Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Tap

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomelgato
      last edited by

      I have already a few OpenVPN site to site tunnels running, on tun mode with routed subnets from another endpoint. Everything ok and fine here.

      Now i did set up a roadwarrior login, following this nice description:

      https://forum.pfsense.org/index.php?topic=46984.0

      I did run into following problems:

      1. the client (osx viscosity) complained about missing gateway and disconnected after a few seconds

      i fixed this by adding "push "route-gateway 192.168.2.1";"

      (192.168.2.1 is the lan adress of pfsense –- i did enter the correct subnet: 192.168.2.0/25 in IPv4 Local Network/s)

      2. DHCP works fine ... well almost ;)

      Bridge DHCP: checked
      Bridge Interface: LAN

      If i dont use a DHCP address range (server bridge dhcp start/end) i do get a valid address from pfsense dhcp server ... but my connection gets dropped after around 15 seconds most of the time. So every 10th time it works, the other times i get a valid dhcp lease and routing table but cannot ping anything and the connection gets dropped with the following viscosity error msg:

      XY Roadwarrior has been disconnected as a valid network to the remote server no longer exists. Viscosity can leave this connection disconnected, or it can automatically reconnect it when a valid network is available again.

      --

      If i enter a DHCP address range in "server bridge dhcp start/end" everything works like expected and the connection stays online.

      Why!?!?!?

      3. Finally my major problem:

      I can access all non Lan subnets (did push the routes) like DMZ, subnets on other pfsense box which is connected via OpenVPN site2site net and so on.

      But .... i cannot access any machines on my local subnet, except the pfsense box

      Any hints how i can pindown this problem?

      Do i have to assign an ip address to the created openvpn interface (which i use to create the lan-openvpn bridge)? At the moment IPv4 Configuration Type is "none"

      At the moment it looks like this in the dashboard gateway box:
      OVPN_RW_VPNV4 ~      ~ ~ Unknown

      Routing table on os x client:

      192.168.1/25      192.168.2.1        UGSc            0        0    tap0
      192.168.1.192/26  192.168.2.1        UGSc            1        0    tap0
      192.168.2/25      link#13            UC              1        0    tap0
      192.168.2.1        0:50:56:b0:19:5f  UHLWIi          6        0    tap0  1163
      192.168.2.192/27  192.168.2.1        UGSc            1        0    tap0
      192.168.3          192.168.2.1        UGSc            1        0    tap0

      ifconfig on os x client:

      tap0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1210
      ether xx:xx:xx:xx:xx:xx
      inet 192.168.2.90 netmask 0xffffff80 broadcast 192.168.2.127
      open (pid 23932)

      All work fine except of the local 192.168.2.0/25 net ! I can just reach pfsense on .2.1, but no other clients on the LAN.

      The .1 and .3 subnets are connected via site to site openvpn to my pfsense box. The 192.168.2.197/27 subnet is my dmz. These are all working.

      P.S. i have a openvpn rule for pass * to *

      Thanks for ur time</up,broadcast,running,simplex,multicast>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.