I'm trying to set up my first OpenVPN server, and I'm having trouble figuring out whether I should use tun or tap for my particular setup.
I have an Amazon VPC with a few EC2 instances running Windows Server 2012 that will be used as workstations. In the VPC there's also a file server (also running WS2012) that workstations connect to via SMB.
Specifically, I'm trying to set up an OpenVPN server (this one on Ubuntu) to allow remote clients to connect to the VPC, and then use RDP to access the workstations themselves.
I tried using tun, but I still can't get the client to see the workstations on the network (I try to RDP to the workstations and the connection fails, ping also). I know this could be due to many reasons, so I'm trying to discard the things where I could've gone wrong. I guess tun would be the best choice since I don't need to use any non-IP protocols and it would be more efficient, but I'd like to be sure.
By the way, I've been following this guide: https://openvpn.net/index.php/open-source/documentation/howto.html
Thanks in advance.
Best Answer
I use tun for this exact use-case in our VPC (we use linux rather than windows, but that aside its the same). So I'd say tun is acceptable in this case.
Things to look for are:
As a rule when debugging OpenVPN I find running a network sniffer on the ethernet nic of the OpenVPN box AND on the ethernet nic on a destination machine helps tremendously with identifying where the traffic is being stopped or blocked.