Help configuring TUN in ARP proxy mode

[rdiez]

Hi all:

I have been using OpenVPN with TAP for a while in order to support remote clients without having to change the local network configuration (which is not an option at the moment).

Using TAP has performance drawbacks, and Android clients do not work, so I am attempting to switch to TUN with the ARP proxy mode.

The Linux server has LAN address 192.168.1.41, and I would like remote clients to get addresses in the range 192.168.1.81-89, which is excluded from the local DHCP server.

I am unsure how to proceed. This is an excerpt of the OpenVPN server configuration I am trying:

dev OpenVpnSrvTun
dev-type tun
mode server
tls-server
# I am not sure whether "topology subnet" is necessary for the server.
topology subnet
push "topology subnet"
ifconfig 192.168.1.81 255.255.255.0
ifconfig-pool 192.168.1.83 192.168.1.89 255.255.255.0

The trouble is, the OpenVPN server creates a TUN interface with address 192.168.1.81 on start-up, and that IP address is on the same subnet as the main IP address 192.168.1.41, so that network connectivity breaks down.

The first question is why should OpenVPN create a TUN interface at all. After all, the clients will be getting IP addresses from the same LAN as the main network interface.

What can I do? If OpenVPN always needs a TUN interface, do I have to manually bridge the TUN interface with the LAN interface? If so, do I have to create a TUN interface manually before OpenVPN starts, like when using a TAP interface?

Is there a guide on the Internet that describes this scenario? I have found tips here and there, but I couldn't find anything that made me understand how this scenario should work.

Many thanks in advance,
rdiez