Set up network bridge *and* VPN

Hi all,

I need a network bridge (eth0 with eth1) and a VPN at the same time. The network bridge is used for connecting some additional device from time to time (e.g. a laptop) while I need the VPN to connect to the server at work.

This is easily achievable under Windows 7 (installed as dual boot), but in openSUSE I’m facing the problem that the VPN installation is done with NetworkManager, while bridging is done using the static configuration via ifup. And both exclude each other.

Anybody got a solution for that? It’s just silly to reconfigure my interfaces each time that I need the bridge and then again the VPN. And I’m surely not going to get a switch just to fix that shortcoming.


Am assuming you’re talking about a “TAP” network bridge for VPN tunneling.

Although I wouldn’t consider myself expert on this, the VPNs I’ve been using recently simply use scripts to enable/disable or in Network Manager just configure in the VPN tab, as long as the essential packages for that VPN technology are present, it should “just work” typically automatically creating the TAP or TUN networking device(s).

In Network Manager, once setup you only need to click checkboxes or the selected VPN to enable/disable.

If not using Network Manager, you should be able to start/stop by CLI simply by invoking the VPN technology with appropriate parameters.

Connecting another device through your openSUSE box should be a separate issue, but IIRC even in NM you only need to check/uncheck boxes to enable forwarding.

If this doesn’t answer your question, need a more detailed post what your goal is and what you’ve tried or looked at.


OK, I’ll explain once more:

I have two requirements for networking on my computer. Both are independent from each other.

  1. I want to bridge the eth0 and eth1 adapters. The purpose is to connect another device to my network via my desktop computer without using a separate switch. I don’t want another box on my table just for connecting a single additional device every now and then. This has nothing to do with VPN.

  2. I need to set up a VPN to connect to the host in my office.

My problem is that both tasks can be solved, but for (1) I have to use the traditional ifup setup in YaST, and for (2) I have to use NetworkManager. The problem is that both ways are excluding each other.

All that I found up to now is that NetworkManager is just unable to handle bridging and that one should get back to traditional network setup. But I have not yet found anything in YaST to allow me to set up a VPN. So it seems I have to go back to configuring VPN via text editor? Sad, sad. Don’t tell anyone outside.

Currently, when I want to set up my VPN, I’m losing my bridge as I have to return to YaST configuration. Later, when I need the bridge, I have to drop the NetworkManager configuration. This is on the opposite side of every conceivable notion of acceptability.


You haven’t stated what type of VPN you’re looking to connect to. In any case, it is possible to configure the bridging and VPN configuration/connectivity without using the network manager.

For openVPN connectivity, this might help:

openSUSE 12.2: Chapter 14. Configuring VPN Server

Assuming PPTP VPN, then read these:

Setting up a PPTP VPN in Linux | Unixmen

man pptp


I’d also been looking at what you’re asking about a few weeks before you posted and didn’t find anything anywhere that clearly described what might be possible and how to do it.

But, here are my results to date…

It should be possible. I sometimes connect through a VPN service that uses a TAP device that creates a network bridge used for tunnelling bound to a physical interface. But, note that a br device which you’re asking about is not anywhere like the tap or tun network bridge devices, so beware the common terminology “network bridge” which refer to devices and use not at all similar or related.

Once I actually setup close to what you’re describing, br bridging between my eth0 and wlan0, then instead of a VPN I ran a KVM virtual machine bound to eth0 (tap) while connecting to the Internet through wlan0. Although it worked, I found that the system arbitrarily allocated resources stativcally to each connection (the VM and the Internet), not only making both connections dog-slow but when I shut down the VM, the Internet connection continued to crawl. Only resolution was a reboot (I didn’t try just stop/restart network services). After that I suspended further investigation.

I have since turned my attention to alternatives… bonding the network interfaces instead of bridging, fixing the software issues directly that have led me to experiment with networking.

In your case, I wonder if you might consider a routing rather than bridging solution… If you don’t need resources on your secondary connection to be recognized on your network and only need outbound access, IMO it’d likely be a better/simpler setup with ample documentation.

Am thinking also since you’re trying to br eth0 and eth1 whether it’d be possible to not br at all, simply build a “split-VPN” using only one of your eth interfaces.