Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN site-to-site TAP

    OpenVPN
    6
    13
    2005
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      hello,
      I created a site-to-site tunnel with openvpn TAP mode betwin 2 pfsense appliances ( the server v2.2 - 192 168 166 254 and the client v2.1.5 - 192 168 166 253). The tunnel up properly, the firewall ping each other , but the traffic between my sites does not work .

      Can anyone help me ??

      1 Reply Last reply Reply Quote 0
      • P
        Pitchoun511 last edited by

        nobody can help me ??

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned last edited by

          Post the ifconfig output for the relevant ovpn interface.

          @Pitchoun511:

          nobody can help me ??

          Dude, bumping threads b/c noone replied in whopping 3 hours?!  ::)

          1 Reply Last reply Reply Quote 0
          • P
            Pitchoun511 last edited by

            Excuse me, but completely cut off from my VPN with 30 rabid users … I was really freaked out ...

            1 Reply Last reply Reply Quote 0
            • P
              Pitchoun511 last edited by

              Well, now that I have resolved the problem on my vpn…
              On my site A, there are 3 PCs ( 192.168.166.189 - 191/24 ) and a firewall ( 192.168.166.253 )
              On my site B, there are 3 PCs ( 192.168.166.200 - 202/24 ) and a firewall ( 192.168.166.254 ) .

              I set up a VPN with OpenVPN using the TAP method between the two sites.
              The firewall A ping the firewall B, but the traffic from one PC to another on both site doesn't work. In my firewall log nothing is blocked, the ARP table information is correct on eatch side, but no traffic between the two sites ...

              is the /24 can be the cause of my problem ?

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                Using same LAN subnets on both sites? Time to start from scratch.

                1 Reply Last reply Reply Quote 0
                • P
                  Pitchoun511 last edited by

                  Please excuse my ignorance, but I followed the topic https://forum.pfsense.org/index.php?topic=38605.0 and he doesn't speak to create subnets

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa last edited by

                    What are you doing that you need a bridged setup?  Post the config from both sides.  Post the firewall rules from the LAN, Openvpn and the Bridged interface tabs on both sides.

                    1 Reply Last reply Reply Quote 0
                    • P
                      Pitchoun511 last edited by

                      Hi, I'm back from holidays, so I am back in my research.
                      I need a bridge, because historically , I have two sides on the same IP range and I don't want to reconfigure all my clients. I attached a screenshot of my conf and firewall.

                      Thank you for your help.

                      1 Reply Last reply Reply Quote 0
                      • dotdash
                        dotdash last edited by

                        There are some notes in this thread: https://forum.pfsense.org/index.php?topic=84419.msg462943#msg462943

                        1 Reply Last reply Reply Quote 0
                        • P
                          Pitchoun511 last edited by

                          I have found nothing that resolve my problem

                          1 Reply Last reply Reply Quote 0
                          • M
                            MLIT last edited by

                            If you are doing this to prevent renumbering your network, maybe you should just do 1 to 1 NAT on both ends.

                            1 Reply Last reply Reply Quote 0
                            • dotdash
                              dotdash last edited by

                              @Pitchoun511:

                              I have found nothing that resolve my problem

                              I just went through the procedure in the thread I linked earlier on two 2.2.1 boxes and it worked fine, or rather well enough for me to get in and fix a problem preventing a remote host from routing out correctly. If you are still having problems, I suggest you look over that and then post some specifics of your config.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post

                              Products

                              • Platform Overview
                              • TNSR
                              • pfSense
                              • Appliances

                              Services

                              • Training
                              • Professional Services

                              Support

                              • Subscription Plans
                              • Contact Support
                              • Product Lifecycle
                              • Documentation

                              News

                              • Media Coverage
                              • Press
                              • Events

                              Resources

                              • Blog
                              • FAQ
                              • Find a Partner
                              • Resource Library
                              • Security Information

                              Company

                              • About Us
                              • Careers
                              • Partners
                              • Contact Us
                              • Legal
                              Our Mission

                              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                              Subscribe to our Newsletter

                              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                              © 2021 Rubicon Communications, LLC | Privacy Policy