Menu
What's new
By:
Filters Better Search

Enableing TAP rather than TUN help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

steve288

Occasional Visitor
Have successfully used my Asus RT-AC66U B1 to access my network via OpenVPN. This comes through the ISP's router then to the Asus router. Works great. I use TUN. I can access computers, use remote desktop etc.
Ok so it does not work perfectly in one case. I use a program called EZVIS to search for my Hikvision camera at home. It works fine when I'm at home locally. But it does not work over an OpenVPN connection.

Someone has said this MAY be because Multicast does not work on VPN connections. So tries to find the device but cannot. The program sadly does not allow me to put in an IP address that I know of. Then Others said well if you set up TAP rather than TUN VPN this may work. So I went to router clicked drop down box in OpenVPN server tab and set it to TAP. I then tried to connect with my clients and it would not connect.

There may be many helpful things you all may say and I welcome them. However the one question I do have is, do i have renew my certificate and export, and import into the client again a new .ovpn file. I did try to switch to TAP applied then tried to use my existing clients, but this did not work. There does not seem to be any way in the client software to changed from TAP to TUN.
Thank you.
PS current firmware is Current Version : 3.0.0.4.386_51685-gd1be76f
 
Yes you have to export the .ovpn file again and import it on the client device. You might get away with just editing the original .ovpn file and changing the dev tun line.

IIRC Apple devices don't allow tap mode.
 
It's been ages since I used an Android device, but way back when I last did, neither Apple nor Android supported bridged (TAP) OpenVPN tunnels. I've had others suggest you can w/ Android provided you're willing to use third-party repositories, or likewise w/ a jail-broken Apple device, but I've never confirmed it personally.

This is why for road warriors, it might be a good idea to configure a travel router that manages the OpenVPN bridged client, thus acting as a middleman between the mobile device and the server.
 
Last edited:
eibgrad said:
It's been ages since I used an Android device, but way back when I last did, neither Apple nor Android supported bridged (TAP) OpenVPN tunnels. I've had others suggest you can w/ Android provided you're willing to use third-party repositories, or likewise a/ a jail-broken Apple device, but I've never confirmed it personally.

This is why for road warriors, it might be a good idea to configure a travel router that manages the OpenVPN bridged client, thus acting as a middleman between the mobile device and the server.
Click to expand...
mm well that would be disappointing. I will test and see what happens, thank for your advice.
 
eibgrad said:
It's been ages since I used an Android device, but way back when I last did, neither Apple nor Android supported bridged (TAP) OpenVPN tunnels. I've had others suggest you can w/ Android provided you're willing to use third-party repositories, or likewise w/ a jail-broken Apple device, but I've never confirmed it personally.

This is why for road warriors, it might be a good idea to configure a travel router that manages the OpenVPN bridged client, thus acting as a middleman between the mobile device and the server.
Click to expand...
So I have tested it and your right! the openvpn client does not support tap. I set the Asus router to TAP, exported the opvn file and when I try to import into client it says its not supported. Good enough for them to tell me. I'm no expert on these things. But its odd to me that the server supports it but the client does not. Do you know of a client that does? That is simple to use like the openvpn one. I'm afraid I'm not going to carry a router along with me.
Regards
 
steve288 said:
So I have tested it and your right! the openvpn client does not support tap. I set the Asus router to TAP, exported the opvn file and when I try to import into client it says its not supported. Good enough for them to tell me. I'm no expert on these things. But its odd to me that the server supports it but the client does not. Do you know of a client that does? That is simple to use like the openvpn one. I'm afraid I'm not going to carry a router along with me.
Regards
Click to expand...
You didn't mention what your client device is. After @eibgrad's post I went back and checked my current Android phone (using the OpenVPN Connect app) and got the same "not supported" error you did. This is a change in behaviour because the same app on my previous Android phone from five years a go definitely did support tap as I used it quite frequently and still have the .ovpn files. My guess is this is a change imposed by Android rather than the app itself.
 
Last edited:
Thank you for your response. I have done some reading and found that openvpn2 did or does support it but openvpn3 does not. So you are most likely confirming this. It was removed. The claim is there are workarounds or you dont need it?? There is some complex discussions regarding this here:
https://forums.openvpn.net/viewtopic.php?t=34863
I have tried to look for v2 but on Androids they are not quick to tell you which version you are using? As far as where to get v2, how to identify it and if I should use it, frankly I'm in the weeds. Does any version that starts with 2.x.x mean its version 2? The only thing I did glean was you can have both on your device if I read it right.
Regards
 
ColinTaylor said:
You didn't mention what your client device is. After @eibgrad's post I went back and checked my current Android phone (using the OpenVPN Connect app) and got the same "not supported" error you did. This is a change in behaviour because the same app on my previous Android phone from five years a go definitely did support tap as I used it quite frequently and still have the .ovpn files. My guess is this is a change imposed by Android rather than the app itself.
Click to expand...

I suspect these platforms (Apple and Android) see it as a security risk since you're hooking into layer 2. But frankly, nothing actually requires the client to bridge the tunnel to the client's local network interface. It could just as well be *routed* from the client's perspective, and only bridged at the server side. But I don't think that's the way THEY are thinking about it. They seem to assume being locally bridged is expected and/or necessary (which it isn't).
 
Last edited:
You must log in or register to reply here.

Similar threads

E
OpenVPN TAP internet access problem
Replies
0
Views
414
elorimer
E
P
R9000 with Voxel's Custom firmware Unable to connect via TUN
Replies
5
Views
364
R. Gerrits
R
Sergyk
VPN client
Replies
7
Views
542
eibgrad
eibgrad
E
OpeVPN TAP connection for a single device
Replies
0
Views
391
elorimer
E
C
OpenVPN advice for multiple simultaneous clients on same host
Replies
3
Views
416
eibgrad
eibgrad

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,110 (members: 20, guests: 1,090)
Top