Tun vs Tap mode…Simple as just flipping both ends?

  • I'm looking for devices on one end my site-to-site VPN to be able to discover devices (via Plex GDM) on the other end of the VPN and thus both networks need to be part of the same broadcast domain.

    Is it as simple as just flipping the device mode from Tun to Tap on both ends?  And even if it is, what other implications should I be considering other than increased overhead on the VPN tunnel?

  • A brief bridging vs routing discussion can be found here -> https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

    Is it as simple as just flipping the device mode from Tun to Tap on both ends?

    The short answer is no.  You also need to assign the tunnel to an interface and bridge that interface to your LAN.  Then you need to coordinate the addressing of your devices, so there's no overlap.  Not to mention, both sides will need to prevent their DHCP server's broadcast traffic from traversing the tunnel and causing issues on the other end.

    In general, unless there is a specific requirement to access an application that only relies on broadcast traffic, a routed solution is your best bet.

    My guess is Plex also supports some sort of direct IP mapping.  In which case, I would stick with a routed solution. It will perform better, it's a simpler setup and it will only forward traffic that is destined for the remote end.

Log in to reply