Why do we need a LAN physical interface bridged with OpenVPN TAP interface to get functional OpenVPN in bridge mode?

by Mohammed Noureldin   Last Updated July 15, 2017 17:00 PM

Here I have some (slightly maybe different) questions, but related to each other, therefore I prefered to ask them in one question.

I have been trying to allow my OpenVPN clients (OpenVPN is setup in bridge mode) to connect to Docker containers.
As known, Docker containers are all connected with each other via a bridge (docker0 bridge or what ever).

I always used to use my own bridge (br0) on my home server, where I setup Docker to use that bridge (br0), and I bridge OpenVPN interface (tap0) on that bridge, and my physical interface (eth0), which is connected via LAN to my home router. And that always worked for me and all OpenVPN clients were always able to access each Docker container bridged on br0 (both OpenVPN clients and Docker containers have IPs in my LAN range).

A couple of days ago I rent a VPS, where my physical interface is directly connected to internet (it has unique public IP).
I did the same as before (setting Docker up to use my br0 for all containers) and I bridged OpenVPN tap0 on br0.

The problem I faced, is that my OpenVPN client was NOT able to ping or access any of Docker's containers, (the containers were able to ping and access other Docker's containers, but NOT OpenVPN client), and the clients were NOT able to ping each other as well.

Does that have anything to that I have no physical interface bridged? If yes I was wondering why should I bridge the a interface of my server (connected to any router via LAN maybe) in addition to OpenVPN TAP interface to get a functional OpenVPN in bridge mode?

And that problem raised a another related question in my mind: as long as the clients are anyway part of tap0 interface, why cannot they simple access each other without going for some reason out of TAP interface. What is the role playing by my physical interface?

If my problem was really because of there is no physical interface bridged, how can I get OpenVPN to be fully functional in bridge mode with out that physical interface (or at least maybe any solution for that as long as my physical interface is connected directly to internet without any LAN)?

I hope that some one can help me to get that OpenVPN to work

Related Questions

Stop dhcp traffic via openvpn bridge

Updated November 03, 2016 09:00 AM

Docker network without IP address on host

Updated August 11, 2017 15:00 PM