Setting up an OpenVPN server in TAP mode
On Keenetic routers that support an OpenVPN server , it is possible to use bridge mode (TAP).
In the settings of the router acting as the OpenVPN server, you need to add the OpenVPN0 interface to the main bridge using the following CLI command:
interface Bridge0
include OpenVPN0
system configuration saveFollow the links to find sample configurations from the article OpenVPN configuration using two-way TLS authentication (files Client_TAP.ovpn and Server_TAP.ovpn), which have been modified for dev tap. The client configuration does not include the server’s IP address.
In our example, the connection worked as follows: the OpenVPN server runs on a Keenetic, and the OpenVPN client connects from a Windows PC. On the PC running the OpenVPN client, the subnet has been purposefully changed so it does not match the remote subnet. An IP address from the remote network is assigned to the virtual TAP interface in Windows when connecting to the OpenVPN server.
An example of two routers connected via OpenVPN tunnels in TAP mode is presented in the article Forwarding VLANs through OpenVPN.
Note
OpenVPN clients connected to the server will be displayed in the web interface on the Client Lists page under the Unregistered Clients list. If you have selected the No Internet access profile on the My Networks and Wi-Fi page under the Internet Traffic Handling Rules section, do not forget to register OpenVPN clients as well if you need to grant them Internet access.