I have the openvpn server configured and working but would like to change this to bridged mode (tap rather than tun).
I have tried but failed to get this working, looked at many different articles but still cannot get it working.
Please can anyone provide guidance of how I can change from tun to tap configuration.
Thanks in advance.
It works for me. Can I help you?
Can you tell me how you got it to work please.
Could you post your openvpn and network config files from /etc/config and details of how you have the interface configured.
Thanks
Client side:
client
remote ‘my.vpn.server’ 1194
ca '/path/to/.cert/nm-openvpn/ca.crt’
cert '/path/to/.cert/nm-openvpn/02.pem’
key '/path/to/.cert/nm-openvpn/02.key’
cipher AES-256-CBC
ifconfig 192.168.1.66 255.255.255.0
comp-lzo yes
dev tap
lladdr '00:11:11:11:11:11’
proto udp
ns-cert-type server
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup
float
redirect-gateway def1
Server side:
config openvpn 'server_turris’
option enabled '1’
option port '1194’
option proto 'udp’
option mode server '1’
option dev 'tap’
option tls_server '1’
option ca '/path/to/ca/openvpn/ca.crt’
option crl_verify '/path/to/ca/openvpn/ca.crl’
option cert '/path/to/ca/openvpn/01.crt’
option key '/path/to/ca/openvpn/01.key’
option dh '/etc/dhparam/dh-default.pem’
option server-bridge ‘192.168.1.1 255.255.255.0 192.168.1.150 192.168.111.200’
;option server-bridge
option push "redirect-gateway def1"
option push "dhcp-option DNS 192.168.1.1"
option push "dhcp-option DNS 8.8.8.8"
option push "route 192.168.1.0 255.255.255.0 192.168.1.1"
option push "route-gateway 192.168.1.1"
option ifconfig-pool-persist /etc/openvpn/ipp.txt
option duplicate_cn '0’
option keepalive '10 120’
option comp_lzo 'yes’
option persist_key '1’
option persist_tun ‘1’
;option tls-version-min 1.2
option cipher AES-256-CBC
option status '/tmp/openvpn-status.log’
option verb '3’
option mute '20’
option script_security '2’
option up ‘/etc/openvpn/up.sh’
;option down '/etc/openvpn/down.sh’
option "redirect-gateway def1"
option “remote-gateway 192.168.1.1”
;option ifconfig '192.168.1.1 255.255.255.0’
option client-to-client
content of up.sh
#!/bin/bash
/usr/sbin/brctl addif br-lan tap0
/sbin/ifconfig tap0 up
1 Like
this config will put your client inside local internal network and will route all trafic through your home internal gw
Thanks for that.
I can now get connected to the VPN in bridged mode but I can’t access anything on the internal LAN.
Any ideas?
Thanks in advance
All working now thanks. A reboot sorted it.
One thing though is it possible to get an IP address assigned by dhcp rather than having to specify it in the client config?
So I can now connect to the bridged vpn and access the internal LAN but the default gateway on my android phone doesn’t change so internet traffic isn’t getting routed through the vpn despite having this option set in the client.
If anyone can help with that and the dhcp IP assignment instead of manually specifying it in the client config.
Thanks in advance.
I use this client with same config and it works:
you can run up.sh at client side with dhclient tap0 but I rather use my hardencoded configuration because I was unable run script within android phone
All sorted now thanks.
I’d left the old routed configuration in the openvpn config file. Even though it was disabled the name matched that of the new config and it was combining the configuration of both.
Everything is now working, getting IP from dhcp and all traffic is routed via vpn.
Thanks for all your help, very much appreciated.
np you can buy me a beer 
Are you still using that setup? Can you post final configs?
yes I do not see any reason to change the setup