The goal: I want to be able to stream to my Chromecast when I’m outside from my home network via VPN.

The problem: the Chromecast use the multicast protocol SSDP (Simple Service Discovery Protocol) to work and this protocol is not routed (usually) by a VPN connection.

The solution: to reach my goal, the only “easy” solution is to use OpenVPN with a TAP interface and assign a segment of the network to the VPN users.
I have a spare Raspberry Pi so I have installed PiVPN on it.
PiVPN is a very cool script to easily setup a working OpenVPN server on Raspberry Pi with the TUN interface.

So, at first I’ll follow the PiVPN wizard to setup a working OpenVPN server with TUN interface.

To setup the TAP interface on the OpenVPN server I had to modify the default PiVPN configuration.

Here my network settings (you have to adapt all the configurations based on your network setup):

IP address of Raspberry Pi:
Broadcast address:
Router's IP address:

First create a file /etc/openvpn/openvpn-bridge like this:


# Define Bridge Interface

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.

case "$1" in
for t in $tap; do
openvpn --mktun --dev $t

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
brctl addif $br $t

for t in $tap; do
ifconfig $t promisc up

sleep 10

ifconfig $eth promisc up

sleep 5

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

sleep 2

route add default gw $eth_gateway
ifconfig $br down
brctl delbr $br

for t in $tap; do
openvpn --rmtun --dev $t

ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast

route add default gw $eth_gateway
echo "Usage: openvpn-bridge {start|stop}"
exit 1
exit 0

Then make it executable

chmod 744 /etc/openvpn/openvpn-bridge

Then edit this following file, to add the script just created.

vim /lib/systemd/system/openvpn@.service

Insert the following two lines after the line “WorkingDirectory=/etc/openvpn”

ExecStartPre=/etc/openvpn/openvpn-bridge start
ExecStopPost=/etc/openvpn/openvpn-bridge stop

This is the file after the modifications

Description=OpenVPN connection to %i

ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStartPre=/etc/openvpn/openvpn-bridge start
ExecStopPost=/etc/openvpn/openvpn-bridge stop


Be also sure to have installed the package bridge-utils

apt install bridge-utils

Finally modify the file /etc/openvpn/server.conf with TAP instead TUN

port 1194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/pki/ca.crt

Now, reboot your Raspberry Pi, make sure also to modify your client configuration for a TAP device…

dev tap
proto udp

Now you should have a working OpenVPN server with TAN interface.

Before trying to get a working setup with TAP interface, start with a working TUN setup (PiVPN is a great tool to reach this point).

To get my configuration working I found some help from this thread.


toni · April 19, 2018 at 10:01

Hi huntz! Great article – It helped me a lot because I’m trying to do the exact same thing. There’s one thing I’m curious about. Here on the Openvpn’s page: ,they say that you have to comment out the line that begins with ‘server’ and replace it with: ‘server-bridge…’. In your posted scripts you are not changing that. My point is that when I connect to the server following your article, I’m not able to ping my bridged network (which in my case is different one – and by different I mean if having the rpi in, I’m bridging network with tap0 ). Do you think that this might be the problem.

    Bernd · May 17, 2021 at 19:19

    Thanks for noticing that missing piece! That’s a basic puzzle part missing in the still not corrected article. For future people finding this article during the search for a VPN bridging solution, **do not forget the “server-bridge …” directive in the server config file**, as stated in

James · May 14, 2018 at 20:30

THANKS for this. Is there a way to set the bridge as Static IP? I get the following over and over on my router:
May 10 05:47:45 dnsmasq-dhcp[704]: DHCPDISCOVER(br0) Pi MAC
May 10 05:47:45 dnsmasq-dhcp[704]: DHCPOFFER(br0) Pi MAC
May 10 05:48:50 dnsmasq-dhcp[704]: DHCPDISCOVER(br0) Pi MAC
May 10 05:48:50 dnsmasq-dhcp[704]: DHCPOFFER(br0) Pi MAC
May 10 05:49:55 dnsmasq-dhcp[704]: DHCPDISCOVER(br0) Pi MAC
May 10 05:49:55 dnsmasq-dhcp[704]: DHCPOFFER(br0) Pi MAC
May 10 05:50:59 dnsmasq-dhcp[704]: DHCPDISCOVER(br0) Pi MAC
May 10 05:50:59 dnsmasq-dhcp[704]: DHCPOFFER(br0) Pi MAC
May 10 05:52:03 dnsmasq-dhcp[704]: DHCPDISCOVER(br0) Pi MAC
May 10 05:52:03 dnsmasq-dhcp[704]: DHCPOFFER(br0) Pi MAC

doman18 · October 26, 2018 at 13:08

I didnt use PiVPN. For TUN i always did it manually (on debian). Also i did bridge setup succesfully. So i tried to do it the same way on raspbian. My problem is that i can connect from LAN, but i cant from WAN. Redirections on my router seem to be ok, On Debian (server and gateway) all works fine, but in raspbian something must be wrong. I tried to setup 2 times, i changed router to different one, checked if port is open by some online tools.Ive seen that ppl with similar problems switched from UDP to TCP and it helped. Maybe i should give a try with PiVPN.

Jefferson Huang · April 20, 2019 at 08:12

I just want to thank you for this guide. I followed it and got tap working after I figured out the step your guide was missing. The step is:

In server.config, comment out the server line and type in:
server-bridge ip_of)device subnet_of_device start_of_ip_pool end_of_ip_pool

lodal · May 14, 2020 at 19:10

i tried it down not work.
i can connect to vpn but ip always starts with 10.8.0.*
my rpi ip (reserved by router)
tested for months and default pivpn tun works fine
i added the server-bridge with

Onur Bilginer · August 25, 2020 at 10:56

Hi Guys, I am trying to establish bridge with pi but it doesn’t work unfortunately. Anyone can help?

Scott · January 25, 2022 at 19:29

There are a few more steps required to make this work in 2022! Here’s a post that covers the specifics:

T · July 5, 2022 at 21:32

Indeed Scott! Thank you very much for the link!

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *