OpenVPN TAP bridging.



  • Hello everyone!

    This post could be set to gaming, or OpenVPN, but the issue is more geared towards OpenVPN, so I will post here.

    Currently I have a setup with pfSense on an IP3 box, and I have a Tunnel network connecting clients to me. This works great for file sharing! They can see the server, and if I push the tunnel network route to everyone, the can see each other too. However, this method falls short when it comes to gaming. My clients are not able to see hosted games, and I am not able to see their hosted games.  I thought the problem might be that LAN games won't look outside their subnet to find a game (Hence LAN), so I decided to create a TAP Bridge. I have the package for that and everything, and my clients ARE getting IP addresses within the range of my network, but we are not able to ping each other.

    I suppose the first issue would be discovering how to rectify the ping issue, since that needs to happen before being able to play game on LAN.

    Anyone ever gone through setting up a TAP bridge before?  Suggestions?  Anything is helpful. thanks!

    /E


  • Rebel Alliance Developer Netgate

    That works OK but you need to make sure that neither side has conflicting IPs anywhere, or the whole thing will fall apart. (For example if your LAN firewall is 192.168.1.1 and so is theirs)

    So long as your firewall rules pass the traffic, and their firewall rules pass traffic, you should be able to send traffic either way.



  • My LAN is 10.10.6.0/24, and all of my clients are 192.168.1.0/24 at their locations.

    Most of the clients I have just have little Linksys boxes as their Gateway/Firewall. They did not have to create rules for the Tunnel I created. Would this have to change in the TAP bridge model?

    In the Tunnel model I had, my clients were getting IP's and I could ping them. However now, although they are still getting IP addresses, I cannot ping them, even though their IP is on the same network as my LAN. I would assume that the rule for allowing LAN -> LAN would include clients who are getting LAN addresses virtually over the TAP bridge.

    Would LZO be effecting this at all?


  • Rebel Alliance Developer Netgate

    Ah I thought you were doing router-to-router and not remote access.

    Did you actually assign your OpenVPN interface and create a bridge with your OpenVPN and LAN interfaces, and have appropriate rules on both?



  • @jimp:

    Ah I thought you were doing router-to-router and not remote access.

    Did you actually assign your OpenVPN interface and create a bridge with your OpenVPN and LAN interfaces, and have appropriate rules on both?

    AH ha! no, I did not. Is there a guide on this somewhere?


  • Rebel Alliance Developer Netgate

    I don't think there is a howto, but I'm fairly certain I've gone over the whole config elsewhere on the forum in other posts.



  • @jimp:

    I don't think there is a howto, but I'm fairly certain I've gone over the whole config elsewhere on the forum in other posts.

    http://hardforum.com/showthread.php?t=1663797

    There is the guide.  I can copy pasta what it says once I test and make sure it works.


Log in to reply