1

I have been back and forth with some users here about creating a VPN using my Raspberry Pi 3 as a hotspot (OpenVPN client) but being able to bridge it to my other Rasperry Pi 3 at home (OpenVPN server).

A great user was able to help me out with getting it to work 100% as a layer 3, however I am using a device that in order to interact with the other network devices on my server's network, it requires a bridged network using a layer 2 VPN.

I have tried many many things, spent countless hours of free time off-work and weekends. Googled probably hundred's of times... I can't seem to ping or see this device on my server's network at all.

If I ssh to the client or any other Raspberry Pi's in the client's network, I am able to ping this device. But outside of the client's network I just can't ping at all.

All the information to what my setup is is located in here: Pi 3B+ As Hotspot + OpenVPN

But basically I need to convert a working Layer-3 OpenVPN network to a Layer-2 OpenVPN network.

I am fairly sure this device requires a bridged network... it needs to have the same subnet and IP range as the server and hence the need for a layer-2 network.

I know there is some information out there, but I should specify, I'm hoping to get this done using raspbian-lite. I don't want any kind of UI or graphical interface since this would draw more resources than the lite version. I did find this video which seems quite useful. But I can't seem to be able to figure it out.

Your help would be greatly appreciated figuring this out,

Thank you in advance.

Agustin
  • 146
  • 12

1 Answers1

4

First some general information to get an idea what to do. As you already have found there are in general two ways to configure a Virtual Private Network: a bridged setup on OSI Layer 2 and a routed setup on OSI Layer 3.

Nowadays we have mainly two VPN programs that are mostly used: the modern and up comming Wireguard and meanwhile classic OpenVPN. I would suggest to use Wireguard but as stated in its documentation it only supports a routed setup on OSI Layer 3. So we have to use OpenVPN that supports both configurations.

The two setups with OpenVPN are completely different. For a routed setup it uses tun interfaces and for a bridged setup it uses tap interfaces. You have referred to a setup Pi 3B+ As Hotspot + OpenVPN you have used. This cannot work in principle for your purpose because it uses a tun0 interface which cannot be bridged.

So lets have a look at a bridged setup using OpenVPN with tap interfaces. But be warned, it is a sophisticated and error prone setup mainly because we are on OSI Layer 2 without handling ip addresses. Instead we have to handle mac addresses and that is often unusual. You can find a tested setup at

How to bridge an access point with a remote network by openvpn?.

My suggestion is, don't try to configure your environment in the first step. Configure exactly the linked setup. It is tested and known to work. If you have this running then you can improve it to your needs.

Ingo
  • 42,107
  • 20
  • 85
  • 197
  • Awesome, so far it looks very close to what I want :). I am unsure however, what you mean by not configuring my environment in the first step? do you mean I should skip the general setup? So I am guessing I can't just switch the interface in my server from tun0 to tap0 and the other routings. Well that's not too much of a problem, will report when I get stuck again hehe. – Agustin Feb 11 '20 at 01:23
  • Hi @Agustin, nice to hear you again :) Just modifying your setup is exactly what I mean not to do. I don't believe that you can just switch things and it will do. You have to setup a bridge on each end of the VPN tunnel and both bridges must work correct to get a result. This is very difficult to debug. – Ingo Feb 11 '20 at 10:20
  • it is indeed nice to hear from you again! Ok I get you, yeah I already had in mind I had to start from scratch again. I just couldn’t find a well documented article like yours to build this hehe. Thank you as always you’re amazing! – Agustin Feb 11 '20 at 12:51
  • Hi @Ingo, I've been going through the setup that you linked to. It had me confused for quite a bit, because you set up the hotspot as the VPN server, and home as a client? Is this correct? I am not able to open up ports 1194 UDP on the hotspot. – Agustin Feb 16 '20 at 22:25