9c-openvpn-%ec%84%a4%ec%a0%95","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=5529","title":{"rendered":"OpenVPN Bridge \uc124\uc815"},"content":{"rendered":"\n
\u25a0\uad6c\uc131\ub3c4\n+-------------------+\n|                   |\n| Firewall          |\n|                   |\n| eth0:10.10.10.254 |\n| eth1:192.168.64.1 |\n|                   |\n+--------+----------+\n         |\n         v\n+-------------------+\n|                   |\n| OpenVPN Server    |\n|                   |\n|br0:192.168.64.254 |\n|eth0:10.10.10.122  |\n|                   |\n+---+---------------+\n    |          ^\n    v          |\n+--------------+----+\n|                   |\n| OpenVPN Client    |\n| (Game PC)         |\n| 192.168.64.xx     |\n|                   |\n+-------------------+\n\n\uc704 \ud658\uacbd\uc5d0\uc11c OpenVPN\uc744 Bridge\ub85c \uad6c\uc131\ud558\uc5ec \uac8c\uc784\uc758 UDP \ube0c\ub85c\ub4dc\uce90\uc2a4\ud305\uc774 VPN\uc744 \ud1b5\ud574 \uc804\ub2ec\ub418\ub3c4\ub85d \uc14b\ud305\ud55c\ub2e4.\nVPN\uc5d0 \uc5f0\uacb0\ub41c \ud074\ub77c\uc774\uc5b8\ud2b8\ub294 192.168.64.x \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c \ud658\uacbd\uacfc \ub3d9\uc77c\ud558\uac8c \ub3d9\uc791\ud55c\ub2e4.\n\n\uc801\uc6a9\uc744 \uc704\ud574\uc11c\ub294 OpenVPN\uc744 \uc544\ub798 openvpn-bridge.sh\ub97c \ud1b5\ud574 \uc2e4\ud589\/\uc911\uc9c0 \uc2dc\ud0a8\ub2e4.<\/pre>\n\n\n\n
\n\n\n\n
openvpn-bridge.sh<\/p>\n\n\n\n
#!\/bin\/bash\n############################################################\n#\n# OpenVPN Bridge \uc124\uc815 \uc2a4\ud06c\ub9bd\ud2b8\n# OpenVPN \uc11c\ube44\uc2a4 \uc2e4\ud589\uc804\uc5d0 \uc2e4\ud589\ub418\uc5b4\uc57c \ud55c\ub2e4.\n#\n############################################################\n\n# Define Bridge Interface\nBRIDGE_IF=\"br0\"\n\n# Define list of TAP interfaces to be bridged,\n# for example TAP_IF=\"TAP_IF0 TAP_IF1 TAP_IF2\".\nTAP_IF=\"tap0\"\n\n# Define physical ethernet interface to be bridged\n# with TAP interface(s) above.\nETH_IF=\"eth0\"\nETH_IP_NETMASK=\"192.168.64.254\/24\"\nETH_BROADCAST=\"192.168.64.255\"\nETH_GATEWAY=\"192.168.64.1\"\nETH_MACADDR=\"aa:c4:1c:7b:86:48\"\n\ncase \"$1\" in\nstart)\n    systemctl stop openvpn\n    for TMPVAL in ${TAP_IF}; do\n        openvpn --mktun --dev ${TMPVAL}\n    done\n\n    brctl addbr ${BRIDGE_IF}\n    brctl addif ${BRIDGE_IF} ${ETH_IF}\n\n    for TMPVAL in ${TAP_IF}; do\n        brctl addif ${BRIDGE_IF} ${TMPVAL}\n    done\n\n    for TMPVAL in ${TAP_IF}; do\n        ip addr flush dev ${TMPVAL}\n        ip link set ${TMPVAL} promisc on up\n    done\n\n    ip addr flush dev ${ETH_IF}\n    ip link set ${ETH_IF} promisc on up\n\n    ip addr add ${ETH_IP_NETMASK} broadcast ${ETH_BROADCAST} dev ${BRIDGE_IF}\n    ip link set ${BRIDGE_IF} address ${ETH_MACADDR}\n    ip link set ${BRIDGE_IF} up\n\n    ip route add default via ${ETH_GATEWAY}\n    systemctl start openvpn\n    ;;\nstop)\n    systemctl stop openvpn\n    ip link set ${BRIDGE_IF} down\n    brctl delbr ${BRIDGE_IF}\n\n    for TMPVAL in ${TAP_IF}; do\n        openvpn --rmtun --dev ${TMPVAL}\n    done\n\n    ip link set ${ETH_IF} promisc off up\n    ip addr add ${ETH_IP_NETMASK} broadcast ${ETH_BROADCAST} dev ${ETH_IF}\n\n    ip route add default via ${ETH_GATEWAY}\n    ;;\n*)\n    echo \"Usage: openvpn-bridge.sh {start|stop}\"\n    exit 1\n    ;;\nesac\nexit 0<\/pre>\n\n\n\n
