Hello!
TLDR at the bottom
So, I’ve been using my VPN for quite some time now to browse the web and all, but I can’t quite get it to work for LAN games, I tried many things and so far, I have not come any closer to the desired state.
For the kind of games we play, Hamachi works great, but I’d rather use something like my own VPN server than a closed source software with severe limitations.
Some games we play require Network Discovery (no direct IP connections) and run on Windows for the most part, the VPN server is running on a Ubuntu machine and so far the config looks like this: (some parts are commented as I am playing around).
OpenVPN server.conf
port 1194
proto tcp
proto udp
;dev tun
dev tap0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
;server 10.8.0.0 255.255.255.0
server-bridge 192.168.0.254 255.255.255.0 192.168.0.10 192.168.0.90
client-to-client
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
This is how I set up my bridge/tun.:
etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto br0
iface br0 inet dhcp
pre-up tunctl -t (tap device ""ex:tap0"") -u (tap owner) -g (owner group name)
pre-up ip link set dev enp3s0 down ('''Brings down ethernet''')
pre-up brctl addbr br0 ('''Adds bridge''')
pre-up brctl addif br0 enp3s0 ('''Adds eth0 to bridge''')
pre-up brctl addif br0 tap0 ('''Adds tap0 to bridge''')
pre-up ip link set dev tap0 up ('''Bring tap0 up''')
up chmod 0666 /dev/net/tun ('''Changes permissions on tap device to user/ owner''')
post-down ip link set dev enp3s0 down ('''Brings down eth0''' )
post-down ip link set dev tap0 dpwn ('''Brings down tap0''')
post-down ip link set dev br0 down ('''Brings down br0''')
post-down brctl delif br0 enp3s0 ('''Removes bridge between br0 & eth0''')
post-down brctl delif br0 tap0 ('''Removes bridge between br0 & tap0''')
post-down brctl delbr br0 ('''Removes bridge''')
This is how a client config looks like:
TestClient.ovpn
client
dev tun ;I change this to tap0 when testing the tap0 interface
proto udp
proto tcp
sndbuf 0
rcvbuf 0
remote MY.PERSONAL.HOST.NAME 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>
I issue all clients their own .ovpn file, generated by a script.
I also use the VPN from my phone a lot, and I am not sure if the tap method is supported on mobile devices, as the logs suggest otherwise, but I suppose that bridge can be crossed after this one.
If anyone has some kind of insight in to this, please do share.
TL:DR:
I need my OpenVPN server to allow LAN Network Discovery and access to the internet for connected clients.
Thank you for taking the time to read my post.