Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [2.0.3] Bridged VPN Clients can connect to server, but can't communicate.

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nbuonanno
      last edited by

      Thanks in advance for any help/advice that can be given.

      I have a pfSense firewall in my office with an OpenVPN TAP bridge configured. I'm trying to connect a remote server running Windows Server 2012. The machine seems to connect fine; the connection comes up, the IP that it's supposed to get assigned gets assigned, and it gets the right default gateway, DNS server, domain extension, etc. I have a TAP interface configured with the right OpenVPN adapter assigned to it, and there is a bridge in place connecting TAP and LAN. All the appropriate firewall rules are in place. However, the two ends can't communicate; I've tried pinging from my PC to the remote server and vice versa, and back and forth between the firewall and the remote server.

      I checked the firewall logs, and it looks like it's blocking traffic coming from the remote host across that adapter, but I have no idea why. I should also note that I have two OpenVPN instances running on this firewall; one tunnel network, and one bridged network. My end server has separate configurations and TAP adapters for each, and the tunnel adapter works perfectly fine (and yes, I would rather use the tunnel setup, but the task this server is being used for is going to require a bridged setup).

      Any suggestions? I can post config files if anyone needs to see specifics; but as far as I'm aware, they're fine.

      1 Reply Last reply Reply Quote 0
      • N
        nbuonanno
        last edited by

        I figured it out! The missing piece was that I had to create a new interface (which I called "BRG") and added the bridge adapter to it. From there, I was able to assign it an IP address (which wasn't necessary except for ping testing), and, most importantly, add firewall rules to that interface. From there, it was a simple matter of adding an allow any to any rule on that interface, and now I can ping over the bridged VPN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.