Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Delay initialization of a bridge interface?

    General pfSense Questions
    1
    2
    168
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      ZaphireDfox last edited by

      I have a fun little project where I need to get VOIP traffic on a mirrored/span switch port over to another network in a different building to be processed by a recorder.  I understand that some Cisco switches can do this natively with something called 'rspan', but I don't have that luxury as that would require changing out multiple switches in a network environment I have no control of (contractor).  So, I thought 'maybe I can do this with a couple pfSense boxes'.  I've got a simulation of this built and working nearly perfectly using four virtual machines running pfSense (only two are used for the bridge, the other two are for testing data in and out).  The 'nearly' bit is due a reboot problem.  I'm using OpenVPN in tap mode and bridge interfaces using span to pass the traffic from one end to the other.  It works great, until you reboot the end running the OpenVPN client (server end works fine).  From what I can tell, the bridge interface is created before the vpn client interface and thus the vpn is not a member of the bridge after a reboot.  I have to 'resave' the bridge configuration to re-initialize the bridge interface, adding the vpn as expected.

      I found a similar post from over two years ago, but there was no usable answer to it.  I hate to dredge up older topics, so I'm starting a new one.  But, just in case, see also [[url=https://forum.pfsense.org/index.php?topic=110705.msg616317#msg616317]https://forum.pfsense.org/index.php?topic=110705.msg616317#msg616317]

      So the question is, is there a way to delay the initialization of the bridge interface until after the vpn has been created?  Or, perhaps, is there a way I can reinitialize the bridge via a post-connect script fired off by OpenVPN?

      A suggestion perhaps, pfSense could maybe implement some kind of 'event' system (via the GUI) to perform certain actions when a predetermined event occurs.  Examples:  PPTP goes down, mark LAN down; OpenVPN connects, add it to bridge; LAN goes down, email admin; gateway quality drops, start dial-up; ICMP received on 'secret' port, turn on HTTP access on WAN; etc etc etc.  (probably should put this idea in a separate post)

      "God gives me patience… a winning lotto ticket would be nice too!"

      1 Reply Last reply Reply Quote 0
      • Z
        ZaphireDfox last edited by

        Of course I figured out the answer myself once I started digging around a bit more.  I'll leave this here in case anyone else comes looking for something similar.

        The solution…

        In OpenVPN custom options, add...```
        --route-up "/sbin/ifconfig bridge0 span ovpnc1"

        
Bear in mind, I'm using this to carry the output of a span switchport over to another network in another location, hence 'span' in the command above.  If you just need to join the bridge, use 'addm' instead of 'span'.

        "God gives me patience… a winning lotto ticket would be nice too!"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post