OpenVPN layer 2 setup

I need some help/advice regarding the setup of OpenVPN server/client. The purpose is to be able to run application which client will run on PC1 and server inside VM on NAS. The application has "wrong design" and for the communication between client/server it requires VPN on layer 2 not on layer 3.

My network setup is as described on the image below. For this purpose i want to use openVPN server Server 2, running inside local network behind R3.

I was also wondering if it's possible to setup openvpn client on machine behind R1 ie Server 1 so that PC1 will be able to see/reach VM running on NAS with IP

Network topology

Thank you for the advice!

also posted at

anyone any help please?

I would set up OpenVPN L3 first and make sure it works, then convert it to L2 if necessary.

1 Like

Hello @vgaetera ,
is it easy to convert it to L2? or its kind of straight forward operation? thank you

If you have a working L3 setup, it shouldn't be difficult:

1 Like

@vgaetera I will check, and is there any simple way how to convert it to l2? thanks!

I'm not sure which way is simpler than copy-pasting, assuming that you set up OpenVPN L3 server and client beforehand.

i meant what exactly has to be changed? what params in config.

  • dev tunX -> dev tapX
  • server network netmask -> server-bridge gateway netmask pool-start-IP pool-end-IP
  • Add the VPN interface to the LAN bridge.
  • Make sure the firewall and DNS configurations match the VPN settings.
1 Like

so assume i want create tunnel on L3 and having access on all the computers in diagram. Is there by any chance a way / hint what config to use for a openvpn server running on Server2 and what config running on openvpn client on Server1, also what route records insert where?

I can slightly start from these points./hints and once solution will work we can try to convert it as suggested to L2.

thank you so much!

well maybe one more important question... if i create tunnel between Server1 and server2...what exactly has to be set / where / what routes that Pc1 will be able to ping/see NAS ,,, is that possible? thanks