Here are the steps that I took to get OpenVPN working in TAP (bridge) mode versus the TUN (tunneling) mode. Hopefully I have not made any mistakes in these directions and I remembered everything. Maybe someone can turn this into a more elaborate wiki page or something. This will enable you to get your VPN computer on the same IP and SUBNET as the LAN you are connecting to:
1. Firstly, follow the Wiki steps to get OpenVPN working in TUN mode located here:
http://www.sprayfly.com/wiki/OpenVPN* The following steps are what I used to get the installation from step 1 in TAP mode working and I referenced the site:
http://openvpn.net/bridge.html2. Edit a file called "bridge-start" and place it in "/opt/bin/" (so it can be run from anywhere). Here are the code for that file:
#!/opt/bin/bash
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above. This info should be in ifconfig command for
# your WLHDD if you do not know it already for your LAN
eth="eth1" # Ethernet adapter in use (should be "eth1" on WLHDD)
eth_ip="192.168.1.220" # WLHDD IP Address
eth_netmask="255.255.255.0" # WLHDD Subnet
eth_broadcast="192.168.1.255"
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
3. Edit a file called "bridge-stop" and place it in "/opt/bin/" (so it can be run from anywhere). Here are the code for that file:
#!/opt/bin/bash
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged together
tap="tap0"
for t in $tap; do
openvpn --rmtun --dev $t
done
4. Edit the "/opt/etc/openvpn/openvpn.conf" file and make the following changes:
* Change the tunnel statement to use the TAP adapter:
dev tun
...change to...
dev tap0
* Change following line to IP address of WLHDD and range you wish to use for VPN clients:
ifconfig 10.1.0.1 10.1.0.2
...change to...
ifconfig 192.168.1.220 192.168.1.221-225
5. Edit the "/opt/etc/openvpn/server.conf" file and make the following changes:
* Search for and comment out the TUN line ("dev tun") and uncomment and alter the TAP line:
;dev tun
dev tap0
* Search for and comment out the server mode line:
;server 10.8.0.0 255.255.255.0
* Search for and uncomment and alter the "server-bridge" line. Change to: (The numbers are as follows - IP Address of WLHDD, Subnet of WLHDD, Address range for VPN clients to get)
server-bridge 192.168.1.220 255.255.255.0 192.168.1.221 192.168.1.225
6. Edit the "/usr/local/sbin/post-firewall" file and add the following three rules:
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
7. Save the flash and then reboot:
flashfs save
flashfs commit
flashfs enable
reboot
8. On the client side (I use the OpenVPN GUI client found at
http://www.openvpn.se/) edit the config file and make the following changes:
* Comment out TUN mode line ("dev tun") and uncomment/add TAP mode line:
;dev tun
dev tap
* Uncomment and alter the "dev-node" line. Make adapter in quotes match the name of the TAP adapter for your computer exactly. Read the comments above this line in the config file for directions.
dev-node "My TAP Driver Name Here"
9. I moved the file "/opt/etc/init.d/S24openvpn" to a different folder so that OpenVPN did not start automatically on every reboot. This way I can start the bridge and then openvpn on my own and in the right order.
10. Start the bridge and openvpn server on the WLHDD:
bridge-start
S24openvpn
11. Connect using the OpenVPN client. You should be on your LAN now.
12. To shut down the bridge and openvpn issue these commands:
killall openvpn 2>/dev/null
bridge-stop
