OpenVPN site-to-site TAP

Guest · Jan 28, 2015, 1:19 PM

hello,
I created a site-to-site tunnel with openvpn TAP mode betwin 2 pfsense appliances ( the server v2.2 - 192 168 166 254 and the client v2.1.5 - 192 168 166 253). The tunnel up properly, the firewall ping each other , but the traffic between my sites does not work .

Can anyone help me ??

Pitchoun511 · Jan 28, 2015, 4:09 PM

nobody can help me ??

doktornotor · Jan 28, 2015, 7:04 PM

Post the ifconfig output for the relevant ovpn interface.

@Pitchoun511:

nobody can help me ??

Dude, bumping threads b/c noone replied in whopping 3 hours?! ::)

Pitchoun511 · Jan 29, 2015, 7:55 AM

Excuse me, but completely cut off from my VPN with 30 rabid users … I was really freaked out ...

Pitchoun511 · Jan 29, 2015, 4:05 PM

Well, now that I have resolved the problem on my vpn…
On my site A, there are 3 PCs ( 192.168.166.189 - 191/24 ) and a firewall ( 192.168.166.253 )
On my site B, there are 3 PCs ( 192.168.166.200 - 202/24 ) and a firewall ( 192.168.166.254 ) .

I set up a VPN with OpenVPN using the TAP method between the two sites.
The firewall A ping the firewall B, but the traffic from one PC to another on both site doesn't work. In my firewall log nothing is blocked, the ARP table information is correct on eatch side, but no traffic between the two sites ...

is the /24 can be the cause of my problem ?

doktornotor · Jan 29, 2015, 5:30 PM

Using same LAN subnets on both sites? Time to start from scratch.

Pitchoun511 · Jan 30, 2015, 6:51 AM

Please excuse my ignorance, but I followed the topic https://forum.pfsense.org/index.php?topic=38605.0 and he doesn't speak to create subnets

marvosa · Jan 31, 2015, 5:59 PM

What are you doing that you need a bridged setup? Post the config from both sides. Post the firewall rules from the LAN, Openvpn and the Bridged interface tabs on both sides.

Pitchoun511 · Feb 26, 2015, 9:19 AM

Hi, I'm back from holidays, so I am back in my research.
I need a bridge, because historically , I have two sides on the same IP range and I don't want to reconfigure all my clients. I attached a screenshot of my conf and firewall.

Thank you for your help.

dotdash · Feb 26, 2015, 4:20 PM

There are some notes in this thread: https://forum.pfsense.org/index.php?topic=84419.msg462943#msg462943

Pitchoun511 · Mar 25, 2015, 12:54 PM

I have found nothing that resolve my problem

MLIT · Mar 25, 2015, 3:59 PM

If you are doing this to prevent renumbering your network, maybe you should just do 1 to 1 NAT on both ends.

dotdash · Mar 27, 2015, 7:02 PM

@Pitchoun511:

I have found nothing that resolve my problem

I just went through the procedure in the thread I linked earlier on two 2.2.1 boxes and it worked fine, or rather well enough for me to get in and fix a problem preventing a remote host from routing out correctly. If you are still having problems, I suggest you look over that and then post some specifics of your config.