SOLVED ! Serious Bridging Problems between 2 PFS Boxes

  • Hi People,
    I have a big problem regarding bridging between 2 PFSense Boxes. Our company is moving to another place and we have to left some clients, voip phones and printers in  the old location. The thing is that we can not route our traffic between the locations due to the identical LANs, therefore we decided to bridge.
    I read a lot the last days in this forum and on the net, but I do not get it to work correctly. Well and I do not know what the problem is.
    Our goal is to use a PFSense Box on each location to bridge the networks. One Box as server and one as client.

    Our Setup:

    CompanyLAN: (LAN A) – PFSBox1 --> (VPN Bridge) <-- PFSBox2 -- (LAN B)

    PFSBox1 (client) LAN A
    LAN IP:
    Tap0 bridged with eth0 (LAN)

    PFSBox2 (server) LAN B
    LAN IP:
    Tap0 bridged with eth0 (LAN)

    The thing is that the VPN Connects flawlesly but I can only Ping from LAN A to the PFSBox2 LAN Interface not backwards and I cannot Ping from LAN B either the BFSBox. Well under some condition I can Ping from LAN A to the Server on the other side, but then suddenly the ping brake. I saw that the routing information altered, but why ? When I kill the route to it works for another short time. I read in the forum tha CARP is not good for bridging to I turned it off ( ifconfig pfsync0 down), but with no effort.

    Please help me on that, any ideas ? misskonfiguration on LAN interfaces ? what could be wrong ? There are no Firewalls in front of the devices.
    I have no clue, well routing is easy, bridgin is hell :-(

  • ::)

    Hey folks !
    I got it working !!!!

    The failing bridge setup was related to the VMWare ESX Server. The thing with ESX and probably the workstation is that it denys the LAN Interfaces to go into promiscous mode per default, well you can change that on ESX but thats not what I want for my VServers.
    I moved the virtual PFsense to hardware and wham, it runs like a tiger hunting for gazelles :-)

    Nice one !

  • Has anyone else successfully created a bridged setup similar to this one?  We will be needing to create a production setup like this very soon and I wanted to be sure that DHCP and windows file shares could successfully traverse a site to site OpenVPN setup so long as the LAN and TUN interfaces were bridged.

    I read a lot of old posts that said there were stability issues - have these been taken care of in recent releases/snapshots?

Log in to reply