TAP does not appear to be bridged



  • Hello,
    I am trying to configure a TAP network. My network consists of the following:

    • 10.2.0.1: DHCP server, main router
    • 10.2.0.2: VPN server, DNS server, internet gateway (pfSense)

    When a physical client joins the network, it get DHCP and gateway from/as 10.2.0.1. This router forwards outbound traffic to 10.2.0.2 and inbound traffic directly to the other subnets. This is a router-on-a-stick configuration.

    My goal is to route internet, DNS, and any 10.0.0.0/8 address through the VPN. I do not want it to route the other private address ranges or link-local.

    OpenVPN is setup with the following settings (omitted authentication/encryption options since they are working flawlessly):

    • Device mode: tap
    • IPv4 Tunnel Network: empty
    • IPv6 Tunnel Network: empty
    • Bridge DHCP: checked
    • Bridge Interface: VPN_LAN_BRIDGE
    • Bridge Route Gateway: unchecked
    • Server Bridge DHCP Start: empty
    • Server Bridge DHCP End: empty
    • Redirect IPv4 Gateway: unchecked
    • Redirect IPv6 Gateway: unchecked
    • IPv4 Local network(s): empty
    • IPv6 Local network(s): empty
    • Type-of-Service: unchecked
    • Inter-client communication: checked
    • Dynamic IP: checked
    • DNS Server enable: checked
    • DNS Server 1: 10.2.0.2
    • Block Outside DNS: checked
    • Custom options:
      push "route 10.0.0.0 255.0.0.0 10.2.0.1";
      push "route 0.0.0.0 128.0.0.0 10.2.0.2";
      push "route 128.0.0.0 128.0.0.0 10.2.0.2";
      
    • UDP Fast I/O: unchecked
    • Send/Receive Buffer: Default
    • Gateway creation: Both

    VPN_LAN_BRIDGE is a bridge interface bridging LAN and the VPN interface. The VPN interface is assigned, and the bridge interface is assigned (but without an IP since that would overlap with the LAN interface).

    I have also tried adding push "route-gateway 10.2.0.1"; to no avail. I have tried every combination of: completely removing my custom routes, checking Bridge Route Gateway, checking Redirect IPv4 Gateway, and completely opening the firewall on every interface.

    The client does not receive DHCP/get an IP. I suspect that it cannot get to 10.2.0.1.

    At some point with some fiddling I got it to work. However once I restarted pfSense, it would not work anymore. I am not sure why, and I have not been able to get it to work again.

    pfSense 2.4.4-RELEASE-p3 (amd64)

    Happy Holidays!


Log in to reply