The goal: I want to be able to stream to my Chromecast when I’m outside from my home network via VPN.

The problem: the Chromecast use the multicast protocol SSDP (Simple Service Discovery Protocol) to work and this protocol is not routed (usually) by a VPN connection.

The solution: to reach my goal, the only “easy” solution is to use OpenVPN with a TAP interface and assign a segment of the network to the VPN users.
I have a spare Raspberry Pi so I have installed PiVPN on it.
PiVPN is a very cool script to easily setup a working OpenVPN server on Raspberry Pi with the TUN interface.

So, at first I’ll follow the PiVPN wizard to setup a working OpenVPN server with TUN interface.

To setup the TAP interface on the OpenVPN server I had to modify the default PiVPN configuration.

Here my network settings (you have to adapt all the configurations based on your network setup):

IP address of Raspberry Pi:
Broadcast address:
Router's IP address:

First create a file /etc/openvpn/openvpn-bridge like this:


# Define Bridge Interface

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.

case "$1" in
for t in $tap; do
openvpn --mktun --dev $t

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t

for t in $tap; do
ifconfig $t promisc up

sleep 10

ifconfig $eth promisc up

sleep 5

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

sleep 2

route add default gw $eth_gateway
ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn --rmtun --dev $t

ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast

route add default gw $eth_gateway
echo "Usage: openvpn-bridge {start|stop}"
exit 1
exit 0

Then make it executable

chmod 744 /etc/openvpn/openvpn-bridge

Then edit this following file, to add the script just created.

vim /lib/systemd/system/openvpn@.service

Insert the following two lines after the line “WorkingDirectory=/etc/openvpn”

ExecStartPre=/etc/openvpn/openvpn-bridge start
ExecStopPost=/etc/openvpn/openvpn-bridge stop

This is the file after the modifications

Description=OpenVPN connection to %i

ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStartPre=/etc/openvpn/openvpn-bridge start
ExecStopPost=/etc/openvpn/openvpn-bridge stop


Be also sure to have installed the package bridge-utils

apt install bridge-utils

Finally modify the file /etc/openvpn/server.conf with TAP instead TUN

port 1194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/pki/ca.crt

Now, reboot your Raspberry Pi, make sure also to modify your client configuration for a TAP device…

dev tap
proto udp

Now you should have a working OpenVPN server with TAN interface.

Before trying to get a working setup with TAP interface, start with a working TUN setup (PiVPN is a great tool to reach this point).

To get my configuration working I found some help from this thread.

Leave a Reply

Your email address will not be published. Required fields are marked *