OpenVPN on OpenWrt Bridge Mode to upstream Router

Hi All.

The OpenWRT router is connected to the internet and behind it is a Sophos UTM virtual appliance that I wish to maintain as the primary Router / NAT device. I have successfully configured and connected the OpenVPN in client mode to PIA and tested OK. What I wish to achieve is now setting the OpenWRT router to bridge mode so it passes through the external WAN IP address to the Sophos UTM. There is no other functions the OpenWRT router needs to perform.

Does anyone have any advise on how to achieve this?


I'm lost. If the OpenWrt router is going to "pass through" its external WAN address to another device, what does it need to do beyond being a wire? At least as you've described it, just configure DHCP on the Sophos UTM's "outside" interface, plug it in to your modem/transport, and you're done.

Thanks Jeff. Your correct, my problem is configuring the OpenWRT router to simply pass the external WAN IP address assigned by the VPN to Lan port 1 where the UTM is connected. Currently its handing out DHCP so the UTM get a 192.168.xx address. Can not figure out how to make this work. Thanks for the reply :slight_smile:

Ah! (not that I know the answer, but at least I think I understand now)

You need the OpenWrt box to manage the direct connection to your ISP, as well as serve as a VPN client.

You'd like the "outside" interface of the Sophos UTM to effectively "talk directly through" the VPN.

I don't know that you can "pass" the address to another host, especially as you'd have two interfaces on the same network with the same address. I'm assuming that this is a consumer-style VPN, in contrast to a bridge that might be used by enterprises to connect two networks and all of their hosts. If so, you'd typically get a single IP address for your endpoint, and a gateway for your traffic.

There may be a more "elegant" approach out there, but one way would be to one-to-one NAT (address-only, all ports statically mapped) to an on-link address of your choice that is assigned to the Sophos UTM.