OpenVPN bridging


#1

So I have found several posts for this but none actually have an answer. I have an OpenVPN server setup at a remote location that issues DHCP. I want to make it so when I connect my GL device to the VPN server all the devices will be issued IPs from the VPN server… Not from the GL device. Essentially I just want the GL to bridge the OpenVPN tunnel not route/NAT it.


Bridge OpenVPN to LAN Port
#2

Someone out there must know something of use?


#3

Server side:

  • Step 1: Add the following lines to /etc/openvpn/ovpn/server.ovpn.
dev tap
server-bridge 192.168.13.1 255.255.255.0 192.168.13.2 192.168.13.100

Note that 192.168.13.1 is the gateway of br-lan, 192.168.13.2 is IP address pool start, 192.168.13.100 is IP address pool end, it has to non-conflict with LAN’s DHCP IP address pool(it is start with 100 by default).

  • Step 2: Edit network uci configuration file /etc/config/network.
config interface 'lan'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option hostname 'GL-AR750-446'
	option ipaddr '192.168.13.1'
	option ifname 'eth1.1 tap0'
	option proto 'static'
  • Step 3: Start OpenVPN Server on admin web page.

Client side:

  • Step 1: Change client.ovpn.
dev tap
  • Step 2: Edit network configuration file /etc/config/network.
config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1 tap0'
	option proto 'dhcp'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option hostname 'GL-AR750S-f5a'
	# option ipaddr '192.168.8.1'
  • Step 3: Edit dhcp configuration file /etc/config/dhcp .
config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	option dhcpv6 'server'
	option ra 'server'
	option ignore '1'

config interface 'ovpn'
	option ifname 'none'
	option proto 'none'
  • Step 4: Restart dnsmasq.
/etc/init.d/dnsmasq restart
  • Step 5: Upload client.ovpn, and start it.

#4

Ohh wow… Lil more than I expected… First I assume that I can SSH into these? Second the br-lan ip of x.x.13.2 is where that device is actually getting its net from not the device itself. Eg the server side devices actual gateway.


#5

Yup, you have to ssh to the router, I will make it simple if I have spare time.

br-lan and tap are bridge, all device is assigned IP address from server’s LAN.


#6

Ok, I will try to figure out how to edit these files now!!!

Thank you very much!!!


#7

So I have been playing with it but it keeps giving me an unknown error. if I edit the GUI version it resets all the stuff. The config files look like they need other settings too.

This is what my default settings look like:

/etc/openvpn/ovpn/server.ovpn

client-to-client
persist-key
persist-tun
auth SHA1
cipher BF-CBC
comp-lzo adaptive
dev tun-SERVER
dev-type tun
group nogroup
keepalive 10 120
mode server
mute 5
port 250
proto udp
push “persist-key”
push “persist-tun”
push “redirect-gateway def1”
route-gateway dhcp
server 10.1.10.0 255.255.255.0
topology subnet
duplicate-cn
user nobody
verb 3

/etc/config/network

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘127.0.0.1’
option netmask ‘255.0.0.0’

config globals ‘globals’
option ula_prefix ‘fdb7:c716:10cd::/48’

config interface ‘lan’
option type ‘bridge’
option ifname ‘eth0.1’
option proto ‘static’
option netmask ‘255.255.255.0’
option ip6assign ‘60’
option hostname ‘GL-MT300N-V2-0cf’
option ipaddr ‘192.168.8.1’

config interface ‘wan’
option ifname ‘eth0.2’
option proto ‘dhcp’
option hostname ‘GL-MT300N-V2-0cf’
option metric ‘10’

config device ‘wan_dev’
option name ‘eth0.2’
option macaddr ‘e4:95:6e:46:30:cf’

config interface ‘wan6’
option ifname ‘eth0.2’
option proto ‘dhcpv6’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘1 6t’

config switch_vlan
option device ‘switch0’
option vlan ‘2’
option ports ‘0 6t’

config interface ‘tap0’
option type ‘bridge’
option proto ‘static’
option ifname ‘eth0.1’

/etc/config/dhcp

config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_protection ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option resolvfile ‘/tmp/resolv.conf.auto’
option nonwildcard ‘1’
option localservice ‘1’

config dhcp ‘lan’
option interface ‘lan’
option start ‘100’
option limit ‘150’
option leasetime ‘12h’
option force ‘1’
option dhcpv6 ‘server’
option ra ‘server’

config dhcp ‘wan’
option interface ‘wan’
option ignore ‘1’

config odhcpd ‘odhcpd’
option maindhcp ‘0’
option leasefile ‘/tmp/hosts/odhcpd’
option leasetrigger ‘/usr/sbin/odhcpd-update’
option loglevel ‘4’

config domain ‘localhost’
option name ‘console.gl-inet.com
option ip ‘192.168.8.1’


#8

You might not read my guide with careful.

It doesn’t need this one.

OpenVPN Server configuration file:

client-to-client
persist-key
persist-tun
auth SHA1 
cipher BF-CBC
comp-lzo adaptive
; dev tun-SERVER
; dev-type tap
dev tap
server-bridge 192.168.13.1 255.255.255.0 192.168.13.2 192.168.13.100
group nogroup
keepalive 10 120
mode server
mute 5
port 1194
proto udp
push "persist-key"
push "persist-tun"
; push "redirect-gateway def1"
; push "route 0.0.0.0 0.0.0.0"
route-gateway dhcp
; server 10.8.0.0 255.255.255.0
topology subnet
duplicate-cn
user nobody
verb 3
status /var/log/openvpn-status.log

OpenVPN Server network configuration file:


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd22:3a5a:e558::/48'

config interface 'lan'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option hostname 'GL-AR750-446'
	option ipaddr '192.168.13.1'
	option ifname 'eth1.1 tap0'
	option proto 'static'

config interface 'wan'
	option hostname 'GL-AR750-446'
	option metric '10'
	option proto 'dhcp'
	option ifname 'eth0'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 0t'

config interface 'wwan'
	option proto 'dhcp'
	option metric '20'

OpenVPN Client configuration file:

client
dev tap
proto udp
remote 192.168.17.22 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA1 
cipher BF-CBC
comp-lzo adaptive
nice 0
mute 5
verb 3

OpenVPN Client network configuration file:


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd6a:afef:bb70::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1 tap0'
	option proto 'dhcp'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option hostname 'GL-AR750S-f5a'
	# option ipaddr '192.168.8.1'

config interface 'guest'
	option type 'bridge'
	option ifname 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option hostname 'GL-AR750S-f5a'
	option ipaddr '192.168.10.1'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'
	option hostname 'GL-AR750S-f5a'
	option metric '10'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

config interface 'ovpn'
	option ifname 'none'
	option proto 'none'