I've been using OpenVPN at work for a while now. One of the things I was curious about was the difference between TAP and TUN connections. By default OpenVPN uses the TUN. The release notes said something about compatibility in other operating systems and I saw a nice split of Windows and PC users so I decided compatibility was the more important. But the cost was the performance of the system. I'm not sure on the network level what the difference between a TAP and TUN connection. I know a tun uses single port. and a type creates a virtual device that uses a tunnel. But I decided to switch our internal VPN to TAP.
What a difference that makes. Using TAP we can browse other computers on the VPN as if they were on a localhost. And the speed of file copies went up a little bit. Browsing the server improved dramatically.
So if you are using OpenVPN and are on a primarily windows environment I would suggest using TAP in the server and client configs. The steps are
- open client config.ovpn in your favorite text editor.
- change dev tun to dev tap
- open the server config.ovpn in your favorite text editor
- change dev tun to dev tap
- change the server IP and subnet to: server 10.8.0.0 255.255.255.0 or whatever your iprange will be
- restart all server and client openvpn daemons
- breathe the fresh air of having local network speed on boxes far away
Cheers
Leave a comment