That I can help with.
Do you want an Ethernet device that you can slave to a software bridge such as the one provided by the following?
$ sudo brctl addbr br0
http://openvpn.net/bridge.html
Do note that Ethernet wants a low latency, high reliability L2 for arp, dhcp, rip and other broadcast protocols. Probably not the best decision for a low bitrate wireless network. Broadcast traffic will eat up all of your available capacity if you let it.
The other option is point-to-point or point-to-multipoint tunnels using the tun driver. I assume that you want to maintain your own x.509 certification authority as per 19.34 RCW for those of you in WA.us. I recommend using gnomint on debuntu and active directory on windows. I don't know what you'd use on a mac, but there's probably something.
Generate a root CA for your gateway's servers and clients.
Generate two sub CAs. One for your clients. One for your servers. Be sure to set the server x.509 options appropriately so that certs issued by it end up having the "I am the server side" bit turned on for security. Take the public sides of all three of these CAs (as PEM exports) and cat them all in to a file called ca.pem.
Use the server CA to generate a public and private key pair for this server.
here's an example of what gnomint might look like after you've done the above:
http://phx0.colliertech.org/~cjac/44net/gnomint0.png
Take both the public and private sides of the server cert and drop them in /etc/openvpn/
Here's an example of what the server side might look like: http://phx0.colliertech.org/~cjac/openvpn_server-example.tgz
Now do the same thing for your client side.
Here's an example of what your client side might look like: http://phx0.colliertech.org/~cjac/openvpn_client-example.tgz
The state gave me a license to do this for someone else: http://phx0.colliertech.org/~cjac/Operative_Personnel_Certification_2010_p2....
So if you've got a license to operate a certification authority in the state of Washington and are looking for to flesh out your ranks of operative personnel, do let me know. I should really try to make this thing pay for itself one of these days.
Cheers and 73 and all that,
C.J.
On Apr 16, 2013 10:38 PM, kb9mwr@gmail.com wrote: (Please trim inclusions from previous messages) _______________________________________________ I am running a gateway using rip, etc. I really only have wifi radio range to a couple other hosts. And that is working well.
We have a couple other small wireless networks in town that I can't reach by radio. They could be connected to the internet but unfortunately would be behind firewalls that we cannot control.
So till we get things realigned and such, I am looking for examples on how to create a private tunnel from my gateway to those locations.
It doesn't really make sense to put another gateway in the portal, as I doubt the rip packets will pass though.
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html