4. OpenVPN Tap

OpenVPN Tap

  • T

    I have already a few OpenVPN site to site tunnels running, on tun mode with routed subnets from another endpoint. Everything ok and fine here.

    Now i did set up a roadwarrior login, following this nice description:

    https://forum.pfsense.org/index.php?topic=46984.0

    I did run into following problems:

    1. the client (osx viscosity) complained about missing gateway and disconnected after a few seconds

    i fixed this by adding "push "route-gateway 192.168.2.1";"

    (192.168.2.1 is the lan adress of pfsense –- i did enter the correct subnet: 192.168.2.0/25 in IPv4 Local Network/s)

    2. DHCP works fine ... well almost ;)

    Bridge DHCP: checked
    Bridge Interface: LAN

    If i dont use a DHCP address range (server bridge dhcp start/end) i do get a valid address from pfsense dhcp server ... but my connection gets dropped after around 15 seconds most of the time. So every 10th time it works, the other times i get a valid dhcp lease and routing table but cannot ping anything and the connection gets dropped with the following viscosity error msg:

    XY Roadwarrior has been disconnected as a valid network to the remote server no longer exists. Viscosity can leave this connection disconnected, or it can automatically reconnect it when a valid network is available again.

    --

    If i enter a DHCP address range in "server bridge dhcp start/end" everything works like expected and the connection stays online.

    Why!?!?!?

    3. Finally my major problem:

    I can access all non Lan subnets (did push the routes) like DMZ, subnets on other pfsense box which is connected via OpenVPN site2site net and so on.

    But .... i cannot access any machines on my local subnet, except the pfsense box

    Any hints how i can pindown this problem?

    Do i have to assign an ip address to the created openvpn interface (which i use to create the lan-openvpn bridge)? At the moment IPv4 Configuration Type is "none"

    At the moment it looks like this in the dashboard gateway box:
    OVPN_RW_VPNV4 ~      ~ ~ Unknown

    Routing table on os x client:

    192.168.1/25      192.168.2.1        UGSc            0        0    tap0
    192.168.1.192/26  192.168.2.1        UGSc            1        0    tap0
    192.168.2/25      link#13            UC              1        0    tap0
    192.168.2.1        0:50:56:b0:19:5f  UHLWIi          6        0    tap0  1163
    192.168.2.192/27  192.168.2.1        UGSc            1        0    tap0
    192.168.3          192.168.2.1        UGSc            1        0    tap0

    ifconfig on os x client:

    tap0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1210
    ether xx:xx:xx:xx:xx:xx
    inet 192.168.2.90 netmask 0xffffff80 broadcast 192.168.2.127
    open (pid 23932)

    All work fine except of the local 192.168.2.0/25 net ! I can just reach pfsense on .2.1, but no other clients on the LAN.

    The .1 and .3 subnets are connected via site to site openvpn to my pfsense box. The 192.168.2.197/27 subnet is my dmz. These are all working.

    P.S. i have a openvpn rule for pass * to *

    Thanks for ur time</up,broadcast,running,simplex,multicast>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy