More 2.X Questions

More clarification regarding OpenVPN 2.x and bridging.

Utilizing FC2 I have created bridge br0 and bound eth0 utilizing 
network-scripts ifcfg-br0 and ifcfg-eth0 respectively. Basically, I copied 
the existing eth0 script to br0, deleted the HWADDR var and set the existing 
vars DEVICE and TYPE values to br0 and Bridge. The original eth0 script was 
modified with the existing vars BROADCAST, IPADDR, NETMASK and NETWORK values 
all set to 0.0.0.0 and new vars BRIDGE and PROMISC appended with values set 
to br0 and yes.

Utilizing this method creates a bridge with an eth0 binding and a virtual 
address configuration identical to the original eth0 during sysV network 
initializations and restarts (/sbin/system network restart) as a review 
of /etc/rc.d/init.d/network indicated the FC2 network daemon understands 
bridging and associated device bindings. 

So far so good.

Now the potential issues:

1) As the the bridge and virtual address were created outside the OpenVPN 
script, how does OpenVPN know which, if any, bridge to bind to? Do I need to 
manually create a tap device (tap0) and bind it to br0 prior to OpenVPN sysV 
initialization? I am utilizing multi-client udp so I assume only a singe tap 
device is required.

2) The OpenVPN multi-client udp tap script utilizes the statement ifconfig 
<address> <mask>. Is this address the same as the existing bridge virtual 
address or a unique address within the bridge virtual address subnet? Is the 
ifconfig statement required if a manual tap binding is implemented as 
described in 1)?

What I would like to accomplish (if required) is a network-script ifcfg-tap0 
so bridge creation and bindings are completely incorporated within the sysV 
and FC2 automated processes.

Lastly, I am encountering difficulties with the WinXP client portion of this 
test. After installing the current 2.x build on a WinXP box, I remain unclear 
regarding certs and config files.

1) Will the sample client-side OpenVPN config file from the 2.x readme 
function (with the correct remote <addr>) in WinXP?  Will removing the 
sample-keys/ from ca, cert and key result in a cert file location and search 
of the default directory of the .ovpn flies?

2) The sample-key client files were not included; can I place the *nix 
versions in the same directory as the .ovpn files and if so, any unix-to-dos 
end-of-line conversion necessary?

Advice, comments, criticisms and caveats please.


Raymond


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com