OpenVPN and "LAN" for gaming

Hello!

TLDR at the bottom :slight_smile:

So, I’ve been using my VPN for quite some time now to browse the web and all, but I can’t quite get it to work for LAN games, I tried many things and so far, I have not come any closer to the desired state.

For the kind of games we play, Hamachi works great, but I’d rather use something like my own VPN server than a closed source software with severe limitations.

Some games we play require Network Discovery (no direct IP connections) and run on Windows for the most part, the VPN server is running on a Ubuntu machine and so far the config looks like this: (some parts are commented as I am playing around).

OpenVPN server.conf
port 1194
proto tcp
proto udp

;dev tun
dev tap0

sndbuf 0
rcvbuf 0

ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0

topology subnet

;server 10.8.0.0 255.255.255.0
server-bridge 192.168.0.254 255.255.255.0 192.168.0.10 192.168.0.90

client-to-client

ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
cipher AES-256-CBC
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
verb 3
crl-verify crl.pem

This is how I set up my bridge/tun.:

etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto br0

iface br0 inet dhcp

pre-up tunctl -t (tap device ""ex:tap0"") -u (tap owner) -g (owner group name)

pre-up ip link set dev enp3s0 down   ('''Brings down ethernet''')

pre-up brctl addbr br0   ('''Adds bridge''')

pre-up brctl addif br0 enp3s0   ('''Adds eth0 to bridge''')

pre-up brctl addif br0 tap0   ('''Adds tap0 to bridge''')

pre-up ip link set dev tap0 up   ('''Bring tap0 up''')

up chmod 0666 /dev/net/tun   ('''Changes permissions on tap device to user/ owner''')

post-down ip link set dev enp3s0 down   ('''Brings down eth0''' )

post-down ip link set dev tap0 dpwn   ('''Brings down tap0''')

post-down ip link set dev br0 down   ('''Brings down br0''')

post-down brctl delif br0 enp3s0   ('''Removes bridge between br0 & eth0''')

post-down brctl delif br0 tap0   ('''Removes bridge between br0 & tap0''')

post-down brctl delbr br0  ('''Removes bridge''')

This is how a client config looks like:

TestClient.ovpn
client
dev tun  ;I change this to tap0 when testing the tap0 interface
proto udp
proto tcp
sndbuf 0
rcvbuf 0
remote MY.PERSONAL.HOST.NAME 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3

<ca>
</ca>

<cert>
</cert>

<key>
</key>

<tls-auth>
</tls-auth>

I issue all clients their own .ovpn file, generated by a script.

I also use the VPN from my phone a lot, and I am not sure if the tap method is supported on mobile devices, as the logs suggest otherwise, but I suppose that bridge can be crossed after this one.

If anyone has some kind of insight in to this, please do share.

TL:DR:
I need my OpenVPN server to allow LAN Network Discovery and access to the internet for connected clients.

Thank you for taking the time to read my post.

Look into using tap (instead of tun) with openvpn.

2 Likes

What @risk wrote, I heard something similar about steam streaming.

Also check out multicast as that is probably the the underlying technology that enables your network discovery (Apple can use mDNS).

While TUN does work with Android and iOS and provides internet as well as LAN it doesn’t seem to working with games :confused:

TAP however doesn’t work with mobile devices and I didn’t manage to achieve much with it, hence why I’m here.

Here is what my config looks like:

EDIT: it’s set to tun atm, since my attempts to work with tap didn’t quite work.

server.conf
port 1194
proto tcp
proto udp

dev tun

sndbuf 0
rcvbuf 0

ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0


topology subnet

server 10.8.0.0 255.255.255.0

client-to-client
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"

ifconfig-pool-persist ipp.txt
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"



keepalive 10 120
cipher AES-256-CBC
comp-lzo


user nobody
group nogroup


persist-key
persist-tun


status openvpn-status.log
verb 3
crl-verify crl.pem

@sas41 I have never heard of playing games through a VPN. I am just wondering why you are running your games through a VPN?

A lot of old games that had their online servers shut down have a LAN option (many also have a direct connect, so those are not a problem).

But even some of the recent games have LAN options but no Direct Connect, most recent example is Dying Light, turns out, it has either Online multiplyer or LAN (with auto-discovery) but no cross-play between Steam and GOG.

So, the only way to play it is via LAN.

P.S. my last post was supposed to be a reply to you, but I messed it up, sorry.

@sas41 thanks for the reply to my question. I guess the multi players games I play have their original servers still runing and running them through a VPN would lower my bandwith to the point of introducing lag.I

What you want to do it bridge the openvpn network to your local network (no routing). Have a look at this: https://openvpn.net/community-resources/ethernet-bridging/

I don’t see why it wouldn’t work on mobile, you’d just have to make sure your phone client is using your router as its gateway and not the VPN server. But if it really doesn’t work then you could just run two instances of openvpn, one for tun and one to bridge to your LAN.

Thank you all for taking the time to reply to my issue, I managed to achieve what I wanted.

Had to jump trough a lot of hoops, but at least it’s working now!

Did you ever get this to work/Can you post your updated configuration?

2 Likes

I recently did a fresh install on my home server and re-did it, I wrote down the steps, I will make a new post about it later today, once I can.

Hey, I just got done with a short write up on how I did, here is the forum post, I hope it helps: