Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System Hang with LACP + VLAN<->OpenVPN Bridge

    2.2 Snapshot Feedback and Problems - RETIRED
    1
    2
    937
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kogir
      last edited by

      At work we use Quickbooks for Mac, which is terrible and requires all machines to be in the same subnet to utilize its "server" feature. I suspect it uses mDNS or subnet broadcasts to advertise itself, I've not dug too deep into it.

      In any case, for years I've been using pfSense + OpenVPN + Bridging to enable people to work remotely. On pfSense 2.1.5 it works great configured as follows:

      • 4 Intel NICs all aggregated using LACP

      • All interfaces are on VLANs

      • OpenVPN in tap configuration (openvpn3, bound to interface QuickbooksVPN)

      • Quickbooks interface bound to VLAN xx, providing DHCP and connectivity for the Quickbooks server.

      • Bridge configured with default options with Quickbooks and QuickbooksVPN interfaces as members.

      When I try this on 2.2, everything seems fine until I add the bridge. Within minutes of adding it, the entire machine locks up, and won't respond either at the physical console or even enough to maintain LACP membership. If I type something, it won't register until I unplug the keyboard, and then acts as if the entire input buffer is flushed at once. This trick only works once.

      If I restart the box after it freezes, it will come up fine and appear to work until it freezes again, usually in under 3 minutes. If I quickly remove the bridge before the freeze, the box is stable as a rock.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • K
        kogir
        last edited by

        I managed to work around this by forgoing the pfSense bridge and just having the Quickbooks server connect to the same tap VPN as an OpenVPN client.

        Still think my original approach should have continued working though, and that this is a bug.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post