Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN TAP bridging broke sometime in April

    Scheduled Pinned Locked Moved
    2.1 Snapshot Feedback and Problems - RETIRED
    2
    2
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      irvingpop
      last edited by

      OpenVPN TAP bridging was working in March,  but sometime during April's commits the bridge isn't being put together correctly.

      I have bridge0 set to bridge 2 interfaces (LAN and OVPNS/opt2):

      
	 <bridges><bridged><members>lan,opt2</members>
			 <enablestp><descr><maxaddr><timeout><stp>lan,opt2</stp>
			 <maxage><fwdelay><hellotime><priority><proto>rstp</proto>
			 <holdcount><ifpriority><ifpathcost><bridgeif>bridge0</bridgeif></ifpathcost></ifpriority></holdcount></priority></hellotime></fwdelay></maxage></timeout></maxaddr></descr></enablestp></bridged></bridges>

      Also OpenVPN TAP configuration has server bridge interface:

      
			<serverbridge_interface>lan</serverbridge_interface>

      The result (after apply and/or reboot) is the that only the ovpns1 interface is added to the bridge:

      
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether 02:a2:d4:6b:4d:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast>

      Simple workaround for now is just to re-add the LAN interface via the command Line.

      
[2.1-DEVELOPMENT][root@fw.foo.com]/root(4): ifconfig bridge0 addm vr0
[2.1-DEVELOPMENT][root@fw.foo.com]/root(5): ifconfig bridge0
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether 02:a2:d4:6b:4d:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000
	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast>

      I verified with today's snapshot on ALIX: 2.1-DEVELOPMENT (i386) built on Tue Apr 24 16:54:04 EDT 2012

      Like I said it was working back in March, but has been broken since at least April 9 (first April snap I tried).  I thought it might be my IPv6 configuration (Comcast 6to4)  but I've disabled all IPV6 with no change.

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There is an open ticket about bridging not working in general, that's probably the root cause.

        EDIT: And one for tap also:

        http://redmine.pfsense.org/issues/2360
        https://redmine.pfsense.org/issues/2314

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.