Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense bridging openvpn site to site

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 893 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brandon-lizard
      last edited by

      I've setup openvpn between two pfsense boxes on different networks in tap mode. Both pfsense boxes are connected to each other fine via openvpn. I've setup a bridge for both lans, but they will not communicate. I see the requests in the firewall coming through and they aren't getting blocked.

      Home Lan 192.168.10.0/24
      Remote Lan 192.168.20.0/24

      Home Pfsense -> OpenVPN Tap -> Remote Pfsense

      I've been trying to remote desktop from 192.168.10.108 to 192.168.20.4

      J V 2 Replies Last reply Reply Quote 0
      • J
        Jarhead @brandon-lizard
        last edited by

        @brandon-lizard Why are you using tap if they're both different subnets?
        You want tun.

        B 1 Reply Last reply Reply Quote 0
        • B
          brandon-lizard @Jarhead
          last edited by brandon-lizard

          @jarhead This is because I've been pxe booting from the remote side. I have a vlan setup on my home side for other computers. When I tried it in tun mode, I couldn't get it to work.

          J 1 Reply Last reply Reply Quote 0
          • V
            viragomann @brandon-lizard
            last edited by

            @brandon-lizard
            I'm afraid, you will not get much support here for tap mode OpenVPN. Any guy who has some networking knowledge would probably solve it with tun.
            There are quite rarely applications out there which really requires tap mode.

            Home Lan 192.168.10.0/24
            Remote Lan 192.168.20.0/24

            So the boxes won't be able to route to the other site at all. With tap both sites need to be in a single subnets.
            If you cannot or you want not set it up this way forget tap mode.

            When I tried it in tun mode, I couldn't get it to work.

            What exactly?

            1 Reply Last reply Reply Quote 0
            • J
              Jarhead @brandon-lizard
              last edited by

              @brandon-lizard said in Pfsense bridging openvpn site to site:

              @jarhead This is because I've been pxe booting from the remote side. I have a vlan setup on my home side for other computers. When I tried it in tun mode, I couldn't get it to work.

              Ok, I think I remember your other thread on that.
              So the tap works for what you wanted to do with it, now you want to do more.
              Why not setup another tun vpn to access the other subnet?
              The tap won't do it.

              1 Reply Last reply Reply Quote 0
              • B
                brandon-lizard
                last edited by

                @jarhead
                Yes, thank you. I remember now, it needs to be on same subnet like you told me before. I understand now why it’s not working. Just created a new vpn server instance on port 1195 using the tun mode. It works great now that way for my use. I just connect when I need to.

                The other instance in tap mode that runs within a vlan on the home side is bridged on the same matching subnet as on the remote side. That works great for my dhcp needs for this specific computers.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.