Hi I've been scratching my head for hours now trying to figure out what's wrong. There are plenty of OpenVPN bridge tutorial out there but all of them are doing the bridging on the OpenVPN server side, while I am trying to do it at the client side.
The configuration is as follow:
Internet (public IP) --- OpenVPN server (tap device) --- (tap0) Raspberry Pi (running openVPN client) (eth0) --- windows PC
I am trying to bridge tap0 to eth0 at the Raspberry Pi, so that windows PC can access the OpenVPN server through it.
This is my current ip a list at Raspberry Pi:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether dc:a6:32:79:32:fa brd ff:ff:ff:ff:ff:ff
inet 169.254.77.125/16 brd 169.254.255.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::b683:712a:2780:f3a4/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether dc:a6:32:79:32:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.50.126/24 brd 192.168.50.255 scope global dynamic noprefixroute wlan0
valid_lft 85723sec preferred_lft 74923sec
inet6 fe80::3b01:7475:5c13:6337/64 scope link
valid_lft forever preferred_lft forever
5: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/ether 2a:bf:f0:ea:d2:80 brd ff:ff:ff:ff:ff:ff
inet 10.8.0.2/24 brd 10.8.0.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::28bf:f0ff:feea:d280/64 scope link
valid_lft forever preferred_lft forever
The Raspberry Pi connects to the internet through wlan0, and connects to the VPN server through tap0. I can ping the OpenVPN server (ip 10.8.0.1) and connects just fine. The OpenVPN server can also ping the pi (10.8.0.2).
eth0 is connected to a windows PC, and assigned IP automatically.
I am bridging the tap0 and eth0 as follows:
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set dev eth0 down
ip addr flush dev eth0
ip link set dev eth0 up
ip link set eth0 master br0
ip link set dev br0 up
(from How to bridge tap to eth0 on raspberry pi?)
I also set a static ip both on the windows PC and the br0 interface in the 10.8.0.0/24 subnet
sudo ifconfig br0 10.8.0.100/24
However, the moment the bridge is up, the pi can no longer ping 10.8.0.1. And of course, windows pc can not access both the pi and/or the openvpn server.
Please let me know what I am missing here.
Edit: my the Pi routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0
0.0.0.0 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0
159.89.203.67 192.168.50.1 255.255.255.255 UGH 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 202 0 0 eth0