OpenVPN TAP and STP problem



  • Hello all,

    I am running pfSense 2.0.1 with the OpenVPN Tap bridging fix installed.

    The problem that I am having is that if i set up a bridge with LAN and the OpenVPN (Client or Server) and enable STP/RSTP on the LAN and VPN interfaces STP does not get enabled on the OpenVPN interface at boot…

    em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:25:90:6b:92:14
            inet6 fe80::225:90ff:fe6b:9214%em0 prefixlen 64 scopeid 0x1
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:25:90:6b:92:15
            inet ##.##.###.# netmask 0xfffffff8 broadcast ##.##.###.#
            inet6 fe80::225:90ff:fe6b:9215%em1 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    pflog0: flags=100 <promisc>metric 0 mtu 33664
    pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    enc0: flags=0<> metric 0 mtu 1536
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
            nd6 options=3 <performnud,accept_rtadv>bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether ee:20:29:86:a0:35
            id 00:25:90:6b:92:14 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto stp maxaddr 100 timeout 1200
            root id 00:25:90:6b:92:14 priority 32768 ifcost 0 port 0
            member: ovpnc1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 65535
            member: em0 flags=1c7 <learning,discover,stp,autoedge,ptp,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 65535 proto stp
                    role designated state forwarding
    ovpnc1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=80000 <linkstate>ether 00:bd:98:34:00:01
            inet6 fe80::2bd:98ff:fe34:1%ovpnc1 prefixlen 64 scopeid 0x8
            nd6 options=3 <performnud,accept_rtadv>Opened by PID 13490
    tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
            options=80000 <linkstate>Thanks in advance for your help…</linkstate></pointopoint,multicast></performnud,accept_rtadv></linkstate></up,broadcast,running,promisc,simplex,multicast></learning,discover,stp,autoedge,ptp,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast>



  • Not sure STP works on any virtual interfaces, does it ever show there?



  • Hello,

    If I recreate the bridge or change the STP proto (stp/rstp) stp will be enabled on the openVPN interface. However, after a reboot stp is only enabled on the physical nic. For now this isn't a game changer for me as my network is working ok with each connected stack electing it self at the root when stp is disabled. When I have STP on the nic in pfSense the switches elect the pfSense nic as the root (I can change this by adjusting the priority though).

    Thanks for your time,

    Fred


Locked