I'm having a hard time bridging two LANs together with VPN. I've tried following the thread Bridging Two LANs through a VPN but to no avail. I think I have the authentication part of VPN working as my Client router receives an IP address from the VPN server, but then I'm stuck. From the Client LAN side I can only ping that single IP address and no other from the VPN server LAN. Just like in the thread mentioned above both LANs work fine on their own. However in my case LANs are on different subnets. Here's my setup (extracted from routers through ssh): VPN server router (192.168.2.251/255.255.255.0): Code: # cat /etc/openvpn/server2/config.ovpn # Automatically generated configuration daemon server-bridge 192.168.2.251 255.255.255.0 192.168.2.170 192.168.2.189 proto udp port 1194 dev tap22 cipher AES-256-CBC keepalive 15 60 verb 3 tls-auth static.key 0 ca ca.crt dh dh.pem cert server.crt key server.key status-version 2 status status # Custom Configuration keepalive 10 60 persist-key persist-tun user nobody group nobody fragment 1500 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface server.isp.i.p 0.0.0.0 255.255.255.128 U 0 0 0 vlan1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 server.isp.i.p 0.0.0.0 UG 0 0 0 vlan1 "Manage Client-Specific Options" is enabled "Allow Client<->Client" is enabled VPN client router (192.168.3.252/255.255.255.0): Code: # cat /etc/openvpn/client2/config.ovpn # Automatically generated configuration daemon client dev tap12 proto udp remote server.address 1194 resolv-retry 30 nobind persist-key persist-tun comp-lzo no cipher AES-256-CBC verb 3 tls-auth static.key 1 ca ca.crt cert client.crt key client.key status-version 2 status status # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tap12 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 client.isp.i.p 0.0.0.0 UG 0 0 0 vlan1 "Server is on the same subnet" is disabled. Message "Warning: Cannot bridge distinct subnets. Defaulting to routed mode." is displayed. I understand subnets are distinct, but don't understand what router mode means. "Create NAT on tunnel" is disabled. Message "Routes must be configured manually." is displayed. I don't know how to do this. Under Advanced->Routing "Mode" is set to "Gateway" and "RIPv1 & v2" is disabled. I haven't opened any ports in any firewalls for this. Should I have? I can successfully connect with an openvpn client from a Mac without having done so. I've been struggling for a few days and am at my wits end. I'd be thankful for any help.