OpenVPN TAP and STP problem

fstephani

Hello all,

I am running pfSense 2.0.1 with the OpenVPN Tap bridging fix installed.

The problem that I am having is that if i set up a bridge with LAN and the OpenVPN (Client or Server) and enable STP/RSTP on the LAN and VPN interfaces STP does not get enabled on the OpenVPN interface at boot…

em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:25:90:6b:92:14
        inet6 fe80::225:90ff:fe6b:9214%em0 prefixlen 64 scopeid 0x1
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:25:90:6b:92:15
        inet ##.##.###.# netmask 0xfffffff8 broadcast ##.##.###.#
        inet6 fe80::225:90ff:fe6b:9215%em1 prefixlen 64 scopeid 0x2
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
pflog0: flags=100 <promisc>metric 0 mtu 33664
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
enc0: flags=0<> metric 0 mtu 1536
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        nd6 options=3 <performnud,accept_rtadv>bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether ee:20:29:86:a0:35
        id 00:25:90:6b:92:14 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto stp maxaddr 100 timeout 1200
        root id 00:25:90:6b:92:14 priority 32768 ifcost 0 port 0
        member: ovpnc1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 65535
        member: em0 flags=1c7 <learning,discover,stp,autoedge,ptp,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 65535 proto stp
                role designated state forwarding
ovpnc1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=80000 <linkstate>ether 00:bd:98:34:00:01
        inet6 fe80::2bd:98ff:fe34:1%ovpnc1 prefixlen 64 scopeid 0x8
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 13490
tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
        options=80000 <linkstate>Thanks in advance for your help…</linkstate></pointopoint,multicast></performnud,accept_rtadv></linkstate></up,broadcast,running,promisc,simplex,multicast></learning,discover,stp,autoedge,ptp,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast>

cmb

Not sure STP works on any virtual interfaces, does it ever show there?

fstephani

Hello,

If I recreate the bridge or change the STP proto (stp/rstp) stp will be enabled on the openVPN interface. However, after a reboot stp is only enabled on the physical nic. For now this isn't a game changer for me as my network is working ok with each connected stack electing it self at the root when stp is disabled. When I have STP on the nic in pfSense the switches elect the pfSense nic as the root (I can change this by adjusting the priority though).

Thanks for your time,

Fred