Need clarification on openVPN usage



  • I need some assistance with understanding openVPN diagrams and something that I haven't seen explicitly stated.

    I THINK what I am wanting to do is bridging, but I found the document that seems to state it doesn't work on 2.0. Again I even need clarificaiton on that. Does that mean it doesn't work on the whole 2 series or 2.0 specifically? I am running 2.1 currently.

    I want remote clients on any remote network to be able to VPN in and receive an IP address in a reserved block on our real internal network scheme. The same address range as the LAN interface on the Sense box.

    So for example:

    Client (192.168.1.23)  –> Home NAT Router (192.168.1.1) --->Internet ---> PFSense 172.20.1.1----> Real LAN address 172.20.1.51

    Every example that I have seen SEEMS to indicate the need for a different subnet for the VPN addresses which I don't want to do.

    Is the above possible with PFSense 2.1 and openVPN. Can anyone point to a document that details this out a little clearer?



  • Yes, you can use "tap" mode to "bridge" in to the LAN. I don't personally do that (I always use "tun" with a separate subnet), so can't give useful guidance, and doc.pfsense.org does not look like it has up-to-date instructions on that.
    Someone else feel free to point to more help…


  • Rebel Alliance Developer Netgate

    You need a tap bridge, but that only works properly on 2.1.x. IIRC there are howtos here on the forum … somewhere, I wrote one of them somewhere.

    You can do it on 2.0.x with the tap bridge fix package that fixes a few things in 2.0.x for tap VPNs that didn't make it into a 2.0.x release.

    Basically you setup the VPN in tap mode, no tunnel network, set it to bridge to LAN, set the DHCP options you want, and then you have to assign the VPN interface under Interfaces > (assign), enable that, then setup an actual bridge between the LAN and that new interface.