I'm trying to make use of my VPS as OpenVPN server for "LAN" gaming which involves broadcasts, so I need to configure TAP. Typically, when I look up some examples of tap configuration, it uses ethernet bridging with server's private LAN and DHCP server on that network. The problem is, my VPS has not any private LAN, besides loopback it has only ethernet interface with one public IP. Is it possible to set up OpenVPN TAP server without bridging, with its own DHCP and allowing clients to talk to each other?
I tried following server config:
port 1194
proto udp
dev tap0
ca ca.crt
cer server.crt
key server.key
dh dh.pem
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
client-to-client
duplicate-cn
keepalive 10 120
<tls-auth>
...
</tls-auth>
key-direction 0
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
with client configs:
client
dev tap
proto udp
remote SERVERIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
<tls-auth>
...
</tls-auth>
key-direction 1
cipher AES-256-CBC
verb 3
Each client has its own key pair.
Both clients are sometimes able to connect simultaneously. Sometimes, only one can connect and the other is stuck waiting on MANAGEMENT >STATE (some number), WAIT. When they both manage to connect, they get IPs 10.8.0.50 and 10.8.0.51 as expected, but cannot ping each other. Both are windows machines with their OpenVPN adapters marked as private network.
