OpenVPN (Server) Bridging Working! (GUI)

namezero111111

Good afternoon everyone.

I have tried for four days to get the OpenVPN Server on 2.0-RC1 to work in bridging mode, and have finally succeeded. I tested it in an all virtual environment and it works.
I used the internal bridging function via the Interfaces->Bridges tab to bridge ovpns1 (OPT2) to LOCALNET (OPT1). (I kept LAN as a management interface because reassigning the bridge to LAN somehow always caused me to lose connection completely).
I then modified the vpn_openvpn_server.php and openvpn.inc files to reflect the changes, so that when "tap" mode is selected for the server, the tunnel network entry is no longer a required input.
If "tap" mode is selected, the correct entries are now written to the server1.conf file to start openvpn in "mode server". I didn't use "server-bridge" because that forced me to use openvpn-assigned addresses rather than DHCP from the LOCALNET side, which is what I wanted.

If anyone thinks I should / knows how to submit the two files or is interested in them, please let me know how I can let the developers know about the change. Also, if you'd like to test them, I can post them here, but I don't know if this is the right forum.

EDIT: Clarified Title. Though the modifications should work for clients too.

eri--

Put the patch on redmine.pfsense.org and it will be processed there.

slu

I have the same problem, is the change made in RC3?
When not, where I found the OpenVPN Server config on the pfsense?

namezero111111

I couldn't commit the changes. Let me know our email via PM and I see if I can send them to you if I find them.

slu

Thanks for the reply, I will now use the routing openvpn setup.

jaredadams

When you say bridging do you mean clients that connect to your server get an ip address on the internal lan and not on their own subnet?

If this is the case… what happens to broadcasts?  do they make their way into the lan that you know?

slu

When you say bridging do you mean clients that connect to your server get an ip address on the internal lan and not on their own subnet?

Yes you must use a ip range of the lan network with the same subnet.

If this is the case… what happens to broadcasts?  do they make their way into the lan that you know?

As far as I know pass broadcasts the bridge.

jptech

Would one of you be able to explain what you did in a little more detail?  I would like to do the same thing, but I'm not having any luck.

If either one of you could send me a copy of the files you changed (or the diffs), I'd really appreciate it.