That I can help with.

Do you want an Ethernet device that you can slave to a software bridge such as the one provided by the following?

$ sudo brctl addbr br0

http://openvpn.net/bridge.html

Do note that Ethernet wants a low latency, high reliability L2 for arp and dhcp and other broadcast protocols.  Probably not the best decision.

The other option is point-to-point or -multipoint tunnels using the tun driver.  I assume that you want to maintain your own x.509 certification authority as per 19.34 RCW for those of you in WA.us.  I recommend using gnomint on debuntu and active directory on windows.  I don't know what you'd use on s mac, but there's probably something.

Generate a root CA for your gateway's servers and clients.

Generate two sub CAs.  One for your clients.  One for your servers.  Be sure to set the server x.509 options appropriately.

Use the server CA to generate a public and private key pair for this server.  Take the public sides of all of these CAs and cat them all in to ca.pem.  Take both the public and private sides of the server cert and drop them in /etc/openvpn/

I'm going to pick this up on my real computer.

On Apr 16, 2013 10:38 PM, <kb9mwr@gmail.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
I am running a gateway using rip, etc.  I really only have wifi radio range to a couple other hosts.  And that is working well.

We have a couple other small wireless networks in town that I can't reach by radio.  They could be connected to the internet but unfortunately would be behind firewalls that we cannot control.

So till we get things realigned and such, I am looking for examples on how to create a private tunnel from my gateway to those locations.

It doesn't really make sense to put another gateway in the portal, as I doubt the rip packets will pass though.



_________________________________________
44Net mailing list
44Net@hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html