Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange route issue with L2 (tap) VPN

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 84 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • crazily9892C
      crazily9892
      last edited by crazily9892

      So my home network (pfSense) consists of several sub-nets that I will describe like so:

      • 10.1.0.1/24 LAN (VLAN1)

      • 10.1.1.1/24 IoT (VLAN2)

      • 10.1.2.1/24 DMZ (VLAN3)

      • 172.16.1.1/24 Guest (VLAN4)

      • 192.168.1.1/24 NMS (no VLAN) < this interface is a bridge to combine ETH1 and the OpenVPN L2 (tap)

      My remote network (OpenWRT) I will describe like so:

      • 10.2.0.1/24 LAN (br-lan.1)

      • 172.16.2.1/24 Guest (br-lan.2)

      • 192.168.1.2/24 NMS, (tap0) < OpenVPN

      I am using OSPF for dynamic routes between home and remote and everything seems to work well except for ONE problem; from my remote LAN (10.2.0.0/24), I can't talk to endpoints on the NMS (192.168.1.0/24) at home. I can talk to endpoints on all other sub-nets just fine. Strangely, I can actually talk to my pfSense on the NMS address just fine. And, the pfSense can "ping" from the NMS interface to my remote LAN just fine. But, I still can't seem to talk to other NMS endpoints that are on the wire outside of the pfSense box! I'm not well versed enough with pfSense that I could use some help with this.

      Additional context:
      On the DMZ at home, I have a PiVPN (for tun, not tap clients) and whenever I connect a client to that, I can reach the endpoints on the NMS just fine. So the lack of connectivity to the NMS from the L2 VPN (tap) on pfSense must be some goofy firewall rule that I can't figure out or some setting that I can't figure out between pfSense and the OpenVPN instance that runs on it.

      Thanks all in advance!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.