Configure VPN Bridge with Raspberry Pi
Need to connect two Nintendo Switches in different locations for local game. A memo so that I don’t forget how I did this.
- Openvpn Network: 192.168.255.0/24
Software installation:
apt install hostapd dnsmasq openvpn net-tools bridge-utils wireless-tools
/etc/hostapd/hostapd.conf (To create WLAN Access Point on Raspberry Pi):
country_code=DE
interface=wlan0
bridge=br0
ssid=ConnectSwitchHere
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=somesecurepassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
systemctl unmask hostapd
systemctl enable hostapd
/etc/dhcpcd.conf (to disable IP discovery for wlan0)
denyinterfaces wlan0
systemctl restart dhcpcd
/etc/systemd/resolved.conf (for DNS on Raspberry Pi)
[Resolve]
DNSStubListener=no
DNS=84.200.69.80 84.200.70.40
systemctl restart systemd-resolved
/etc/dnsmasq.conf (to provide addresses for Nintendo Switch):
listen-address=127.0.0.1
port=53
domain-needed
bogus-priv
no-resolv
server=84.200.69.80
server=84.200.70.40
interface=br0
dhcp-range=192.168.255.51,192.168.255.100,255.255.255.0,24h
domain=wlan
dhcp-option=3,192.168.255.1
dhcp-option=6,84.200.69.80,84.200.70.40
systemctl restart systemd-resolved
systemctl enable dnsmasq
systemctl start dnsmasq
/etc/systemd/network/bridge-br0.netdev
[NetDev]
Name=br0
Kind=bridge
/etc/systemd/network/br0.network
[Match]
Name=br0
[Network]
Address=192.168.255.101
/etc/systemd/network/br0-member-tap0.network
[Match]
Name=tap0
[Link]
RequiredForOnline=no
[Network]
Bridge=br0
ConfigureWithoutCarrier=true
DHCP=v4
IPForward=ipv4
IPMasquerade=yes
KeepConfiguration=yes
[DHCP]
CriticalConnection=yes
systemctl restart systemd-networkd
Openvpn client config file is generated on server with:
docker run -v /docker/openvpn/config:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full username nopass
docker run -v /docker/openvpn/config:/etc/openvpn --rm -it kylemanna/openvpn ovpn_getclient username > /docker/openvpn/username.conf
docker-compose stop openvpn ; docker-compose rm -f openvpn ; docker-compose up --remove-orphans -d
Openvpn client config needs „tun0“ replaced with „tap0“
systemctl enable openvpn@username
systemctl start openvpn@username
One problem: can’t access VPN server’s public IP via the bridge connection. This is by design.
Iptables config (optional):
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE