SG-2100 can't connect to web in VPN TAP mode with LAN Bridged to WAN

capelog

Hoping someone can help a newbie,

I’m attempting to set up a VPN (TAP) so I can connect a remote computer to the same LAN in the SG-2100 pfSense network via a bridge and not a tunnel. My goal is to be able to remotely connect to some Ubiquiti UniFi AP’s via Ubiquiti’s web based control console. The Ubiquity console requires that it be on the same network as the AP LAN network which is the LAN network on the pfSense SG-2100. (I know there is a cloud key solution to this but I'd like to avoid using that if possible.)

Setting up a VPN in TUN gives the remote computer the IP address of the VPN and not the SG-2100's LAN. I need the remote computer to be on the pfSense LAN network

I’ve found that remotely connecting the Ubiquiti Console and controlling the UniFi AP’s is possible when I set up a VPN in bridge mode via a VPN (tap). That’s because the remote computer’s IP address assignment then comes from the SG-2100 LAN DHCP server range and thus matches that of the LAN in the SG-2100. But I can’t figure out how get the remote computer on the SG-2100 LAN network when I use the VPN (TUN) mode.

Here are my two problems with using the VPN TAP mode.

1. The SG-2100 loses access to the internet (clients connected to the SG-2100 lose access to the internet) once I bridge the WAN to LAN in the pfSense Interface/Assignments/Bridges.

As soon as I remove the bridge and reboot the SG-2100, internet access returns.

2. Removing the WAN/LAN bridge breaks the VPN (TAP) connection.

Can some one please tell me where I’ve gone wrong and how to retain internet access on the SG-2100 when the LAN and WAN are bridged together?

If that’s not possible, please tell me how to use a VPN in TUN mode and have the remote computer be assigned the IP address via the DHCP in the SG-2100 LAN network.

Thanks,