Simple configuration - non-bridged
This recipe will demonstrate how to set up a TAP-based connection in client or server mode using certificates. It also uses masquerading to allow the OpenVPN clients to reach all the machines behind the OpenVPN server. The advantage of masquerading is that with it, no special routes are needed on the server LAN. Masquerading for OpenVPN servers is available only on the Linux and UNIX variants. This recipe is similar to the Server-side routing recipe from the previous chapter.
Getting ready
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, both the server computer and the client computer were running CentOS 6 Linux and OpenVPN 2.3.10.
We use the following network layout:
How to do it...
- Create the server configuration file:
tls-server proto udp port 1194 ...