TAP does not appear to be bridged
I am trying to configure a TAP network. My network consists of the following:
- 10.2.0.1: DHCP server, main router
- 10.2.0.2: VPN server, DNS server, internet gateway (pfSense)
When a physical client joins the network, it get DHCP and gateway from/as 10.2.0.1. This router forwards outbound traffic to 10.2.0.2 and inbound traffic directly to the other subnets. This is a router-on-a-stick configuration.
My goal is to route internet, DNS, and any 10.0.0.0/8 address through the VPN. I do not want it to route the other private address ranges or link-local.
OpenVPN is setup with the following settings (omitted authentication/encryption options since they are working flawlessly):
- Device mode: tap
- IPv4 Tunnel Network: empty
- IPv6 Tunnel Network: empty
- Bridge DHCP: checked
- Bridge Interface:
- Bridge Route Gateway: unchecked
- Server Bridge DHCP Start: empty
- Server Bridge DHCP End: empty
- Redirect IPv4 Gateway: unchecked
- Redirect IPv6 Gateway: unchecked
- IPv4 Local network(s): empty
- IPv6 Local network(s): empty
- Type-of-Service: unchecked
- Inter-client communication: checked
- Dynamic IP: checked
- DNS Server enable: checked
- DNS Server 1: 10.2.0.2
- Block Outside DNS: checked
- Custom options:
push "route 10.0.0.0 255.0.0.0 10.2.0.1"; push "route 0.0.0.0 22.214.171.124 10.2.0.2"; push "route 126.96.36.199 188.8.131.52 10.2.0.2";
- UDP Fast I/O: unchecked
- Send/Receive Buffer: Default
- Gateway creation: Both
VPN_LAN_BRIDGEis a bridge interface bridging
LANand the VPN interface. The VPN interface is assigned, and the bridge interface is assigned (but without an IP since that would overlap with the
I have also tried adding
push "route-gateway 10.2.0.1";to no avail. I have tried every combination of: completely removing my custom routes, checking Bridge Route Gateway, checking Redirect IPv4 Gateway, and completely opening the firewall on every interface.
The client does not receive DHCP/get an IP. I suspect that it cannot get to 10.2.0.1.
At some point with some fiddling I got it to work. However once I restarted pfSense, it would not work anymore. I am not sure why, and I have not been able to get it to work again.
pfSense 2.4.4-RELEASE-p3 (amd64)