To improve the user experience on this site we use cookies. I agree | I disagree

How to create OpenVPN TAP interface - bridge mode?

In category Routers .


Below is an example of connection two LANs (bridged eth0 and eth1) through TAP interface of OpenVPN tunnel on the layer two (L2) of ISO/OSI model.

 

Router A - Server

server.ovpn
port 1194
proto udp
dev tap0
server-bridge 172.16.194.254 255.255.255.0 172.16.194.100 172.16.194.200
comp-lzo
keepalive 10 60
persist-tun
dh /root/dh1024.pem
ca /root/ca.crt
tls-server
key /root/server.key
cert /root/server.crt
float
script-security 2
up /var/openvpn/scripts/openvpn.up
verb 3

 

Router B - Client

client.ovpn
client
remote 10.0.2.250
port 1194
proto udp
dev tap
comp-lzo
keepalive 10 60
tls-client
persist-tun
ca /root/ca.crt
key /root/er75i.key
cert /root/er75i.crt
float
script-security 2
up /var/openvpn/scripts/openvpn.up
verb 3

Copy all files (including certificates and keys) for testing purpose  e.g. to folder /root separately on Router A and Router B.

NOTE: Be careful, the folder /root will be rewiten after upload by firmware. You can use another folder. The best solution is folder /var/data (MRAM).

 

Now create a Startup Script for TAP interface in bridge mode and Up/Down scripts.

Router A - Server

Startup Script
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here.

mkdir /var/openvpn/scripts
cat > /var/openvpn/scripts/openvpn.up <<EOF
#!/bin/sh
. /etc/settings.eth
killall dhcpd
/sbin/ip link set eth0 down
/sbin/ip link set eth1 down
sleep 5
/sbin/ip link set eth0 up
/sbin/ip link set eth1 up
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0
/sbin/ifconfig tap0 0.0.0.0
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1
/usr/sbin/brctl addif br0 tap0
/sbin/ifconfig br0 192.168.1.1 netmask 255.255.255.0 up
/sbin/ifconfig eth0 0.0.0.0 promisc up
/sbin/ifconfig eth1 0.0.0.0 promisc up
/sbin/ifconfig tap0 0.0.0.0 promisc up
EOF
chmod 755 /var/openvpn/scripts/openvpn.up
Up Script
#!/bin/sh
#
# This script will be executed when PPP/WAN connection is established.

/usr/sbin/openvpnd --syslog --config /root/server.ovpn &
Down Script
#!/bin/sh
#
# This script will be executed when PPP/WAN connection is lost.

killall openvpnd

 

Router B - Client

Startup Script
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here.

mkdir /var/openvpn/scripts
cat > /var/openvpn/scripts/openvpn.up <<EOF
#!/bin/sh
killall dhcpd
/sbin/ip link set eth0 down
/sbin/ip link set eth1 down
sleep 5
/sbin/ip link set eth0 up
/sbin/ip link set eth1 up
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0
/sbin/ifconfig tap0 0.0.0.0
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1
/usr/sbin/brctl addif br0 tap0
/sbin/ifconfig br0 192.168.1.2 netmask 255.255.255.0 up
/sbin/ifconfig eth0 0.0.0.0 promisc up
/sbin/ifconfig eth1 0.0.0.0 promisc up
/sbin/ifconfig tap0 0.0.0.0 promisc up
EOF
chmod 755 /var/openvpn/scripts/openvpn.up
Up Script
#!/bin/sh
#
# This script will be executed when PPP/WAN connection is established.

/usr/sbin/openvpnd --syslog --config /root/client.ovpn &
Down Script
#!/bin/sh
#
# This script will be executed when PPP/WAN connection is lost.

killall openvpnd

 

 

 

 

To the FAQ overview