Comment 6 for bug 627973

Here are my related config files. Hopefully these will help as well.

per-user-up.sh
------------------------
#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="bridge0"

#NOTE $1 contains the tap interface name

brctl addif $br $1
ifconfig $1 mtu $2 promisc up

--------------------------
per-user-down.sh
--------------------------
#!/bin/bash

#################################
# Tear down Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="bridge0"

# NOTE #1 contains the tap devce name

brctl delif $br $1
ifconfig $1 down
openvpn --rmtun --dev $1

-----------------------------
/etc/xinet.d/openvpn
----------------------------
service echo
{
 disable = no
 type = UNLISTED
 port = 1194
 socket_type = stream
 protocol = tcp
 user = root
 wait = no
 server = /usr/sbin/openvpn
 server_args = --config /etc/openvpn/tcp-tap.conf.backup
}
-----------------------------
The funny name for the server_args value is to prevent the SYSVINIT scripts from trying to start a server that should only be started by xinet.d.

I have a bridge created in my /etc/networking/interfaces file called bridge0