OpenVPN TAP connection mapped to one physical LAN port?

Discussion in 'Tomato Firmware' started by Andlier, Nov 27, 2012.

  1. Andlier

    Andlier Serious Server Member

    For WRT54LG for example: Is it possible to have a vpn tap connection mapped to a physical lan-port while the other physical ports on the router function as the local lan with dhcp, wireless and internet coming from local WAN connection.

    Anything plugged into the VPN tap port should receive IP address and internet from the dhcp server in the other end of the vpn-tunnel and not be able to access the local lan or internet in any way. Vise versa the local lan on the other ports should not be aware of the vpn-tap connection.

    In the current tomato firmwares I've tried, it seems that the vpn tap connection is automatically linked to the br0 lan interface, regardless of VLAN settings etc.

    Any help appreciated!
  2. shibby20

    shibby20 Network Guru Member

    1) make new br interface (br1) on basic -> network page withour DHCP.
    2) make new VLAN with mapped only one physical LAN port and bridge with new br1 interface
    3) in VPN setup uncheck "Server is on the same subnet" (because this checkbox bridge tap to br0 by default) and set IP manually
    4) create a small script:
    change tap11 to your tap iface of course :) Save script somewhere (jffs, opt) In my example it will be: /opt/etc/ and add execute right:
    chmod +x /opt/etc/
    5) now add this script to custom VPN configuration:
    This will execute script and add tap11 to br1 after establish vpn connection.
  3. Andlier

    Andlier Serious Server Member

    Thanks a lot! Seems to work.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice