Bridge confusion



  • I am trying to follow the pfSense book to configure my OpenVPN server using the 'tap' device mode. I am confused as to whether or not a bridge is actually needed.

    Quoting the book in the Bridged OpenVPN Connections section:

    "If Bridge DHCP is selected, DHCP will be passed through to the bridged interface that will be setup later. In the most common scenario, this would be LAN. Using this method, connecting clients would receive IPs from the same DHCP pool used by directly wired LAN clients." (1)
    Does this mean that I should declare the LAN as the "Bridge Interface"? Or, does it simply mean that the LAN interface is typically the DHCP server, BUT you must still create a Bridge Interface to use the DHCP server running from the LAN interface?

    (1) The pfSense Team (2015-06-28). The pfSense Book (Kindle Locations 9107-9109). The pfSense Team. Kindle Edition. "



  • Perhaps I didn't phrase my question clearly, so I will try again:

    I need a VPN connection for use on my Macbook; I am using the Viscosity client. I've determined that I should use tap instead of tun to work best with the OSX network stack, so that all of my local network resources will be available when I am connected.

    My question: Is it necessary or advisable to create and use a bridge for this purpose, or would I be just as well off specifying the LAN as the bridge?

    @glimpse:

    I am trying to follow the pfSense book to configure my OpenVPN server using the 'tap' device mode. I am confused as to whether or not a bridge is actually needed.

    Quoting the book in the Bridged OpenVPN Connections section:

    "If Bridge DHCP is selected, DHCP will be passed through to the bridged interface that will be setup later. In the most common scenario, this would be LAN. Using this method, connecting clients would receive IPs from the same DHCP pool used by directly wired LAN clients." (1)
    Does this mean that I should declare the LAN as the "Bridge Interface"? Or, does it simply mean that the LAN interface is typically the DHCP server, BUT you must still create a Bridge Interface to use the DHCP server running from the LAN interface?

    (1) The pfSense Team (2015-06-28). The pfSense Book (Kindle Locations 9107-9109). The pfSense Team. Kindle Edition. "


  • Rebel Alliance Developer Netgate

    If you want the VPN to be connected to LAN you must do both. Selecting LAN for the bridge in OpenVPN does not create a bridge, it only tells it where your LAN network is. You must create the LAN/OpenVPN bridge yourself separate from that setting.