OpenVPN Bridge Mode Documentation

Raspberry Pi/Linux OpenVPN Server in Bridge Mode

This guide provides step-by-step instructions to set up an OpenVPN server in bridge mode on a Raspberry Pi or Linux device. Bridged networking allows VPN clients to appear as if they are on the same local network as the server, enabling seamless communication.

Prerequisites

Static IP Address: Ensure your Raspberry Pi has a static IP address. This can be configured:
- Directly on the Raspberry Pi using raspi-config
- By reserving an IP address for the Raspberry Pi in your router’s DHCP settings
Network Planning: Plan your IP addressing to avoid conflicts:
- Choose a unique private IP range for your home network
- Ensure the range doesn’t conflict with common remote networks
- See the Network Planning section below for detailed guidance
Bridge Utilities: Install bridge-utils for managing network bridges
OpenVPN: Install and configure OpenVPN using the provided script

Network Planning

⚠️ Critical: Plan Your IP Addressing Before Setup

One of the most common issues with VPN setups is subnet conflicts. When your home network and the remote network you’re connecting from use the same IP range, the VPN will not work properly.

Common Network Conflicts

Most home routers use these default IP ranges:

192.168.1.0/24 (192.168.1.1 - 192.168.1.254)
192.168.0.0/24 (192.168.0.1 - 192.168.0.254)
10.0.0.0/24 (10.0.0.1 - 10.0.0.254)

Example Network Configuration

If you choose 10.99.99.0/24 for your home network:

Router IP: 10.99.99.1
Raspberry Pi IP: 10.99.99.134
DHCP Range: 10.99.99.100 - 10.99.99.199
VPN Client Range: 10.99.99.200 - 10.99.99.210

Alternative Network Examples

10.11.12.0/24 Network (recommended for avoiding conflicts):

Router IP: 10.11.12.1
OpenVPN Server IP: 10.11.12.2
DHCP Range: 10.11.12.100 - 10.11.12.199
VPN Client Range: 10.11.12.200 - 10.11.12.210

Network Planning Assumptions

When setting up your VPN, consider these typical scenarios:

Client’s network: 192.168.0.1/24 (common in hotels, offices, public WiFi)
Your home network: Choose one of the recommended ranges above
DNS setup: Consider configuring a DNS record like myvpn-63864.duckdns.org
Port configuration: Default port 1194 or custom port like 11194

Why This Matters

When you connect to your home VPN from a remote location (hotel, office, etc.), if both networks use the same IP range like 192.168.1.0/24, your device won’t know whether to route traffic locally or through the VPN. Using a unique range like 10.99.99.0/24 eliminates this confusion.

Why Bridge Mode?

Bridge mode is particularly useful for applications like ham radio (e.g., ExpertSDR3), where devices need to communicate as if they are on the same local network. Unlike routed mode, bridge mode allows broadcast and multicast traffic, which is essential for some applications.

Installation Steps

Step 1: Install Raspberry Pi OS

Option 1: Using Raspberry Pi Imager (Recommended)

Download Raspberry Pi Imager:
- Visit rpi.org and download the imager for your operating system
Prepare SD Card:
- Insert a microSD card (16GB or larger recommended) into your computer
- Launch Raspberry Pi Imager
Configure the Image:
- Click “Choose OS” and select “Raspberry Pi OS (32-bit)” or “Raspberry Pi OS Lite” for headless setup
- Click the gear icon for advanced options:
  - Enable SSH: Check this box
  - Set username and password: Use a strong password
  - Configure WiFi: Enter your network credentials if using WiFi
  - Set locale settings: Configure your timezone and keyboard layout
Write to SD Card:
- Select your SD card
- Click “Write” and wait for the process to complete

Option 2: Manual Configuration

If you prefer manual setup or need to enable SSH on an existing installation:

Enable SSH:
- Create an empty file named ssh in the boot partition of the SD card
```
# On Linux/macOS
touch /path/to/boot/ssh
```
Configure WiFi (if needed):
- Create wpa_supplicant.conf in the boot partition: ```conf country=US ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1
network={ ssid=”YourNetworkName” psk=”YourPassword” } ```

Step 2: Configure Raspberry Pi

Initial Access

Boot the Raspberry Pi:
- Insert the SD card and power on the Raspberry Pi
- Wait 2-3 minutes for the initial boot process

Find the IP address:

# Use nmap to scan your network
nmap -sn 192.168.1.0/24
   
# Or check your router's admin panel for connected devices

Connect via SSH:

ssh pi@192.168.1.x
# Use the username and password you configured

Essential Configuration Steps

Update the system:
```
sudo apt update && sudo apt upgrade -y
```
Configure static IP (if not done during imaging):
```
sudo raspi-config
```
- Navigate to “Advanced Options” → “Network Config”
- Or manually edit /etc/dhcpcd.conf
Set timezone:
```
sudo raspi-config
```
- Navigate to “Localisation Options” → “Timezone”

Enable SSH permanently:

sudo systemctl enable ssh
sudo systemctl start ssh

Install essential packages:

sudo apt install bridge-utils net-tools curl wget -y

Verify Configuration

Check network configuration:

ip addr show
ip route show

For the complete installation guide including all remaining steps, configuration details, and troubleshooting information, please refer to the full documentation.

Troubleshooting

For comprehensive troubleshooting information including:

Subnet Conflicts
OpenVPN Service Issues
Bridge Configuration Issues
Client Connection Issues
Network Connectivity Tests
Performance Issues
Log Analysis

Please visit the Troubleshooting Section in the main documentation.

References

OpenVPN Documentation

Dynamic DNS Services

No-IP - Free dynamic DNS with limited features
DuckDNS - Free and simple dynamic DNS
CloudNS - Professional DNS services
Cloudflare - Free tier includes dynamic DNS

Contributing

Found an issue or want to improve this documentation? Please visit our GitHub repository to contribute.

License

This documentation is available under the MIT License. See the repository for full license details.