BIG thanks to the guys at #openvpn ! TaiSHi and rmull @ freenode !!

My Layout


192.168.1.254 is my Netgear router
I have set DMZ to 192.168.1.101 ( the VPN server )

Setting up the server




# kill all the old ifs
ifconfig tap0 destroy
ifconfig bridge0 destroy
ifconfig tun0 destroy
# enable load kern support for br and tap
kldload if_bridge.ko
kldload if_tap.ko
# create br and tap
ifconfig bridge0 create
ifconfig tap0 create
# VPN stopped working but this fixed it ! replace 154 with something inside the oruters scope just to be sure ... ( ie NOT 200-255 )
ifconfig tap0 inet 192.168.1.154 netmask 255.0.0.0
# replace fxp0 with the REAL interface
# the addm adds the if to the br so fxp0 and tap0 are br
ifconfig bridge0 addm dc0 addm tap0 up
# br must have an address
dhclient bridge0

before you even start messing with openVPN check the ifconfig -a it should look something like this ... but with an IP on tap0 .....


fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=8<VLAN_MTU>
    inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
    ether 00:11:11:2e:34:0e
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    inet6 ::1 prefixlen 128
    inet 127.0.0.1 netmask 0xff000000
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    ether 00:bd:47:72:00:00
    Opened by PID 859
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    inet 192.168.1.90 netmask 0xffffff00 broadcast 192.168.1.255
    ether 9e:cc:5b:a8:6c:a7
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto stp maxaddr 100 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
    member: fxp0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

NOTE: TAP0 in my case MUST have a IP address ... example

Server.conf


---------
# I had to set full path to the certs
ca //usr//local//share//doc//openvpn//easy-rsa//keys//ca.crt
cert //usr//local//share//doc//openvpn//easy-rsa//keys//server.crt
key //usr//local//share//doc//openvpn//easy-rsa//keys//server.key
dh //usr//local//share//doc//openvpn//easy-rsa//keys//dh1024.pem
# USE TAP ON SERVER AND CLIENT SIDE !
dev tap
# replace 192.168.1.101 with the VPN IP
server-bridge 192.168.1.101 255.255.255.0 192.168.1.200 192.168.1.250
keepalive 10 120
client-to-client
verb 3
duplicate-cn

Client.conf


===========
remote rmccurdy.com
dev tap
nobind
tls-client
ca ca.crt
cert client.crt
key client.key
pull
verb 4

NOTES:
Say server is 192.168.1.101 and a client is 192.168.1.90 he or you need to change example have him change to 192.168.0.1 or 192.168.10.1 etc .. for failsafe you can change to 10 or even 172 scope
Disable ALL firewalls server and client side for testing !





NOTE: this is what a working windows ipconfig look like (green icon and all notice missing Default Gateway this is OK)


Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-6B-AD-3C-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9118:ae10:511b:c53e%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 25, 2008 1:58:57 PM
Lease Expires . . . . . . . . . . : Thursday, June 25, 2009 1:58:56 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.1.0
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled


here is my startup script I found that I have to add the sleep and & to some of the commands ..


# kill all the old ifs
ifconfig tap0 destroy
ifconfig bridge0 destroy
ifconfig tun0 destroy
# enable load kern support for br and tap
kldload if_bridge.ko
kldload if_tap.ko
# create br and tap
ifconfig bridge0 create
ifconfig tap0 create
sleep 10
# replace fxp0 with the REAL interface
# the addm adds the if to the br so fxp0 and tap0 are br
ifconfig bridge0 addm dc0 addm tap0 up &
sleep 10
# br must have an address
dhclient bridge0 &
sleep 10


ifconfig tap0 inet 192.168.1.154 netmask 255.255.255.0 &
sleep 10
echo sleep ...
sleep 20

openvpn --config /etc/server.conf --verb 3