OpenVPN router - how to propagate 255.255.255.255 broadcasts on VPN?
Solution 1
I managed to get this to work by connecting 2 routers (client and server) with openVPN, where the tap0 interface is bridged to ethernet on both sides.
Seems that not propagating 255.255.255.255 over the VPN interface may be an issue on Windows clients only, perhaps due to the lack of bridging.
Solution 2
Your OpenVPN is probably configured for tun
mode, which works on Layer 3 and won't propagate broadcasts across subnets.
You need to switch it to tap
mode, which works on Layer 2 and does propagate broadcasts. What you need to do with tap
mode is create a bridge interface, such as br0
, and then junction your physical eth0
and tap0
into it. br0
is then assigned an IP and broadcasts sent out of br0
will reach anything junctioned into it, as though it were a switch.
I believe the DD-WRT interface takes care of most of the work for you, that's the gist of it.
Solution 3
Broadcasts are not routed, this isn't a problem with OpenVPN, this is just how IP works.
If OpenVPN is configured in layer 3 mode (aka tun) then it will act like a router, broadcasts will not be passed.
Your option is to setup a bridge (aka tap), forming a layer 2 network, which will forward broadcasts. I am not sure what you are going to have to do to make this work on dd-wrt though.
BTW you really might want to look at some alternatives to dd-wrt, the releases for most routers hasn't been updated in over 4 years. That means a lot of security bugs have accumulated, like heartbleed, and possibly shellshock. If your firmware image is older than a month, it is time to upgrade, or look for an alternative.
André Fernandes
Updated on September 18, 2022Comments
-
André Fernandes over 1 year
I have a dd-wrt router with openVPN set up which I'm using to play LAN games remotely.
Some details on the network:
remote site LAN: 192.168.10.0/23 router LAN IP: 192.168.11.1 LAN DHCP range: 192.168.11.1-254 (same for VPN clients)
The games we're playing are using broadcast packets to locate the servers, the problem is that even though the broadcasts are sent to the VPN, the router isn't getting them from the clients to the hosts inside the LAN on the remote site. The inverse is also true, broadcasts from the remote LAN are not reaching the VPN clients.
This is happening only for the 255.255.255.255 broadcast address, I have sniffed the network on the client side and I can see "normal" broadcasts to 192.168.11.255.
Example of a non-traversing packet (source is VPN client):
192.168.11.24 255.255.255.255 UDP Source port: 28960 Destination port: 28961
Example of a traversing packet (caught by sniffing on the VPN client. source is a host in the remote LAN):
192.168.11.25 192.168.11.255 UDP Source port: 60978 Destination port: 32414
How can the router be configured to broadcast these packets?
Is this a routing, iptables, or openVPN fix?
Edit: the VPN is configured in bridged mode (tap).
-
André Fernandes over 9 yearsI forgot to mention that the VPN is in bridged mode already.
-
LawrenceC over 9 yearsMake sure you didn't mix up your WAN and LAN interfaces. LAN should be part of the OpenVPN
br0
, but not the WAN interface. -
André Fernandes over 9 yearsChecked it and it's right, otherwise the VPN wouldn't be working i think. This is configured by ddwrt automatically. bridge name bridge id STP enabled interfaces br0 8000.b0487ade0b7e no vlan1 ath0 tap2