OpenVPN TAP bridge with LAN
-
Hey,
I am trying to configure an OpenVPN server so that the clients can connect and have access to the resources available on LAN. I have tryed two variants found on the web: https://forum.pfsense.org/index.php?topic=46984.msg246773 and https://www.reddit.com/r/PFSENSE/comments/3hql33/configuring_openvpn_bridge_with_local_dhcp/, but neighter one works for me. I can connect to the server, I get a local IP, but I can't browse the web and I can't access or ping anything on the LAN.Any advice? :)
-
Follow this tutorial
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_ServerAnd why you wanna use tap?
-
As I said in the first post, I need my clients (colleagues) to have access to the resources available on LAN.
-
Any ideas? :)
-
As I said in the first post, I need my clients (colleagues) to have access to the resources available on LAN.
That doesn't answer the question.
-
As I can understand from the two guides I posted in my first post, tap is the only way I can get access to the network resources where I want to connect with OpenVPN.
-
As I can understand from the two guides I posted in my first post, tap is the only way I can get access to the network resources where I want to connect with OpenVPN.
No, hopefully. TAP will be required if you need layer 2 otherwise TUN is OK and lighter
-
I am trying to configure an OpenVPN server so that the clients can connect and have access to the resources available on LAN.
First off, you'll have to explain "access to the resources available on LAN" a little more clearly in order for us to help, especially what you think a standard TUN interface won't let you access.
In my experience, TUN based setups are simple and effective and all that is necessary for most requirements.
-
I have a pfsense 2.2.4, OpenVPN server and roadwarrior clients, with tun devices, and I can ping devices by hostname, access shared directories
A VPN, by nature, its to access remotely LAN resources, why do you think with tun you dont gonna do that?
-
I need to have access to the printers, scanners, shared folders or servers on the network where I'm connecting using OpenVPN. I'll try with TUN, but I tryed it before and it didn't work.
Thanks. -
I need to have access to the printers, scanners, shared folders or servers on the network where I'm connecting using OpenVPN
That's pretty much what OpenVPN using TUN is designed for. Works well for dozens of OpenVPN sites I've installed.
For site to site use:
Try the instructions at: https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_%28SSL%29 for PKI
or: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site for Shared key setups.
Personally I prefer PKI - a little more work to setup, but very robust once it's established - just my $.02For Remote access clients (single machines or a "Road Warrior" setup)
as mentioned:https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
Again, I use PKI - once you've started to use certificates making another one is NBD and very effective.Make sure the Server's LAN subnet is something different than the Remote's LAN subnet (NOT both 192.168.1.0/24).
Remember you need a firewall rule under the "OpenVPN" tab on the server (appears once you've created the OpenVPN server) typically allowing all.
And BTW, if you're testing connectivity with "pings" from one side of the two subnets to the other, watch out for Windows firewalls blocking traffic from "foreign" subnets.Once you've got it started let us know how it's progressing and what you've tried that works and what doesn't.
-
I suspect the only reason why people think it "does not work" is the NetBIOS network browsing supershit deprecated since W2000 or so…
-
I suspect the only reason why people think it "does not work" is the NetBIOS network browsing supershit deprecated since W2000 or so…
+1
something with missing WINS server and use of NetBIOS ;) -
Thanks. I'll try it out and I'll come back with the result :)