OpenVPN router - how to propagate 255.255.255.255 broadcasts on VPN?

linux networking routing dd-wrt openvpn
9,248

Solution 1

I managed to get this to work by connecting 2 routers (client and server) with openVPN, where the tap0 interface is bridged to ethernet on both sides.

Seems that not propagating 255.255.255.255 over the VPN interface may be an issue on Windows clients only, perhaps due to the lack of bridging.

Solution 2

Your OpenVPN is probably configured for tun mode, which works on Layer 3 and won't propagate broadcasts across subnets.

You need to switch it to tap mode, which works on Layer 2 and does propagate broadcasts. What you need to do with tap mode is create a bridge interface, such as br0, and then junction your physical eth0 and tap0 into it. br0 is then assigned an IP and broadcasts sent out of br0 will reach anything junctioned into it, as though it were a switch.

I believe the DD-WRT interface takes care of most of the work for you, that's the gist of it.

Solution 3

Broadcasts are not routed, this isn't a problem with OpenVPN, this is just how IP works.

If OpenVPN is configured in layer 3 mode (aka tun) then it will act like a router, broadcasts will not be passed.

Your option is to setup a bridge (aka tap), forming a layer 2 network, which will forward broadcasts. I am not sure what you are going to have to do to make this work on dd-wrt though.

BTW you really might want to look at some alternatives to dd-wrt, the releases for most routers hasn't been updated in over 4 years. That means a lot of security bugs have accumulated, like heartbleed, and possibly shellshock. If your firmware image is older than a month, it is time to upgrade, or look for an alternative.

Share:
9,248
André Fernandes
Author by

André Fernandes

Updated on September 18, 2022

Comments

  • André Fernandes
    André Fernandes over 1 year

    I have a dd-wrt router with openVPN set up which I'm using to play LAN games remotely.

    Some details on the network:

    remote site LAN: 192.168.10.0/23
router LAN IP: 192.168.11.1
LAN DHCP range: 192.168.11.1-254 (same for VPN clients)

    The games we're playing are using broadcast packets to locate the servers, the problem is that even though the broadcasts are sent to the VPN, the router isn't getting them from the clients to the hosts inside the LAN on the remote site. The inverse is also true, broadcasts from the remote LAN are not reaching the VPN clients.

    This is happening only for the 255.255.255.255 broadcast address, I have sniffed the network on the client side and I can see "normal" broadcasts to 192.168.11.255.

    Example of a non-traversing packet (source is VPN client):

    192.168.11.24   255.255.255.255 UDP Source port: 28960  Destination port: 28961

    Example of a traversing packet (caught by sniffing on the VPN client. source is a host in the remote LAN):

    192.168.11.25   192.168.11.255  UDP Source port: 60978  Destination port: 32414

    How can the router be configured to broadcast these packets?

    Is this a routing, iptables, or openVPN fix?

    Edit: the VPN is configured in bridged mode (tap).

  • André Fernandes
    André Fernandes over 9 years
    I forgot to mention that the VPN is in bridged mode already.
  • LawrenceC
    LawrenceC over 9 years
    Make sure you didn't mix up your WAN and LAN interfaces. LAN should be part of the OpenVPN br0, but not the WAN interface.
  • André Fernandes
    André Fernandes over 9 years
    Checked it and it's right, otherwise the VPN wouldn't be working i think. This is configured by ddwrt automatically. bridge name bridge id STP enabled interfaces br0 8000.b0487ade0b7e no vlan1 ath0 tap2

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Peering two sites in a VPN: DIY mode with twin Raspberry Pi
how to understand the routing table on an OpenVPN client
Is it possible to have 2 different VPN connections simultaneously on the same machine? maybe on different network interfaces?
multiple default gateways for alias interfaces
OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
Network interface preference
How to build a gateway from my Linux OS
Is net.ipv6.conf.all.forwarding=1 equivalent to enabling forwarding for all individual interfaces?
Configuring routing with systemd-networkd via a gateway results in error: Could not set route: Network is unreachable