Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN TAP bridging broke sometime in April

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      irvingpop
      last edited by

      OpenVPN TAP bridging was working in March,  but sometime during April's commits the bridge isn't being put together correctly.

      I have bridge0 set to bridge 2 interfaces (LAN and OVPNS/opt2):

      
      	 <bridges><bridged><members>lan,opt2</members>
      			 <enablestp><descr><maxaddr><timeout><stp>lan,opt2</stp>
      			 <maxage><fwdelay><hellotime><priority><proto>rstp</proto>
      			 <holdcount><ifpriority><ifpathcost><bridgeif>bridge0</bridgeif></ifpathcost></ifpriority></holdcount></priority></hellotime></fwdelay></maxage></timeout></maxaddr></descr></enablestp></bridged></bridges> 
      
      

      Also OpenVPN TAP configuration has server bridge interface:

      
      			<serverbridge_interface>lan</serverbridge_interface>
      
      

      The result (after apply and/or reboot) is the that only the ovpns1 interface is added to the bridge:

      
      bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
      	ether 02:a2:d4:6b:4d:00
      	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
      	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
      	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
      	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast> 
      

      Simple workaround for now is just to re-add the LAN interface via the command Line.

      
      [2.1-DEVELOPMENT][root@fw.foo.com]/root(4): ifconfig bridge0 addm vr0
      [2.1-DEVELOPMENT][root@fw.foo.com]/root(5): ifconfig bridge0
      bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
      	ether 02:a2:d4:6b:4d:00
      	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
      	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
      	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
      	member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000
      	member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 2000000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast> 
      

      I verified with today's snapshot on ALIX: 2.1-DEVELOPMENT (i386) built on Tue Apr 24 16:54:04 EDT 2012

      Like I said it was working back in March, but has been broken since at least April 9 (first April snap I tried).  I thought it might be my IPv6 configuration (Comcast 6to4)  but I've disabled all IPV6 with no change.

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There is an open ticket about bridging not working in general, that's probably the root cause.

        EDIT: And one for tap also:

        http://redmine.pfsense.org/issues/2360
        https://redmine.pfsense.org/issues/2314

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.