Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN server-bridge on pfSense 2.0-BETA3

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Asmante
      last edited by

      Hi,
      I have question about configuration my pfsense machine to create OpenVPN in server-bridge mode.
      I fallow instructions on http://doc.pfsense.org/index.php/OpenVPN_Bridging and I can't get it to work.
      When I edit the OpenVPN: Server tab in webGUI

      for Peer to Peer (Server mode) I get error:

      Options error: –server-bridge directive only makes sense with --dev tap

      for Remote Access (Server mode) I get error:

      Options error: –server and --server-bridge cannot be used together

      my "Advanced configuration" is:
      dev tap0;server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102;

      all check box's are unmarked on both "Server mode".

      I think issue is in parsing config.xml to server1.conf
      As I read this problem was back around by unmarked a "Use Static IPs" field.
      In pfS 2.0 I don't have this option.

      My settings based on Remote Access:

      server1.conf
[hr][/hr]
dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 83.13.1.198
tls-server
server 192.168.5.1 255.255.255.0
client-config-dir /var/etc/openvpn-csc
lport 1194
management 127.0.0.1 1194
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.1024
dev tap0
server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102

config.xml
[hr][/hr]
.... 
	 <openvpn><openvpn-server><vpnid>1</vpnid>
			<mode>server_tls</mode>
			<authmode>Local Database</authmode>
			<protocol>UDP</protocol>
			<ipaddr></ipaddr>
			<interface>wan</interface>
			<local_port>1194</local_port>

			<custom_options>dev tap0;server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.102;</custom_options>
			<caref>4c19d570b6fbd</caref>
			<certref>4c228983b9f75</certref>
			<dh_length>1024</dh_length>
			<crypto>AES-128-CBC</crypto>
			<tunnel_network>192.168.5.1/24</tunnel_network>
			 <remote_network><local_network><maxclients><passtos></passtos>

			<dynamic_ip></dynamic_ip>
			<pool_enable>no</pool_enable>
			<netbios_enable></netbios_enable>
			<netbios_ntype>0</netbios_ntype></maxclients></local_network></remote_network></openvpn-server></openvpn> 
...
	 <system>...
		<earlyshellcmd>ifconfig bridge0 create</earlyshellcmd>
		<earlyshellcmd>ifconfig bridge0 addm em0 up</earlyshellcmd>
		<shellcmd>ifconfig bridge0 addm tap0</shellcmd></system>
      1 Reply Last reply Reply Quote 0
      • A
        Asmante
        last edited by

        Any one can help?

        1 Reply Last reply Reply Quote 0
        • S
          saguiev
          last edited by

          Same problem for me

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Those instructions can't be used on 2.0. Bridging is built in, though I don't know it's been tested yet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.