OpenVPN TAP works, but cant access any services on the router
-
Thank you seewolf.
Our configurations are very incredibly similar. However, I've been assigning the created bridge interface for the "Bridge Interface" whereas you've assigned the LAN interface directly. Also I've been trying to Force all client-generated IPv4 traffic through the tunnel I'll do some testing and let you know. Thanks also for the YouTube video link. I also found that video useful when setting the tun server. In fact I was the last person to comment on that video 2 weeks ago suggestions a tap tutorial :-) Does the pfsense unbound DNS Resolver resolve hostnames on you LAN?
-
Thank you seewolf.
Our configurations are very incredibly similar. However, I've been assigning the created bridge interface for the "Bridge Interface" whereas you've assigned the LAN interface directly. Also I've been trying to Force all client-generated IPv4 traffic through the tunnel I'll do some testing and let you know. Thanks also for the YouTube video link. I also found that video useful when setting the tun server. In fact I was the last person to comment on that video 2 weeks ago suggestions a tap tutorial :-) Does the pfsense unbound DNS Resolver resolve hostnames on you LAN?
no problem simon.
i use a tun server for redirecting / forcing all traffic from clients trough the router, that is (as johnpoz pointed out) more efficient. i use tap server when i connect to the internet trough a clients local connection, and then just want to access other computers, servers etc, on a remote network as if i have two (or more) network connections / adapters on the working client. that is why i have all my networks on a different subnet, so i can connect to more of them at the same time while going on the internet locally (ie 10.0.0.0/24, 10.10.0.0/24, 10.20.0.0/24, etc).
the video is a great help for making a tun server.. after you get it working, you can tweak things and see how it is behaving. it takes some time, but you can learn a lot.
i dont use unbound dns resolver for resolving hostnames on my LAN, mostly because all devices have a static IP and i know all there IP addresses (i use an reversible mind logic to assign IP addresses).
and most of the things that need to connect locally or remotely, have in there configurations the static IP addresses of other devices. i like to make a local network working even if the router is it connected to is down (ie no dhcp, dns, etc). -
I have kind of same problem with OpenVPN TAP connection. When connected I can access all the local network but not pfsense machine. Which is very wierd. I am on last version of pfSense (2.4.2-RELEASE-p1) and last version of OpenVPN on client side (v2.4.4-I601).
Did you find solution?
-
I have kind of same problem with OpenVPN TAP connection. When connected I can access all the local network but not pfsense machine. Which is very wierd. I am on last version of pfSense (2.4.2-RELEASE-p1) and last version of OpenVPN on client side (v2.4.4-I601).
Did you find solution?
hi firbc.
are you running pfblockerng on your sistem? in my case there was some weird conflict with pfblockerng and openvpn. and after an update of the pfblockerng and pfsense everything started working as expected, and i never found the cause of the problem, and with that the real solution.
-
I have kind of same problem with OpenVPN TAP connection. When connected I can access all the local network but not pfsense machine. Which is very wierd. I am on last version of pfSense (2.4.2-RELEASE-p1) and last version of OpenVPN on client side (v2.4.4-I601).
Did you find solution?
hi firbc.
are you running pfblockerng on your sistem? in my case there was some weird conflict with pfblockerng and openvpn. and after an update of the pfblockerng and pfsense everything started working as expected, and i never found the cause of the problem, and with that the real solution.
no, the only package I have installed is OpenVPN client export tool…
-
seewolf, does pinging pfsense machine in your case work? I cannot even ping it. On tun it is working normally.
-
seewolf, does pinging pfsense machine in your case work? I cannot even ping it. On tun it is working normally.
at the moment everything works nominally.
when i had the problem, as i said in the first post, i could ping the router and that was the only thing i could do towards the router.did you try to reinstall the machine?
unfortunately that is the only thing i can suggest at this moment.and are you sure that the openvpn server configuration is correct?
-
Sorry to ressurect this thread, but I’m seing the same problem on my 2.4.5 pfsense. Access to the router itself is “spotty”. Sometimes it works all day and in all sessions, other times everything but access to the router works.
I have no packages installed.I was just wondering if you keept experiencing the problem on and off like me even though you felt pfblockerng was involved initially?
@johnpoz I understand your argument for TUN, but if you have very complex routed networks behind the router with accesslists all over the place, TAP can start to make sense :-)
-
@keyser
unfortunately (for this case) i have not experienced this problem any more during the last couple of years. any time i connect to a tap server, it just puts me on the lan network. -
I have tried everything, and it’s definitly a “glitch” in the OpenVPN/pfSense TAP combination. It mostly never works, but once in a while I can all of a sudden access the GUI and the local resolver.
Well, decided to change my setup to a routed TUN solution instead with outbound NAT applied on access to LAN.
Not a great solution, but I have a workaround for the two issues NAT presents in our application usage. -
I am facing issue with TAP config, there is a server location in inside the pfsense network, using tap we are accessing that server from outside the network from different locations and different system, the issue is, some users able to access the server few of them are not, the users who are unable to access server are able to access other VPN clients.
