OpenVPN bridging in pfSense 1.2.3
-
There have been very limited articles talking about setting up bridging in OPENVPN much the less for setting that up in pfSense. Any one that has a bridging implementation working for pfSense 1.2.3? I've got openvpn running under bridge mode in a VM so not entirely a super noob.. Just would like to consolidate it to the pfsense box.Hope someone can guide me along getting it to work.
-
Hello,
I have it running in bridging mode - TAP (PFsense 1.2.2)… Actually, it is a site-to-site vpn.
The PFsense default tun mode appeared to be too slow - therefore we had to try with the TAP.The bridging mode also slows down the latency in the VPN but was much better than the TUN mode..
-Linch
-
We got it working - but we had to pay for the pfsense commercial support. It works nicely. I would upload a config for you but we are in the process of building a generic config so I cannot do that.
I will keep this post in mind when we finish the generic configuration file.
-
Awesome.. Will be waiting for the guides and config.. Hope I don't get too old when it is out.
-
Hello,
I have it running in bridging mode - TAP (PFsense 1.2.2)… Actually, it is a site-to-site vpn.
The PFsense default tun mode appeared to be too slow - therefore we had to try with the TAP.The bridging mode also slows down the latency in the VPN but was much better than the TUN mode..
-Linch
Any guides?
-
The configuration had to be reverted back to the tun after all (didn't want to flood the networks with the broadcasts in the bridge mode)… the reason for the slow latency was that we were using TCP for the OpenVPN transport... using the UDP fixed the latency - but does not work correctly with CARP (clustering)...
With just a few words - in custom options add the "dev tap;" - it swaps the tun mode with tap.
You will have to use static IP addresses for the tunnel (a checkbox exists about it)- with "ifconfig 10.100.100.1 10.100.100.2;" in the custom options.
The route/iroute (tun specific commands) do not work with the tap - but you can add "static routes" pointing to the remote tunnel IP.That's all.
Good Luck. ;)
-
I'm also experimenting with OpenVPN in bridge mode, and my current solution is to run OpenVPN in 'tap' mode,
and then use "up" script to add the tap device as a bridge(4) member. Works fine so far.
-
can anyone shed anymore light on this? i've been playing with openvpn bridging on and off for months and i could never get it to work… i've got a tunnel working perfectly... i just wish i could dhcp across the tunnel
-
Sorry I have taken so long to reply.
After we paid for support and asked for the config file we were told it would only work on a pre-release version of pfsense, which we could not download. Essentially the config was useless unless it was installed on a special version. I think the reason for this was the current version didn't have something which was important to get it working. We are in the process of getting another config setup which uses a current version of pfsense.
-
After we paid for support and asked for the config file we were told it would only work on a pre-release version of pfsense, which we could not download.
(resolved this long ago with xerovis privately but wanted to follow up here) That's not true, it only works with 1.2.3-RC versions, which are on all the mirrors.
The process is described here:
http://doc.pfsense.org/index.php/OpenVPN_Bridgingthere are some issues with that, but it does work (with caveats). I'm working on updating that right now for an ideal configuration.