Openvpn bridged mode (tap)

I have the openvpn server configured and working but would like to change this to bridged mode (tap rather than tun).
I have tried but failed to get this working, looked at many different articles but still cannot get it working.
Please can anyone provide guidance of how I can change from tun to tap configuration.
Thanks in advance.

It works for me. Can I help you?

Can you tell me how you got it to work please.
Could you post your openvpn and network config files from /etc/config and details of how you have the interface configured.


Client side:

remote ‘my.vpn.server’ 1194
ca '/path/to/.cert/nm-openvpn/ca.crt’
cert '/path/to/.cert/nm-openvpn/02.pem’
key '/path/to/.cert/nm-openvpn/02.key’
cipher AES-256-CBC
comp-lzo yes
dev tap
lladdr '00:11:11:11:11:11’
proto udp
ns-cert-type server
script-security 2
user nobody
group nogroup
redirect-gateway def1

Server side:
config openvpn 'server_turris’
option enabled '1’
option port '1194’
option proto 'udp’
option mode server '1’
option dev 'tap’
option tls_server '1’
option ca '/path/to/ca/openvpn/ca.crt’
option crl_verify '/path/to/ca/openvpn/ca.crl’
option cert '/path/to/ca/openvpn/01.crt’
option key '/path/to/ca/openvpn/01.key’
option dh '/etc/dhparam/dh-default.pem’
option server-bridge ‘’
;option server-bridge
option push "redirect-gateway def1"
option push "dhcp-option DNS"
option push "dhcp-option DNS"
option push "route"
option push "route-gateway"
option ifconfig-pool-persist /etc/openvpn/ipp.txt
option duplicate_cn '0’
option keepalive '10 120’
option comp_lzo 'yes’
option persist_key '1’
option persist_tun ‘1’
;option tls-version-min 1.2
option cipher AES-256-CBC
option status '/tmp/openvpn-status.log’
option verb '3’
option mute '20’
option script_security '2’
option up ‘/etc/openvpn/’
;option down '/etc/openvpn/’
option "redirect-gateway def1"
option “remote-gateway”
;option ifconfig '’
option client-to-client

content of

/usr/sbin/brctl addif br-lan tap0
/sbin/ifconfig tap0 up

1 Like

this config will put your client inside local internal network and will route all trafic through your home internal gw

Thanks for that.
I can now get connected to the VPN in bridged mode but I can’t access anything on the internal LAN.
Any ideas?

Thanks in advance

All working now thanks. A reboot sorted it.
One thing though is it possible to get an IP address assigned by dhcp rather than having to specify it in the client config?

So I can now connect to the bridged vpn and access the internal LAN but the default gateway on my android phone doesn’t change so internet traffic isn’t getting routed through the vpn despite having this option set in the client.
If anyone can help with that and the dhcp IP assignment instead of manually specifying it in the client config.

Thanks in advance.

I use this client with same config and it works:

you can run at client side with dhclient tap0 but I rather use my hardencoded configuration because I was unable run script within android phone

All sorted now thanks.
I’d left the old routed configuration in the openvpn config file. Even though it was disabled the name matched that of the new config and it was combining the configuration of both.
Everything is now working, getting IP from dhcp and all traffic is routed via vpn.

Thanks for all your help, very much appreciated.

np you can buy me a beer :smiley:

Are you still using that setup? Can you post final configs?

yes I do not see any reason to change the setup