OpenVPN TAP Bridge Firewall



  • I have an openvpn TAP setup and bridged to lan for several remote users to connect into my network.  The client side of the openvpn is handled by some small routers I have with openvpn client capability.  The problem here is that while this works pretty well, one user installed their router with a loop (lan to lan) to their home router causing their home router to issue dhcp to several other clients on the network.  I am trying to block this with a firewall on the bridge to block anything on port 67 other then my dhcp server or by blocking all port 67 incoming on the openvpn interface however this is not applying correctly for some reason.  I have enabled net.link.bridge.pfil_bridge and have tried the firewall rule on all relevant interfaces (LAN, OPENVPN, TAP INT, and Bridge INT) but cant seem to get it to work.  Does anyone know what I am doing wrong?


Log in to reply