1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Problem with tap tunnel to VMware App

Problem with tap tunnel to VMware App

  • JeGr
    LAYER 8 Moderator

    Hi all,

    as much as I don't like it, I'm forced to setup an OpenVPN tap tunnel between a client's network and an isolated VLAN inside our own infrastructure. Our side is running a virtual vmware appliance (the pfSense OVA image), the customer's side is hardware. Both sides need to run with the same IP address range, so a bridge-style tunnel is the only thing that will work.

    What we did:

    Server side (our side):

    • setup virtual pfSense
    • created WAN / LAN interfaces
    • LAN IF is only activated, all other things to none
    • created OpenVPN tap Server
    • added the ovpns interface and activated like LAN interface (only active, all other things to none)
    • created bridge interface with LAN and VPN interfaces as members
    • activated bridge interface and bound local IP to 10.x.y.17/24
    • added firewall rules to bridge0 to allow any traffic

    Client side

    • configured WAN/LAN interfaces on hardware
    • LAN IF is only activated, all other things to none
    • created OpenVPN client setup
    • added the ovpnc interface and activated like LAN interface (only active, all other things to none)
    • created bridge interface with LAN and VPN interfaces as members
    • activated bridge interface and bound local IP to 10.x.y.14/24
    • added firewall rules to bridge0 to allow any traffic

    The OpenVPN tunnel is signalled as up.

    What is working:

    • After enabling promiscous mode on our virtual vmWare VLAN, a test-client attached to the VLAN net, that is bridged to VPN is able to ping the .17 on the bridge of the server.
    • PC on Client side is able to ping the bridge interface's .14 IP

    But that's as far as it goes. Neither test client is able to ping the other (we have .122 on one side and .222 on the other side to test, neither one is able to ping or access http/s on the other client, nor ping the remote bridge interface).

    Is there anything special perhaps in the VMware part that is still blocking and not working as it should?
    Any other help in setting up a TAP-style tunnel between two LANs?
    The solution is only temporary but needed badly! Any help'd be appreciated.

    Greets

    0
  • JeGr
    LAYER 8 Moderator

    Anyone perhaps able to tell, if this (LAN 2 LAN connect) is possible at all in this setup?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy