Strange route issue with L2 (tap) VPN
-
So my home network (pfSense) consists of several sub-nets that I will describe like so:
-
10.1.0.1/24 LAN (VLAN1)
-
10.1.1.1/24 IoT (VLAN2)
-
10.1.2.1/24 DMZ (VLAN3)
-
172.16.1.1/24 Guest (VLAN4)
-
192.168.1.1/24 NMS (no VLAN) < this interface is a bridge to combine ETH1 and the OpenVPN L2 (tap)
My remote network (OpenWRT) I will describe like so:
-
10.2.0.1/24 LAN (br-lan.1)
-
172.16.2.1/24 Guest (br-lan.2)
-
192.168.1.2/24 NMS, (tap0) < OpenVPN
I am using OSPF for dynamic routes between home and remote and everything seems to work well except for ONE problem; from my remote LAN (10.2.0.0/24), I can't talk to endpoints on the NMS (192.168.1.0/24) at home. I can talk to endpoints on all other sub-nets just fine. Strangely, I can actually talk to my pfSense on the NMS address just fine. And, the pfSense can "ping" from the NMS interface to my remote LAN just fine. But, I still can't seem to talk to other NMS endpoints that are on the wire outside of the pfSense box! I'm not well versed enough with pfSense that I could use some help with this.
Additional context:
On the DMZ at home, I have a PiVPN (for tun, not tap clients) and whenever I connect a client to that, I can reach the endpoints on the NMS just fine. So the lack of connectivity to the NMS from the L2 VPN (tap) on pfSense must be some goofy firewall rule that I can't figure out or some setting that I can't figure out between pfSense and the OpenVPN instance that runs on it.Thanks all in advance!
-
