OpenVPN TAP Bridge

| September 4th, 2010

Again, we assume you have the initial config working

We’ll be creating a bridge from the client to the local network.

First make sure bridge-utils is installed:

sudo apt-get install bridge-utils
Let's get that default config file out again:
sudo bash -c 'gzip -dc /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/bridge-vpn.conf'
sudo cp /usr/share/doc/openvpn/examples/sample-scripts/bridge-* /etc/openvpn/

Like the other site to client (Road warrior) config, you need to enable ip_forward, refer to my previous post.

Configure bridge-vpn.conf and change the following:

#vim syntax :-)
:%s/dev tun/dev tap0/cg
:%s/^server.*/server-bridge VPNSERVERIP LOCALNETWORKMASK STARTIPLEASE ENDIPLEASE/c
# for example, server-bridge 192.168.50.10 255.255.255.0 192.168.50.130 192.168.50.150

Edit bridge-start editing the same VPNSERVERIP, netmask, and broadcast address in this file. I had to add to the end of the script:

route del $gw
route del default gw $gw $eth
route add default gw $gw $br

because my routing tables was empty when br0 would come online, I don’t know why.

I also added service network-manager restart in bridge-stop to restore my eth0 settings.

After this, I created a client.conf and the appropriate client keys and set dev tun too. I connected to the system and wala! pinging other computers in the local network works.

Original Reference: OpenVPN Ethernet Bridging

Leave a Reply