5. OpenVPN TAP bridging broke sometime in April

OpenVPN TAP bridging broke sometime in April

  • I

    OpenVPN TAP bridging was working in March,  but sometime during April's commits the bridge isn't being put together correctly.

    I have bridge0 set to bridge 2 interfaces (LAN and OVPNS/opt2):

    
	 <bridges><bridged><members>lan,opt2</members>
			 <enablestp><descr><maxaddr><timeout><stp>lan,opt2</stp>
			 <maxage><fwdelay><hellotime><priority><proto>rstp</proto>
			 <holdcount><ifpriority><ifpathcost><bridgeif>bridge0</bridgeif></ifpathcost></ifpriority></holdcount></priority></hellotime></fwdelay></maxage></timeout></maxaddr></descr></enablestp></bridged></bridges>

    Also OpenVPN TAP configuration has server bridge interface:

    
			<serverbridge_interface>lan</serverbridge_interface>

    The result (after apply and/or reboot) is the that only the ovpns1 interface is added to the bridge:

    
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether 02:a2:d4:6b:4d:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast>

    Simple workaround for now is just to re-add the LAN interface via the command Line.

    
[2.1-DEVELOPMENT][root@fw.foo.com]/root(4): ifconfig bridge0 addm vr0
[2.1-DEVELOPMENT][root@fw.foo.com]/root(5): ifconfig bridge0
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	ether 02:a2:d4:6b:4d:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000
	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast>

    I verified with today's snapshot on ALIX: 2.1-DEVELOPMENT (i386) built on Tue Apr 24 16:54:04 EDT 2012

    Like I said it was working back in March, but has been broken since at least April 9 (first April snap I tried).  I thought it might be my IPv6 configuration (Comcast 6to4)  but I've disabled all IPV6 with no change.

    Any help would be appreciated.

    0
  • Rebel Alliance Developer Netgate

    There is an open ticket about bridging not working in general, that's probably the root cause.

    EDIT: And one for tap also:

    http://redmine.pfsense.org/issues/2360
    https://redmine.pfsense.org/issues/2314

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy