Skip to main content

Tutorial (Legacy): Configure Access Server for a Privately Bridged Network

Abstract

Ethernet bridging is a deprecated mode for Access Server, but with careful configuration, it can still be used for specific use cases.

Overview

Important word of caution:

This setup is deprecated, and we don't support it. We recommend using layer 3 routing mode but provide this documentation for legacy layer 2 bridging mode setups.

Although Access Server is typically used to link corporate networks and clients, it can also be configured for a private bridged network. This setup allows clients to connect to a network for specific applications that require broadcast or discovery services, such as multiplayer LAN games or cluster-based applications. Private bridging enables full bidirectional connectivity between clients, even in environments where broadcast services are restricted (e.g., Amazon AWS, VPS, or colocation services).

Prerequisites

To set up Access Server for private bridging, the following conditions must be met:

  • Access Server is configured in Layer 2 Ethernet Bridging Mode.

  • Client Internet traffic tunneling is disabled.

  • bridge-utils package is installed, and an empty bridge is created on startup.

  • Sufficient concurrent licenses for each connected client.

Step 1: Configure the private bridge

With an Access Server configured for Layer 2 ethernet bridging mode, you can configure a private bridge with these steps.

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Advanced VPN.

  3. Scroll down to Additional OpenVPN Config Directives (Advanced).

  4. Under Server Config Directives, add the following line:

    ifconfig-pool <start IP address> <end IP address> <subnet mask>

    Replace <start IP address>, <end IP address>, and <subnet mask> with your desired IP range and subnet mask for the private bridged network.

    Example 1. Directive example

    If you want to assign IPs from 192.168.1.100 to 192.168.1.200 with a subnet mask of 255.255.255.0, enter:

    ifconfig-pool 192.168.1.100 192.168.1.200 255.255.255.0


    Important

    If you have Windows clients, the first IP address in the subnet (e.g., 192.168.1.1) is reserved for the virtual DHCP server. Start with the second IP (e.g., 192.168.1.2).

    Ensure the IP assigned to your VPN server and other hosts in the private network doesn't fall within the client IP pool.

Step 2: Connect clients

Clients can now connect to the private bridged network using an OpenVPN2-based client.

Caution

You must use a client app that supports TAP. Our latest OpenVPN Connect is not compatible with this scenario.

  1. Connect to the Client Web UI with the URL of your Access Server's public domain or IP address.

  2. Sign in with user credentials.

  3. Download a connection profile (.ovpn file).

    • The connection profile has all the configuration settings for connecting to the bridged network.

  4. Import the profile into an OpenVPN2-based client app that supports the necessary TAP interface.

  5. Once you configure the client, you can connect to the VPN to access the private bridged network.

In this section: