Documentation< Previous | Contents | Next >
1.6.2.1. Prepare interface config for bridging on server
First, use netplan to configure a bridge device using the desired ethernet device.
$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2 renderer: networkd ethernets:
enp0s31f6:
dhcp4: no
bridges:
br0:
interfaces: [enp0s31f6] dhcp4: no
addresses: [10.0.1.100/24] gateway4: 10.0.1.1 nameservers:
addresses: [10.0.1.1]
Static IP addressing is highly suggested. DHCP addressing can also work, but you will still have to encode a static address in the OpenVPN configuration file.
The next step on the server is to configure the ethernet device for promiscuous mode on boot. To do this, ensure the networkd-dispatcher package is installed and create the following configuration script.
sudo apt update
sudo apt install networkd-dispatcher
sudo touch /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge sudo chmod +x /usr/lib/networkd-dispatcher/dormant.d/promisc_bridge
1 http://openvpn.net/index.php/open-source/documentation/howto.html#security
Then add the following contents.
#!/bin/sh set -e
if [ "$IFACE" = br0 ]; then
# no networkd-dispatcher event for 'carrier' on the physical interface ip link set eth0 up promisc on
fi