Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0-RC1 bridging issue between interfaces

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    6 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namezero111111
      last edited by

      Dear PFSense community,

      first of all thank you for releasing such a great product for free.
      I have used PFSense before in routed mode with great success, and have been testing a bridges setup for the past three days with little success.

      I have PFSense set up in a virtual machine for testing, and have assigned three network interfaces to different host LANs like follows:

      WAN -> de0 (will be used later on, not for this test)
      LAN -> bridge0 (IP. 192.168.234.252)
      OPT1 -> de2 (Ethernet Internal #1, bridge0 member)
      OPT2 -> de1 (Ethernet Internal #2, bridge0 member)

      I used this setup after reading this post on how to successfully bridge two adapters.
      I have also set the two bridge tunable system variables to 0 and 1 respectively.
      The LAN interface also has the standard pass LAN to any firewall rule enabled. The OPT interfaces have no firewall rules defined.

      My problem is that I cannot send data (e.g. pings) across that bridge, nor access the webConfigurator anymore.
      PFSense can ping itself on 192.168.234.252, but no other hosts on the 234 net. At first, a console ping returns nothing, and then after maybe 4 or 5 unsuccessful pings I receive "ping: sendto: host is down" error messages.

      EDIT: As a side note, when PFSense starts up, the DEC21443 virtual adapters (de0, de1, de2) are unresponsive. An ifconfig up/down for each will make them work. I've seen this issue on here before, but haven't fixed that yet. Just mentioning it in case it may play a role in the bridging issue.

      I have tried pretty much everything I can think of, but to no avail. If you could point me in the right direction, any help would greatly be appreciated.

      Thank you in advance!

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        You need to change the system tunables to filter on the bridge interface and not on members

        1 Reply Last reply Reply Quote 0
        • N
          namezero111111
          last edited by

          Thank you for your reply.

          I have net.link.bridge.pfil_member set to 0 ( Set to 0 to disable filtering on the incoming and outgoing member interfaces) and net.link.bridge.pfil_bridge set to 1 (Set to 1 to enable filtering on the bridge interface).
          Am I misunderstanding something here?

          1 Reply Last reply Reply Quote 0
          • G
            getahost.com
            last edited by

            namezero111111

            Just wondering if you ever got your bridging solution to work.  Please let me know how you made it work if you did. Thank you.

            1 Reply Last reply Reply Quote 0
            • N
              namezero111111
              last edited by

              Hey getahostcom.

              Yes, I did get it to work for P2P/TLS between two servers by making changes to two configuration files that I modified for the user interface.
              I then followed the Bridging Howto here: http://forum.pfsense.org/index.php/topic,20917.0.html

              I would like to share the two files with the rest of the community, by uploading the files into the repository, but I don't know how to do that on redmine.pfsense.org.

              I can attach them here when I get home tonight.
              Thanks!

              1 Reply Last reply Reply Quote 0
              • N
                namezero111111
                last edited by

                Here's the two promised files:

                • Remove .txt extensions from the two files (forum restriction).
                • Use any tool or the diagnostics menu to edit files
                • Replace /etc/inc/openvpn.inc with supplied openvpn.inc
                • Replace /usr/local/www/vpn_openvpn_server.php with vpn_openvpn_server.php

                You can then select the TAP adapter for the server and leave the "Tunnel Network" field empty.

                Note that this config file doesn't write the server-bridge directive, but rather "mode server" to the config file, since I didn't want the OVPN server to act as a DHCP server for the clients due to the fact that I was bridging the tap interface with a LAN interface.

                Let me know if this works for you. Also, if you update to a new snapshot, you'll have to replace the two files again.

                @Admins: How to commit the to the repository?

                vpn_openvpn_server.php.txt
                openvpn.inc.txt

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.