February 18, 2008

OpenVPN on TAP

I've been using OpenVPN at work for a while now. One of the things I was curious about was the difference between TAP and TUN connections. By default OpenVPN uses the TUN. The release notes said something about compatibility in other operating systems and I saw a nice split of Windows and PC users so I decided compatibility was the more important. But the cost was the performance of the system. I'm not sure on the network level what the difference between a TAP and TUN connection. I know a tun uses single port. and a type creates a virtual device that uses a tunnel. But I decided to switch our internal VPN to TAP.
What a difference that makes. Using TAP we can browse other computers on the VPN as if they were on a localhost. And the speed of file copies went up a little bit. Browsing the server improved dramatically.

So if you are using OpenVPN and are on a primarily windows environment I would suggest using TAP in the server and client configs. The steps are


  1. open client config.ovpn in your favorite text editor.

  2. change dev tun to dev tap

  3. open the server config.ovpn in your favorite text editor

  4. change dev tun to dev tap

  5. change the server IP and subnet to: server 10.8.0.0 255.255.255.0 or whatever your iprange will be

  6. restart all server and client openvpn daemons

  7. breathe the fresh air of having local network speed on boxes far away

Cheers

Posted by yardie at February 18, 2008 11:27 AM | TrackBack
Comments
Post a comment









Remember personal info?