TLDR at the bottom
So, I’ve been using my VPN for quite some time now to browse the web and all, but I can’t quite get it to work for LAN games, I tried many things and so far, I have not come any closer to the desired state.
For the kind of games we play, Hamachi works great, but I’d rather use something like my own VPN server than a closed source software with severe limitations.
Some games we play require Network Discovery (no direct IP connections) and run on Windows for the most part, the VPN server is running on a Ubuntu machine and so far the config looks like this: (some parts are commented as I am playing around).
port 1194 proto tcp proto udp ;dev tun dev tap0 sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key 0 topology subnet ;server 10.8.0.0 255.255.255.0 server-bridge 192.168.0.254 255.255.255.0 192.168.0.10 192.168.0.90 client-to-client ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 126.96.36.199" push "dhcp-option DNS 188.8.131.52" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem
This is how I set up my bridge/tun.:
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto br0 iface br0 inet dhcp pre-up tunctl -t (tap device ""ex:tap0"") -u (tap owner) -g (owner group name) pre-up ip link set dev enp3s0 down ('''Brings down ethernet''') pre-up brctl addbr br0 ('''Adds bridge''') pre-up brctl addif br0 enp3s0 ('''Adds eth0 to bridge''') pre-up brctl addif br0 tap0 ('''Adds tap0 to bridge''') pre-up ip link set dev tap0 up ('''Bring tap0 up''') up chmod 0666 /dev/net/tun ('''Changes permissions on tap device to user/ owner''') post-down ip link set dev enp3s0 down ('''Brings down eth0''' ) post-down ip link set dev tap0 dpwn ('''Brings down tap0''') post-down ip link set dev br0 down ('''Brings down br0''') post-down brctl delif br0 enp3s0 ('''Removes bridge between br0 & eth0''') post-down brctl delif br0 tap0 ('''Removes bridge between br0 & tap0''') post-down brctl delbr br0 ('''Removes bridge''')
This is how a client config looks like:
client dev tun ;I change this to tap0 when testing the tap0 interface proto udp proto tcp sndbuf 0 rcvbuf 0 remote MY.PERSONAL.HOST.NAME 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3 <ca> </ca> <cert> </cert> <key> </key> <tls-auth> </tls-auth>
I issue all clients their own .ovpn file, generated by a script.
I also use the VPN from my phone a lot, and I am not sure if the tap method is supported on mobile devices, as the logs suggest otherwise, but I suppose that bridge can be crossed after this one.
If anyone has some kind of insight in to this, please do share.
I need my OpenVPN server to allow LAN Network Discovery and access to the internet for connected clients.
Thank you for taking the time to read my post.