beautypg.com

Moxa Technologies UC-7420/7410 User Manual

Page 73

background image

UC-7420/7410 User’s Manual

Managing Communication

4-21

4. Create a configuration file named A-tap0-br.conf and an executable script file named

A-tap0-br.sh on OpenVPN A.

# point to the peer
remote 192.168.8.174
dev tap0
secret /etc/openvpn/secrouter.key
cipher DES-EDE3-CBC
auth MD5
tun-mtu 1500
tun-mtu-extra 64
ping 40
up /etc/openvpn/A-tap0-br.sh

#----------------------------------Start------------------------------
#!/bin/sh
# value after “-net” is the subnet behind the remote peer
route add -net 192.168.4.0 netmask 255.255.255.0 dev br0
#---------------------------------- end ------------------------------

Create a configuration file named B-tap0-br.conf and an executable script file named
B-tap0-br.sh on OpenVPN B.

# point to the peer
remote 192.168.8.173
dev tap0
secret /etc/openvpn/secrouter.key
cipher DES-EDE3-CBC
auth MD5
tun-mtu 1500
tun-mtu-extra 64
ping 40
up /etc/openvpn/B-tap0-br.sh

#---------------------------------- Start----------------------------
#!/bin/sh
# value after “-net” is the subnet behind the remote peer
route add -net 192.168.2.0 netmask 255.255.255.0 dev br0
#---------------------------------- end -----------------------------

Note: Select cipher and authentication algorithms by specifying “cipher” and “auth”. To see
with algorithms are available, type:

# openvpn --show-ciphers
# openvpn --show--auths

5. Start both of OpenVPN peers,

# openvpn --config A-tap0-br.conf&
# openvpn --config B-tap0-br.conf&

If you see the line “Peer Connection Initiated with 192.168.8.173:5000” on each machine, the
connection between OpenVPN machines has been established successfully on UDP port 5000.

6. On each OpenVPN machine, check the routing table by typing the command:

# route

Destination Gateway

Genmsk

Flags Metric

Ref Use Iface

192.168.4.0 * 255.255.255.0

U 0 0 0 br0

192.168.2.0 * 255.255.255.0

U 0 0 0 br0

192.168.8.0 * 255.255.255.0

U 0 0 0 ixp0


Interface ixp1 is connected to the bridging interface br0, to which device tap0 also connects,
whereas the virtual device tun sits on top of tap0. This ensures that all traffic from internal
networks connected to interface ixp1 that come to this bridge write to the TAP/TUN device
that the OpenVPN program monitors. Once the OpenVPN program detects traffic on the