I install a Raspberry Pi, configure it, and set some port forwarding rules on the router.
One thing I have noticed:
The openvpn-bridge script sets up a TAP interface.
This interface will have a random MAC address.
Then the bridge interface, br0, is created using eth and tap.
br0 will assume the MAC address of either the eth or tap interface, based on which has the lowest hex value.
This is not ideal.
see: https://backreference.org/2010/07/28/li ... mic-ports/
On some routers, this randomness of mac address can actually break the port forwarding rules, and the vpn won't work.
What we want is for br0 to always be the same mac address as the ethernet
We can use the ip link command to do this,
First, where we set variables for the ethernet, add a new variable for the mac address, for example:
Code: Select all
eth="enp0s3"
eth_mac="54:ee:75:a7:11:e4"
eth_ip_netmask="192.168.5.100/24"
eth_broadcast="192.168.5.255"
eth_gateway="192.168.5.1"
Code: Select all
ip addr add $eth_ip_netmask broadcast $eth_broadcast dev $br
ip link set $br address $eth_mac
ip link set $br up
Other devices on the network, particularly routers, are happy.
So I propose the openvpn-bridge script in the wiki be modified with these changes.
So far, this has worked for me with no downside.
I have not tested this in a virtual machine as per the wiki page,
but I see no reason why this would not work in a VM just as well as on bare metal.