[2.0.3] Bridged VPN Clients can connect to server, but can't communicate.
-
Thanks in advance for any help/advice that can be given.
I have a pfSense firewall in my office with an OpenVPN TAP bridge configured. I'm trying to connect a remote server running Windows Server 2012. The machine seems to connect fine; the connection comes up, the IP that it's supposed to get assigned gets assigned, and it gets the right default gateway, DNS server, domain extension, etc. I have a TAP interface configured with the right OpenVPN adapter assigned to it, and there is a bridge in place connecting TAP and LAN. All the appropriate firewall rules are in place. However, the two ends can't communicate; I've tried pinging from my PC to the remote server and vice versa, and back and forth between the firewall and the remote server.
I checked the firewall logs, and it looks like it's blocking traffic coming from the remote host across that adapter, but I have no idea why. I should also note that I have two OpenVPN instances running on this firewall; one tunnel network, and one bridged network. My end server has separate configurations and TAP adapters for each, and the tunnel adapter works perfectly fine (and yes, I would rather use the tunnel setup, but the task this server is being used for is going to require a bridged setup).
Any suggestions? I can post config files if anyone needs to see specifics; but as far as I'm aware, they're fine.
-
I figured it out! The missing piece was that I had to create a new interface (which I called "BRG") and added the bridge adapter to it. From there, I was able to assign it an IP address (which wasn't necessary except for ping testing), and, most importantly, add firewall rules to that interface. From there, it was a simple matter of adding an allow any to any rule on that interface, and now I can ping over the bridged VPN.