OpenVPN bridged with LAN VLAN issues



  • I am trying to bridge my OpenVPN L2 TAP (not Tunnel) with my LAN VLAN. That part works fine and my devices are able to get an IP address however when I VPN in I am able to ping the gateway IP address which is assigned to the bridge interface however any devices on the VLAN are not able to ping the gateway. After reviewing the packet logs I notice there are a lot of ARP request going to the pfSense and the pfSense is replying but it seems to me that the switch is not getting those replies on the trunk interface. The set up I have is the pfSense as a vmware appliance with the interface trunked to my Cisco switch with VLANS for LAN, MGMT and Guest users. MGMT and Guest users work fine because they are not linked to a bridge and LAN was working before but the moment I linked it to the bridge and reassigned the IP to the bridge interface my LAN network no longer works. I am stumped and am out of ideas. Can any of you guys help me out with this?

    Illustration01: Here I am able to ping the bridge IP from a device logged into OpenVPN.
    Illustration02: From here I am able to ping a device on the LAN from the Switch sourcing an Switch Virtual Interface.
    Illustration03: However here I cannot ping a device on the LAN from a device connected to the OpenVPN.
    Illustration04: And here no device on the LAN can ping the Bridge IP address.









  • So after doing some research I have realized that I do not need to assign a bridge to an interface with an IP. I can simply just bridge VPN and LAN with the LAN interface having the IP address. Once I've made those changes everything on the LAN works perfectly fine however I can no longer ping the LAN IP from the OpenVPN client.