How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Syseng Your Own Question
Syseng, Computer Systems Engineer
Category: Networking
Satisfied Customers: 7678
Experience:  Cisco and Microsoft certified with over 20 years experience in system design, integration and development
Type Your Networking Question Here...
Syseng is online now

Configuration of OpenVPN (Windows 10) to enable to browse

This answer was rated:

configuration of OpenVPN (Windows 10) to enable to browse BOTH SERVER AND CLIENT connected devices via Browser, from the SERVER end of the tunnel...... I can currently view Server devices (as normal) but would like the tunnel to work BOTH ways.
Customer: replied 10 months ago.
Client PC is based in UK
Server is based in Thailand.
I can connect sucessfully from Client to Server.
I can browse Server connected devices from Client End e.g. Cable Router ( Printer Web Page (
HOWEVER, I would like to be able to view Client connected devices from the SERVER END e.g. Router ( I would like the tunnel to work BOTH Ways. I have tried MANY configurations, but can only get it to work Client to Server (1 Way)
Customer: replied 10 months ago.
I had tried to see if 'Bridging' would have enabled me to achieve this...but i was not successful....
looking at OpenVPN sites has taken me days to figure out and yet no answer..... CAN THIS BE done?Thanks, Robert
Customer: replied 10 months ago.
Oh... i thought perhaps 'PUSHING ROUTES' was a possible way... but this only works from Server to Client?
Customer: replied 10 months ago.
if only there was SOME way to make CLIENT LAN connected devices visible when using PC Browser at the SERVER END?
Customer: replied 10 months ago.
Part of Server.Conf File :server Add route to Client routing table for the OpenVPN Server
push "route"
#push "route"#push route
#push "route"#push "route"
#push "route"# Add route to Client routing table for the OpenVPN Subnet#push "route"
#push "route"# your local subnet
push "route"
push "route"
push "route"ifconfig-pool-persist ipp.txt# push "redirect-gateway def1 bypass-dhcp"push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS"
#push "dhcp-option DNS"push "dhcp-option DNS"# push "dhcp-option DNS"
# push "dhcp-option DNS"
Customer: replied 10 months ago.
Posted by JustAnswer at customer's request) Hello. I would like to request the following Expert Service(s) from you: Secure Remote Assistance.
Customer: replied 10 months ago.
Let me know if you need more information, or send me the service offer(s) so we can proceed.


My name is David.

There are a couple of methods that can be used to get this configuration to work. Perhaps the quickest, simplest way is to use the bridging feature in Windows to bridge the local connection to the OpenVPN TAP connector. If you would like remote assistance to help with the configuration please let me know.



Customer: replied 10 months ago.
David Indeed, I did try bridging..... can you give me example of how my server.config should look for this.... I need working example of server.config using bridging....ORCan this be achieved without bridging, if so, can you give me a working (server.conf) example using the correct network topology , please.David, I have spent days looking at openVPN Community website......Please explain the other method in some more detail.... (you spoke of two ways ?)Kind Regards,Robert

Yes - here is an example of the server configuration file for bridging using the Windows OS bridging feature:

lport 5000
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
mode server
push "route"
duplicate-cn #use this for testing only
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
verb 4

Here is the matching client config:

remote <IP.Address.or.DNS.Name.of.OpenVPN.Server>
port 5000
dev tap
ca ca.crt
cert client.crt
key client.key
verb 4

Note that to make this work your local area connection settings (the network adapter bridged to the OpenVPN TAP connector) must be the same as the settings for the OpenVPN TAP connector because once bridged the adapters work like a single adapter.

Customer: replied 10 months ago. do I bridge adapters at both Server and Client PCs?
Do i forget about the ifconfig ( /
Customer: replied 10 months ago.
See part Server.conf in notes..
Customer: replied 10 months ago.
David can you explain this line a bit more?
push "route"Thanks, Robert

No bridging only on the client side since the server is designed to provide local subnet network access. The ifconfig directive can remain however since you are bridging make sure the LAN on the client side also uses the same 10.8.x.x subnet.

Regarding the push "route", you would not need that - it is specific to the network from which I grabbed the configuration example (I just made a quick copy so you could review how it needs to be configured).

