Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server-bridge on pfSense 2.0-BETA3

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Asmante
      last edited by

      Hi,
      I have question about configuration my pfsense machine to create OpenVPN in server-bridge mode.
      I fallow instructions on http://doc.pfsense.org/index.php/OpenVPN_Bridging and I can't get it to work.
      When I edit the OpenVPN: Server tab in webGUI

      for Peer to Peer (Server mode) I get error:

      Options error: –server-bridge directive only makes sense with --dev tap

      for Remote Access (Server mode) I get error:

      Options error: –server and --server-bridge cannot be used together

      my "Advanced configuration" is:
      dev tap0;server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102;

      all check box's are unmarked on both "Server mode".

      I think issue is in parsing config.xml to server1.conf
      As I read this problem was back around by unmarked a "Use Static IPs" field.
      In pfS 2.0 I don't have this option.

      My settings based on Remote Access:

      server1.conf
      [hr][/hr]
      dev ovpns1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 83.13.1.198
      tls-server
      server 192.168.5.1 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      lport 1194
      management 127.0.0.1 1194
      ca /var/etc/openvpn/server1.ca 
      cert /var/etc/openvpn/server1.cert 
      key /var/etc/openvpn/server1.key 
      dh /etc/dh-parameters.1024
      dev tap0
      server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102
      
      config.xml
      [hr][/hr]
      .... 
      	 <openvpn><openvpn-server><vpnid>1</vpnid>
      			<mode>server_tls</mode>
      			<authmode>Local Database</authmode>
      			<protocol>UDP</protocol>
      			<ipaddr></ipaddr>
      			<interface>wan</interface>
      			<local_port>1194</local_port>
      
      			<custom_options>dev tap0;server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102;</custom_options>
      			<caref>4c19d570b6fbd</caref>
      			<certref>4c228983b9f75</certref>
      			<dh_length>1024</dh_length>
      			<crypto>AES-128-CBC</crypto>
      			<tunnel_network>192.168.5.1/24</tunnel_network>
      			 <remote_network><local_network><maxclients><passtos></passtos>
      
      			<dynamic_ip></dynamic_ip>
      			<pool_enable>no</pool_enable>
      			<netbios_enable></netbios_enable>
      			<netbios_ntype>0</netbios_ntype></maxclients></local_network></remote_network></openvpn-server></openvpn> 
      ...
      	 <system>...
      		<earlyshellcmd>ifconfig bridge0 create</earlyshellcmd>
      		<earlyshellcmd>ifconfig bridge0 addm em0 up</earlyshellcmd>
      		<shellcmd>ifconfig bridge0 addm tap0</shellcmd></system> 
      
      1 Reply Last reply Reply Quote 0
      • A
        Asmante
        last edited by

        Any one can help?

        1 Reply Last reply Reply Quote 0
        • S
          saguiev
          last edited by

          Same problem for me

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Those instructions can't be used on 2.0. Bridging is built in, though I don't know it's been tested yet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.