Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Bridge

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      TheNetStriker
      last edited by

      I'am using pdSense 2.0.2 and I would like to setup an OpenVPN server. I've already managed it to configure the server and I am able to connect to the server using the OpenVPN client, but I can only access the IP of the pfSense Firewall. I've already added the OpenVPN interface under "Interfaces" -> "(assign)" and setup a bridge between the the OpenVPN interface and the LAN interface. I've also setup a firewall rule for openvpn to access any ip and any service, but I just don't get any pings back from other ip's. What am I doing wrong?

      Here is my openvpn configuration:

      
 <openvpn-server><vpnid>1</vpnid>
	<mode>server_tls_user</mode>
	<authmode>Local Database</authmode>
	<protocol>TCP</protocol>
	<dev_mode>tun</dev_mode>
	 <ipaddr><interface>wan</interface>
	<local_port>444</local_port>
	 <description><custom_options>auth MD5</custom_options>
	<caref>5102b471dec59</caref>
	 <crlref><certref>510290cf024e1</certref>
	<dh_length>1024</dh_length>
	<cert_depth>1</cert_depth>
	 <strictusercn><crypto>AES-128-CBC</crypto>
	<engine>none</engine>
	<tunnel_network>10.242.2.0/24</tunnel_network>
	 <remote_network><gwredir><local_network>172.17.0.0/16</local_network>
	 <maxclients><compression>yes</compression>
	 <passtos><client2client><dynamic_ip><pool_enable>yes</pool_enable>
	 <netbios_enable><netbios_ntype>0</netbios_ntype></netbios_enable></dynamic_ip></client2client></passtos></maxclients></gwredir></remote_network></strictusercn></crlref></description></ipaddr></openvpn-server>
      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        You don't need any assigning an interface or bridging. You do need rules on the OpenVPN Firewall Rules tab to allow traffic from the tunnel to your LAN.
        You have an OpenVPN tunnel setup there, the server will tell (push) the client a route to your LAN (172.17.0.0/16). So the client will know how to route to 172.17.0.0/16. And devices on the LAN can route back just by sending packets to pfSense (which is normally their default gateway already), and pfSense is hosting the OpenVPN, so it knows how to route return packets.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T Offline
          TheNetStriker
          last edited by

          Thanks for the tip, I have not yet set the default gateway to the pfSense firewall because I want to test the configuration first. But this has to be the problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.