Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TAP does not appear to be bridged

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 413 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaAwesomeP
      last edited by

      Hello,
      I am trying to configure a TAP network. My network consists of the following:

      • 10.2.0.1: DHCP server, main router
      • 10.2.0.2: VPN server, DNS server, internet gateway (pfSense)

      When a physical client joins the network, it get DHCP and gateway from/as 10.2.0.1. This router forwards outbound traffic to 10.2.0.2 and inbound traffic directly to the other subnets. This is a router-on-a-stick configuration.

      My goal is to route internet, DNS, and any 10.0.0.0/8 address through the VPN. I do not want it to route the other private address ranges or link-local.

      OpenVPN is setup with the following settings (omitted authentication/encryption options since they are working flawlessly):

      • Device mode: tap
      • IPv4 Tunnel Network: empty
      • IPv6 Tunnel Network: empty
      • Bridge DHCP: checked
      • Bridge Interface: VPN_LAN_BRIDGE
      • Bridge Route Gateway: unchecked
      • Server Bridge DHCP Start: empty
      • Server Bridge DHCP End: empty
      • Redirect IPv4 Gateway: unchecked
      • Redirect IPv6 Gateway: unchecked
      • IPv4 Local network(s): empty
      • IPv6 Local network(s): empty
      • Type-of-Service: unchecked
      • Inter-client communication: checked
      • Dynamic IP: checked
      • DNS Server enable: checked
      • DNS Server 1: 10.2.0.2
      • Block Outside DNS: checked
      • Custom options:
        push "route 10.0.0.0 255.0.0.0 10.2.0.1";
push "route 0.0.0.0 128.0.0.0 10.2.0.2";
push "route 128.0.0.0 128.0.0.0 10.2.0.2";
      • UDP Fast I/O: unchecked
      • Send/Receive Buffer: Default
      • Gateway creation: Both

      VPN_LAN_BRIDGE is a bridge interface bridging LAN and the VPN interface. The VPN interface is assigned, and the bridge interface is assigned (but without an IP since that would overlap with the LAN interface).

      I have also tried adding push "route-gateway 10.2.0.1"; to no avail. I have tried every combination of: completely removing my custom routes, checking Bridge Route Gateway, checking Redirect IPv4 Gateway, and completely opening the firewall on every interface.

      The client does not receive DHCP/get an IP. I suspect that it cannot get to 10.2.0.1.

      At some point with some fiddling I got it to work. However once I restarted pfSense, it would not work anymore. I am not sure why, and I have not been able to get it to work again.

      pfSense 2.4.4-RELEASE-p3 (amd64)

      Happy Holidays!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.