PfSense 2.02 OpenVPN TAP: Client can't see LAN and vice-versa
-
I installed pfSense for the first time two days ago and installed the TAP fix and the client exporter packages and generally have everything working well. I have set up OpenVPN using the wizard and modified it to bridge mode (TAP). Clients can successfully connect but can't see any computers on the network and vice-versa. I read through the wiki, couple of tutorials and perused through the forum and tinkered around to get it working but I ended up doing more harm than good. I have attached screen shots of my setting. I think I need help with properly configuring the firewall rules, NAT, etc. Can someone help out? Much appreciated.
Please let me know what additional information I can provide to help with this issue. Thanks!
PS: Did I say I was a noob?
-
Adding contents of server1.conf
dev ovpns1 dev-type tap dev-node /dev/tap1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local xxx.yyy.zzz.129 engine cryptodev tls-server server-bridge 192.168.24.1 255.255.255.0 192.168.24.200 192.168.24.204 auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 3001 management /var/etc/openvpn/server1.sock unix max-clients 3 push "route 192.168.24.0 255.255.255.0" push "dhcp-option DOMAIN mulye.com" push "dhcp-option DNS 192.168.24.1" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip floatAnd Client.OVPN
dev tap persist-tun persist-key cipher AES-128-CBC tls-client client resolv-retry infinite remote pii.dnsalias.com 3001 udp tls-remote "PII_SERVER_CERT" auth-user-pass pkcs12 gw-udp-3001.p12 tls-auth gw-udp-3001tls.key 1 comp-lzo -
It might be bad form to answer your own question but I wanted ensure that this thread has closure.
I found the solution. I had to manually create an interface for VPN (OPT1) and bridge it to the LAN interface. I had assumed that the wizard & settings would have done this automagically like it is on other firmwares.