So I need some help with setting up a Tap Client from an OPNSense Router that is running the server. I have had success with connecting an OPNSense router to another but for some reason the tunnel is connected when I setup the OpenWRT Client but it doesn't seem like there is any traffic. There is only a few packets that get sent but nothing received, TAP interface is enabled and is bridged to an Ethernet port. Also in the wan zone TAP0 is set in there as well. Can anyone provide any insight on what I am missing?
From luci, network, firewall, edit wan in zones. Under advanced settings add the interface to covered devices. Worth a try. Your setup is not really clearly described so I'm just guessing at a solution.
TUN = tunnel network over Layer 3 routing. There is a subnet between the OpenVPN client and server that handles inter-device communication
TAP = Physical Layer 2 link to whatever interface you bridge it to. You won't have a "route" because there is no routing. Its like dragging a really long ethernet cable between two networks.
TUN is recommended and supported. TAP is available as an option, but is unsupported as it's.......troublesome. And it has a lot of security implications, such as lack of any filtering whatsoever.
With any VPN provider, you don't need TAP. TUN works perfectly fine. Just make sure you configure a VPN interface as a gateway, configure it as a gateway for your traffic in your rules for any source hosts you want to go out the VPN, and ensure you have a Manual Outbound NAT configured for the hosts or networks that need to traverse the tunnel.
I need tap as I need to pass multicast traffic. I did add the VPN interface to the covered devices and setup a bridge for an Ethernet port ETH2 and the TAP0 interface. Traffic is passing now but I am finding there is an issue that the traffic doesn't get to ETH0 dispite the TAP0 interface being up and passing traffic.