Page 1 of 1

Help configuring TUN in ARP proxy mode

Posted: Thu Sep 28, 2023 8:35 am
by rdiez
Hi all:

I have been using OpenVPN with TAP for a while in order to support remote clients without having to change the local network configuration (which is not an option at the moment).

Using TAP has performance drawbacks, and Android clients do not work, so I am attempting to switch to TUN with the ARP proxy mode.

The Linux server has LAN address, and I would like remote clients to get addresses in the range, which is excluded from the local DHCP server.

I am unsure how to proceed. This is an excerpt of the OpenVPN server configuration I am trying:

dev OpenVpnSrvTun
dev-type tun
mode server
# I am not sure whether "topology subnet" is necessary for the server.
topology subnet
push "topology subnet"

The trouble is, the OpenVPN server creates a TUN interface with address on start-up, and that IP address is on the same subnet as the main IP address, so that network connectivity breaks down.

The first question is why should OpenVPN create a TUN interface at all. After all, the clients will be getting IP addresses from the same LAN as the main network interface.

What can I do? If OpenVPN always needs a TUN interface, do I have to manually bridge the TUN interface with the LAN interface? If so, do I have to create a TUN interface manually before OpenVPN starts, like when using a TAP interface?

Is there a guide on the Internet that describes this scenario? I have found tips here and there, but I couldn't find anything that made me understand how this scenario should work.

Many thanks in advance,