VPN settings that emulate Tunngle functionality

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
doc. caliban
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 20, 2014 10:33 pm

VPN settings that emulate Tunngle functionality

Post by doc. caliban » Thu Feb 20, 2014 10:55 pm

Hello,

I have looked at the two posts in the forums that make this same attempt, but they appear to be incomplete / unresolved / abandoned.

I would like to take a different approach to resolving this. Tunngle is based on OpenVPN, and my ignorant assumption is that this means I should be able to create the same environment with my OpenVPN server.

SUMMARY

Tunngle creates a VPN connection that allows the connected clients to see broadcast traffic from each other. An example is a LAN game server that broadcasts it's presence, and the clients being able to detect that on the subnet. (Some games can only be played this way, as opposed to the client specifying the IP of the server and letting routing take care of the rest of it.)

ENVIRONMENT

Currently, I am testing with this setup:

OpenVPN server set up on Synology NAS in 192.168.231.0 subnet
Windows 7 on the same subnet (the computer from which I will be playing)
Windows XP connecting to the OpenVPN server via WAN

MY APPROACH

I have noted the results of route print in the following three situations:

1. Not connected to a VPN
2. Connected to Tunngle (the working configuration for what I want to achieve)
3. Connected to my OpenVPN sever with it's default config

I am hoping that someone here is familiar enough with this information to be able to guide me in configuring my server and clients so that I can attain the same network functionality as the Tunngle connection.

ROUTING

1. No VPN connection

Code: Select all

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.231.1  192.168.231.200    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.231.0    255.255.255.0         On-link   192.168.231.200    266
  192.168.231.200  255.255.255.255         On-link   192.168.231.200    266
  192.168.231.255  255.255.255.255         On-link   192.168.231.200    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   192.168.231.200    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   192.168.231.200    266

2. Connected to Tunngle

Code: Select all

Active Routes:
  Network Destination        Netmask          Gateway       Interface  Metric
            0.0.0.0          0.0.0.0    192.168.231.1  192.168.231.200    266
            0.0.0.0          0.0.0.0    7.254.254.254       7.69.6.243  10029
            7.0.0.0        255.0.0.0    7.254.254.254       7.69.6.243     31
         7.69.6.243  255.255.255.255         On-link        7.69.6.243    286
          127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
          127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      192.168.231.0    255.255.255.0         On-link   192.168.231.200    266
    192.168.231.200  255.255.255.255         On-link   192.168.231.200    266
          224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
          224.0.0.0        240.0.0.0         On-link   192.168.231.200    266
          224.0.0.0        240.0.0.0         On-link        7.69.6.243    286
    255.255.255.255  255.255.255.255         On-link        7.69.6.243    286
3. Connected to my OpenVPN server

Code: Select all

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.231.1  192.168.231.200    266
         10.0.1.0    255.255.255.0         10.0.1.9        10.0.1.10      1
         10.0.1.1  255.255.255.255         10.0.1.9        10.0.1.10      1
         10.0.1.8  255.255.255.252         On-link         10.0.1.10    257
        10.0.1.10  255.255.255.255         On-link         10.0.1.10    257
        10.0.1.11  255.255.255.255         On-link         10.0.1.10    257
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.231.0    255.255.255.0         On-link   192.168.231.200    266
    192.168.231.0    255.255.255.0         10.0.1.9        10.0.1.10      1
  192.168.231.200  255.255.255.255         On-link   192.168.231.200    266
  192.168.231.255  255.255.255.255         On-link   192.168.231.200    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   192.168.231.200    266
        224.0.0.0        240.0.0.0         On-link         10.0.1.10    257
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   192.168.231.200    266
  255.255.255.255  255.255.255.255         On-link         10.0.1.10    257
I am fine with following instructions, and am completely comfortable editing config files and so forth, but I do not understand routing well enough to look at the above info and say, "Well, if you do this that and the other thing, your VPN server will work the same way as the Tunngle VPN server."

Any help with this will be very much appreciated, and I hope that it can stand as a final answer to this question for others to find in the future.

Best,

-Doc

korxal
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 13, 2022 10:08 pm

Re: VPN settings that emulate Tunngle functionality

Post by korxal » Thu Jan 13, 2022 10:22 pm

Hello, since there is not much information about this topic on the Internet, I`ll add example config here for the history.
So, in order to get it working: Things to take into consideration:
  • Bridge config will reset after server restart, it will be wise to include more permanet shell scripst like if up and down
  • For each client ip address inside vpn network needs to be hardcoded unless you have dhcp server inside vpn network
  • I`m not sure if net.ipv4.ip_forward should be enabled if client-to-client option is set
  • First user IP Last user ip in server config have no actual effect on clients
  • When creating bridge interfaces above I skipped adding eth0 to bridge and it works just fine. (Since I don`t need the actual LAN behnd vpn server)
  • OpenVPN Interface on windows cliens *MUST* have lowest possible metric set in order to udp broadcast to work
Example server config:

Code: Select all

#Some ISP blocks 1194 so we use allowed one
port 443
proto tcp-server
#Layer2 networking. 0 is essential
dev tap0
#Magic here   Server IP  Netmask          First user IP   Last user ip
server-bridge 10.10.0.1 255.255.255.0 10.10.0.10     10.10.0.128
cipher AES-128-CBC
#Do not forward packets to kernel
client-to-client
#Use modern topology
topology subnet

# restart control
persist-key
persist-tun
ping-timer-rem
ping-restart 60
ping 10


status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3

<ca>
#Your CA cert here
</ca>

<cert>
#Your server cert here
</cert>

<key>
#Your server key here
</key>
<dh>
#Your dh here
</dh>

Example client Config:

Code: Select all

#Your openvpn server address
remote example.com
proto tcp-client
cipher AES-128-CBC
port 443
dev tap
#Client ip address inside network
ifconfig 10.10.0.2 255.255.255.0
ifconfig-nowarn
ping 10
verb 3
tls-client

<ca>
#Your CA cert here
</ca>

<cert>
#Your server cert here
</cert>

<key>
#Your server key here
</key>
<dh>
#Your dh here
</dh>



Post Reply