The push "route" would only be if you have other networks connected on the server side that the client cannot access without the additional route added to the client routing table. This could also be entered manually on the client side if you have a situation in which you want the client to have access to other networks (subnets) on the server side.

Customer: replied 10 months ago.
Sadly, This is where I can't relate these examples to my actual requirement...... read lots of example configurations :-((
Customer: replied 10 months ago.
i bridge only the client side... Yes?

That is correct, only the client side because the server side already provides bridging access to the network on the server side through OpenVPN.

Customer: replied 10 months ago.
David, apart from the need to bridge and missing bridge mode command,.can you see anything wrong with my server.conf?
Customer: replied 10 months ago.
i.e topology
Customer: replied 10 months ago.
do i need to do anything with the server side adapter/s?

I am reviewing the configuration now...just a moment...

Customer: replied 10 months ago.
Thanks DAVID...this is what I really really need. a configuration that works for ME :-))
Customer: replied 10 months ago.
addresses on Thailand server side: upwards UK side : upwards

Notice how in the example configuration, with the exception of the "push" directive which can be ignored, both local and remote IP addresses are in the same subnet. Because you will be bridging, the devices on the client and the server side must have IP addresses that belong to the same subnet.

Here is another example at the following link - in this case using a Linux machine on the client side - however the concept for subnetting is the same. Review the diagram and you will see that the only IP addresses that are not in the same subnet are the WAN IP addresses.

click here

Customer: replied 10 months ago.
can this work for my current subnet addresses / mask..or is it impossible David?
Customer: replied 10 months ago.
sorry for dumb questions

No worries - please ask as many questions as needed. Bridging will work but only if you change the IP addresses so that they are in the same subnet on both client side and server side. For example, change the IP addresses so that they both use the 192.168.0.x network.

Customer: replied 10 months ago.
OK....I see...hmmm....... So if i was to reconfigure the Router, DHCP ? (addresses which it allocates) ? starting point you think?
Customer: replied 10 months ago.
Regarding gateway, should i use router's or let openvpn server, allocate it? what u think?

Yes you could reconfigure DHCP on both sides to handle the same subnet however I would split the subnet so that half the subnet is handled by the client side router DHCP and half the subnet is handled by the server side router DHCP (for example, client side DHCP scope is, and server side DHCP scope is, and reserve 10 IP addresses on each side for network devices (reserve on the client side and reserve on the server side).

Since all computers are on the same subnet when connected, they will only need the gateway address of the Internet router for accessing the Internet. As long as the OpenVPN client and OpenVPN server VPN tunnel is connected using the bridged configuration, the devices connected to the network on both sides should be able to connect to each other without a gateway since it is a bridged configuration.

Customer: replied 10 months ago.
Good David...Good.... I got lots to do.... do u think I must use bridging after I reconfigure subnets OR is there a chance the tunnel could work BOTH ways using dev Tap configuration??
Customer: replied 10 months ago.
sorry i meant dev tun...
Customer: replied 10 months ago.
is the bridging a MUST do?

After you reconfigure the devices on both sides so that they are all using IP addresses in the same subnet you will have to use bridging in order for them to connect to each other.

If you want both sides to use different subnets, as is the case with your current configuration, then you will need to use a site to site configuration which may require you to change the operating system on the client side in order to get it to work although I believe we could probably get Windows 10 to route traffic. See the example configuration at the following link:

click here

An alternative would be to leave the subnets the way they are and add a router on the client side network that would serve as a gateway to the devices on the server side where the router receives traffic destined for the server side network and forwards the traffic through the bridged VPN tunnel configured on the client.

Syseng and other Networking Specialists are ready to help you
Customer: replied 10 months ago.
OK David..... Think changing subnet is best...Last Question, can you explain this line for example :
I need to get to grips with this :ifconfig-pool
Customer: replied 10 months ago.
oh thought i had lost you....David

The ifconfig-pool configures the server to provide a DHCP address to clients that connect. In your case, since only one client will connect, you should configure the pool to one or two IP addresses like this:


Customer: replied 10 months ago.
Thanks David.... Lots to do .....I appreciate your help...sorry for stupid questions, forgive me

Never a stupid question - those are all good questions! And glad I could help!