How to let the SoftEther VPN client users access LAN PCs behind OpenWrt router

Hi, I have successfully running SoftEther VPN server(version 4) on OpenWrt 22.03, and I have VPN client successfully connected to the server. This is mainly by the help of SoftEther user forum thread L2TP vpn client report 720 Error when try to connect SoftEther VPN on OpenWrt and our forum post: How to tweak the firewall of OpenWrt 22.03 to support Softether VPN server.

There are some remaining issues:

My vpn clients has got assigned IP address 192.168.1.X, while my "br-lan" has IP address So, I see that two of my vpn clients can access each other, but my LAN PCs(those IP address are 192.168.2.x) which behind the router can not access the vpn clients.

The two question is:

Can the vpn client got assigned by the 192.168.2.x IP address?
How to make the VPN clients and my LAN PCs got connected each other?


You need to create a new local bridge using some name for TAP device.




Then attach the newly created tap_<nameused> device to br-lan.


Hi, pavelgl, thanks for the reply.

I was using the TAP device before(Bridge with New TAP Device), but I'm not sure how to "Attach the newly created TAP device to the "br-lan", in my OpenWrt Web configure interface, I don't see the choice options in your last image shot as you posted, so I do not know how to select the "tap_softether" to the br-lan's "Bridge ports".

What version of OpenWrt do you use? I'm using the I'm running OpenWrt 22.03.5 r20134-5f15225c1e / LuCI ce20b4a6e0c86313c0c6e9c89eedf8f033f5e637 branch git-23.144.07943-874ba1e under a Nano Pi R4S board. This is mentioned in my post: How to tweak the firewall of OpenWrt 22.03 to support Softether VPN server

LuCI->Network->Interfaces (Devices tab)


Hi, pavelgl, you are my life saver. I haven't navigated to this option page before. :sweat_smile:

This this changes(I have also created a TAP device in the SoftEther management tool GUI), and I can correctly got the VPN client has the same IP address subnet(192.168.2.x) as my LAN PCs. That's Great! Now, I see that I can access the VPN client directly from the LAN PC.

Now, I think I will write some wiki page about the SoftEther VNP server here: [OpenWrt Wiki] SoftEther VPN

as I mentioned in this thread L2TP vpn client report 720 Error when try to connect SoftEther VPN on OpenWrt

1 Like

I have another related question:

I have see that one of my vpn client was assigned IP address, and the other vpn client got Which is depends on who connect first. My question is: is it possible to fix the IP address of the assigned vpn client? I mean I would like the PC-A always got a fixed assigned VPN address. But it looks like the mac address was not transferred by the internet, how can I do that under SoftEther VPN server running under OpenWrt?

Couldn’t you just change netmask to, add the tap-device to br-lan, keep dhcp as-is? This is pretty much what you’d do with zerotier to get the l2 access. (I can recommends this package too, it takes up less space than softether and possibly easier to set up)

Hi, I haven't seen the zerotier before, do you mean this tool: [OpenWrt Wiki] Zerotier? I will try it if I have time, thanks!

Yes, it’s exactly that one.
It’s an overlay network, but you can define default routing through the router zt resides on, so that it works like a vpn. (You can switch that on/off in the ios/windows/etc apps)