Ubuntu – Setting up VPN on Ubuntu VPS @ linode


I'm really struggling with this because I'm not a network admin, only a mortal programmer.

Linode gives you an external and internal IP for use with other nodes on the linode network. In my case I've configured my external interface like this:

# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0 eth0:1

# eth0 - This is the main IP address that will be used for most outbound connec$
# The address, netmask and gateway are all necessary.
iface eth0 inet static
 address 97.107.XXX.XX
 gateway 97.107.XXX.1

# eth0:1 - Private IPs have no gateway (they are not publicly routable) so all $
# specify is the address and netmask.
iface eth0:1 inet static

What's missing here before eth0:1 is the interface eth0:0 which I want to use for my VPN. Do I have to do this? Well I added this to my interfaces file between eth0 and eth0:1

iface eth0:0 inet static

So I've started installing openvpn and generated the keys. This worked, as far as I can judge. I'm having problems with the openvpn server configuration. I want to be able to access my VPS' files from home or on the go, and maybe access the internet through it (maybe at a later stage, I don't know, I'm mainly interested in having access to my VPS and its files)

Among others, I have the following in my server.conf

dev tap1

Is this correct? Or do I have to use something else there.

I added some iptables mumbo jumbo for the bridges.

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

It says tap0 here even tho everywhere else it's tap1. I'm getting these numbers from a guide (http://www.linode.com/wiki/index.php/OpenVPN). I don't know whether this is correct.

I then created a bridge-start script:

 # Set up Ethernet bridge on Linux
 # Requires: bridge-utils
 # Define Bridge Interface
 # Define list of TAP interfaces to be bridged,
 # for example tap="tap0 tap1 tap2".
 # Define physical ethernet interface to be bridged
 # with TAP interface(s) above.
 for t in $tap; do
   openvpn --mktun --dev $t

Again, I have no idea what I'm actually doing here… Since I decided to use I guess the default netmask would be I've also added a similar bridge-stop script. Anyways if I want to start my bridge-start script I'm getting:

kitsune@makemake:/etc/openvpn/# /etc/openvpn/bridge-start
Thu Jun 25 21:08:36 2009 TUN/TAP device tap1 opened
Thu Jun 25 21:08:36 2009 Persist state set to: ON
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address
SIOCSIFFLAGS: Cannot assign requested address

When I then try to start the openvpn it fails.

Can anybody make sense of this?

Best Answer

That wiki article is complete and utter balls. Don't use OpenVPN bridging unless you really, really know why you want to use it. It makes everything about 100 times harder. I'd start with the official OpenVPN HOWTO and go from there.