Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with tap tunnel to VMware App

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 546 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi all,

      as much as I don't like it, I'm forced to setup an OpenVPN tap tunnel between a client's network and an isolated VLAN inside our own infrastructure. Our side is running a virtual vmware appliance (the pfSense OVA image), the customer's side is hardware. Both sides need to run with the same IP address range, so a bridge-style tunnel is the only thing that will work.

      What we did:

      Server side (our side):

      • setup virtual pfSense
      • created WAN / LAN interfaces
      • LAN IF is only activated, all other things to none
      • created OpenVPN tap Server
      • added the ovpns interface and activated like LAN interface (only active, all other things to none)
      • created bridge interface with LAN and VPN interfaces as members
      • activated bridge interface and bound local IP to 10.x.y.17/24
      • added firewall rules to bridge0 to allow any traffic

      Client side

      • configured WAN/LAN interfaces on hardware
      • LAN IF is only activated, all other things to none
      • created OpenVPN client setup
      • added the ovpnc interface and activated like LAN interface (only active, all other things to none)
      • created bridge interface with LAN and VPN interfaces as members
      • activated bridge interface and bound local IP to 10.x.y.14/24
      • added firewall rules to bridge0 to allow any traffic

      The OpenVPN tunnel is signalled as up.

      What is working:

      • After enabling promiscous mode on our virtual vmWare VLAN, a test-client attached to the VLAN net, that is bridged to VPN is able to ping the .17 on the bridge of the server.
      • PC on Client side is able to ping the bridge interface's .14 IP

      But that's as far as it goes. Neither test client is able to ping the other (we have .122 on one side and .222 on the other side to test, neither one is able to ping or access http/s on the other client, nor ping the remote bridge interface).

      Is there anything special perhaps in the VMware part that is still blocking and not working as it should?
      Any other help in setting up a TAP-style tunnel between two LANs?
      The solution is only temporary but needed badly! Any help'd be appreciated.

      Greets

      Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Anyone perhaps able to tell, if this (LAN 2 LAN connect) is possible at all in this setup?

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.