Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need clarification on openVPN usage

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 935 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      getut
      last edited by

      I need some assistance with understanding openVPN diagrams and something that I haven't seen explicitly stated.

      I THINK what I am wanting to do is bridging, but I found the document that seems to state it doesn't work on 2.0. Again I even need clarificaiton on that. Does that mean it doesn't work on the whole 2 series or 2.0 specifically? I am running 2.1 currently.

      I want remote clients on any remote network to be able to VPN in and receive an IP address in a reserved block on our real internal network scheme. The same address range as the LAN interface on the Sense box.

      So for example:

      Client (192.168.1.23)  –> Home NAT Router (192.168.1.1) --->Internet ---> PFSense 172.20.1.1----> Real LAN address 172.20.1.51

      Every example that I have seen SEEMS to indicate the need for a different subnet for the VPN addresses which I don't want to do.

      Is the above possible with PFSense 2.1 and openVPN. Can anyone point to a document that details this out a little clearer?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Yes, you can use "tap" mode to "bridge" in to the LAN. I don't personally do that (I always use "tun" with a separate subnet), so can't give useful guidance, and doc.pfsense.org does not look like it has up-to-date instructions on that.
        Someone else feel free to point to more help…

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You need a tap bridge, but that only works properly on 2.1.x. IIRC there are howtos here on the forum … somewhere, I wrote one of them somewhere.

          You can do it on 2.0.x with the tap bridge fix package that fixes a few things in 2.0.x for tap VPNs that didn't make it into a 2.0.x release.

          Basically you setup the VPN in tap mode, no tunnel network, set it to bridge to LAN, set the DHCP options you want, and then you have to assign the VPN interface under Interfaces > (assign), enable that, then setup an actual bridge between the LAN and that new interface.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.