OpenVPN Tap
-
I have already a few OpenVPN site to site tunnels running, on tun mode with routed subnets from another endpoint. Everything ok and fine here.
Now i did set up a roadwarrior login, following this nice description:
https://forum.pfsense.org/index.php?topic=46984.0
I did run into following problems:
1. the client (osx viscosity) complained about missing gateway and disconnected after a few seconds
i fixed this by adding "push "route-gateway 192.168.2.1";"
(192.168.2.1 is the lan adress of pfsense –- i did enter the correct subnet: 192.168.2.0/25 in IPv4 Local Network/s)
2. DHCP works fine ... well almost ;)
Bridge DHCP: checked
Bridge Interface: LANIf i dont use a DHCP address range (server bridge dhcp start/end) i do get a valid address from pfsense dhcp server ... but my connection gets dropped after around 15 seconds most of the time. So every 10th time it works, the other times i get a valid dhcp lease and routing table but cannot ping anything and the connection gets dropped with the following viscosity error msg:
XY Roadwarrior has been disconnected as a valid network to the remote server no longer exists. Viscosity can leave this connection disconnected, or it can automatically reconnect it when a valid network is available again.
--
If i enter a DHCP address range in "server bridge dhcp start/end" everything works like expected and the connection stays online.
Why!?!?!?
3. Finally my major problem:
I can access all non Lan subnets (did push the routes) like DMZ, subnets on other pfsense box which is connected via OpenVPN site2site net and so on.
But .... i cannot access any machines on my local subnet, except the pfsense box
Any hints how i can pindown this problem?
Do i have to assign an ip address to the created openvpn interface (which i use to create the lan-openvpn bridge)? At the moment IPv4 Configuration Type is "none"
At the moment it looks like this in the dashboard gateway box:
OVPN_RW_VPNV4 ~ ~ ~ UnknownRouting table on os x client:
192.168.1/25 192.168.2.1 UGSc 0 0 tap0
192.168.1.192/26 192.168.2.1 UGSc 1 0 tap0
192.168.2/25 link#13 UC 1 0 tap0
192.168.2.1 0:50:56:b0:19:5f UHLWIi 6 0 tap0 1163
192.168.2.192/27 192.168.2.1 UGSc 1 0 tap0
192.168.3 192.168.2.1 UGSc 1 0 tap0ifconfig on os x client:
tap0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1210
ether xx:xx:xx:xx:xx:xx
inet 192.168.2.90 netmask 0xffffff80 broadcast 192.168.2.127
open (pid 23932)All work fine except of the local 192.168.2.0/25 net ! I can just reach pfsense on .2.1, but no other clients on the LAN.
The .1 and .3 subnets are connected via site to site openvpn to my pfsense box. The 192.168.2.197/27 subnet is my dmz. These are all working.
P.S. i have a openvpn rule for pass * to *
Thanks for ur time</up,broadcast,running,simplex,multicast>