\n\n\n\n
\/etc\/openvpn\/server.conf<\/p>\n\n\n\n
# OpenVPN Port, Protocol and the tun\nport 1194\nproto udp\n\n# ** \uc774 \ubd80\ubd84 \ubcc0\uacbd\ud574\uc57c \ud568 !!\n# Bridge\ub294 \ubc18\ub4dc\uc2dc tap\uc778\ud130\ud398\uc774\uc2a4\ub85c \uc124\uc815\ud55c\ub2e4.\ndev tap0\n\n# OpenVPN Server Certificate - CA, server key and certificate\nca \/etc\/openvpn\/server\/ca.crt\ncert \/etc\/openvpn\/server\/local.esvali.com-openvpn-server.crt\nkey \/etc\/openvpn\/server\/local.esvali.com-openvpn-server.key\n\n#DH and CRL key\ndh \/etc\/openvpn\/server\/dh.pem\ncrl-verify \/etc\/openvpn\/server\/crl.pem\n\n# ** \uc774 \ubd80\ubd84 \ubcc0\uacbd\ud574\uc57c \ud568 !!\n# \uae30\uc874 server \ub300\uc2e0 \uc544\ub798 server-bridge\ub97c \uc0ac\uc6a9\ud55c\ub2e4.\n# \uc5f0\uacb0\ub41c \ud074\ub77c\uc774\uc5b8\ud2b8\ub4e4\uc758 Gateway\ub97c 192.168.64.1\ub85c \ud558\uace0\n# \ud074\ub77c\uc774\uc5b8\ud2b8\ub4e4\uc740192.168.64.100~200\uae4c\uc9c0\uc758 IP\uc8fc\uc18c\ub97c \ud560\ub2f9\ud55c\ub2e4.\nserver-bridge 192.168.64.1 255.255.255.0 192.168.64.100 192.168.64.200\n\n# \ubaa8\ub4e0 \ud2b8\ub798\ud53d\uc744 OpenVPN\uc744 \ud1b5\ud558\uac8c \ud55c\ub2e4.\npush \"redirect-gateway def1 bypass-dhcp\"\n\n# Using the DNS from https:\/\/dns.watch\npush \"dhcp-option DNS 8.8.8.8\"\npush \"dhcp-option DNS 8.8.4.4\"\nclient-to-client\ntopology subnet\nmode server\ncipher AES-256-CBC\n\n#Enable multiple client to connect with same Certificate key\n#duplicate-cn\n\n# TLS Security\ntls-server\ntls-version-min 1.2\ntls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256\nauth SHA512\nauth-nocache\n\n# Other Configuration\nkeepalive 10 60\npersist-key\npersist-tun\ncompress lz4\ndaemon\n\n# \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c \uc911\ubcf5\ub41c IP\ub97c \ud560\ub2f9\ud558\uc9c0 \uc54a\ub294\ub2e4.\nduplicate-cn\n\nuser nobody\ngroup nogroup\n\n# OpenVPN Log\nlog \/var\/log\/openvpn.log\nstatus \/var\/log\/openvpn-status.log\nverb 3<\/pre>\n\n\n\n
\n\n\n\n
client.ovpn<\/p>\n\n\n\n
client\n\n# ** \uc774 \ubd80\ubd84 \ubcc0\uacbd\ud574\uc57c \ud568 !!\n# Bridge\ub294 \ubc18\ub4dc\uc2dc tap\uc778\ud130\ud398\uc774\uc2a4\ub85c \uc124\uc815\ud55c\ub2e4.\ndev tap\n\nproto udp\nremote vpn.test.com 1194\nca ca.crt\ncert client.crt\nkey client.key\ncipher AES-256-CBC\ndata-ciphers AES-256-CBC\nauth SHA512\nauth-nocache\nremote-cert-tls server\ntls-version-min 1.2\ntls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256\nresolv-retry infinite\ncompress lz4\nnobind\npersist-key\npersist-tun\nmute-replay-warnings\nverb 3\n<ca>\n-----BEGIN CERTIFICATE-----\n......<\/pre>\n","protected":false},"excerpt":{"rendered":"
openvpn-bridge.sh \/etc\/openvpn\/server.conf client.ovpn<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[39,11,12],"tags":[],"class_list":["post-5529","post","type-post","status-publish","format-standard","hentry","category-os_linux_unix_macos","category-computing_network","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5529"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5529\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}