• Edit: Before you waste your time, I've figured it out… Solution below for anybody having the same issue.

    I've been trying to get this setup for the better part of a day and keep getting stuck. I've searched but haven't been able to find a clear answer to my particular problem. Hopefully somebody can lead me in the right direction. Here's my setup:

    I have a server running OpenVPN on "Network A". In the past, I've used dd-wrt on routers to connect to this server and create a bridge using tap. The setup would be something like… setup openvpn as client on dd-wrt, brctl addbr neta, brctl addif neta tap0, brctl neta eth1. That would give me access to "Network A" on the wireless interface of my remote router - no further setup required.

    I'm trying to get a similar setup on pfsense 1.2.3, but on this particular network I'm using VLANs. My pfsense router only has 1 NIC. I'm already using 2 VLANs: vlan0 is connected to a DSL modem, vlan1 is my LAN. I'm using a managed switch to break out the VLANs based on physical ports. I've now added a third VLAN (vlan2). I want to bridge tap0 on the pfsense router with vlan2 so I can route that network at some point down the line (I have 2 managed switches connected to the pfsense router).

    I've got all the VLANs setup properly, but it seems the firewall continues to block all traffic between tap0 and vlan2 when I bridge them. I can sometimes grab an IP address (and the OpenVPN server sees the MAC addresses) but I can't access anything on "Network A". I know my tunnel works because I can access all of Network A from the pfsense command line.

    I just need to know how to make the firewall allow bridge0 to function properly.

    In case that was unclear (it probably was), this is what I have:

    OpenVPN Server -> Network A -> Internet ------> pfSense (vlan0) --> OpenVPN Client (tap0) --> bridge0 (bridges tap0 and vlan2) --> vlan2 aka Network A.

    Both tap0 and bridge0 are successful at obtaining DHCP addresses from Network A, vlan2 is not. I've added the commands at the bottom of the FAQ below to my config.xml and it still does not work. Any help would be greatly appreciated.


    Fixed and working!!

    Solution was, of course, simple. Just had to create two new OPT interfaces. OPT1 to my tap0 interface and OPT2 to vlan2. Then I added a couple firewall rules to pass all traffic from OPT1 to OPT2 and all traffic from OPT2 to OPT1. Instantly grabbed on IP address on a computer connected to vlan2 and was able to access all of Network A.

  • What do your config files look like?