1. Home
  2. pfSense® Software
  3. OpenVPN
  4. OPENVPN TAP

OPENVPN TAP

  • E

    Seeing my other posts where unanswered I'll try again from the start.
    Got two sites where a VLAN needs to communicate with eachother but multicast needs to pass and clients need to reside within the same subnet. Seeing multicast and single subnet all I can do is use OPENVPN TAP? or GRE within IPSEC?

    Set up is like this
    VOIPVLAN100 int ip 172.18.100.33/24
    OXO on that VOIPVLAN100 with IP 172.18.100.40/24 and GW PFSENSE IP

    Other side
    VOIPVLAN100 int ip 172.18.100.97/24
    Client IP 172.18.100.98/24 which needs to connect to OXO

    Server side config:
    dev ovpns1
    verb 1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local "Outside IP of Server OPENVPN PFSENSE"
    tls-server
    server 10.10.10.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    ifconfig 10.10.10.1 255.255.255.0
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo adaptive

    client side config:
    dev ovpnc1
    verb 1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local "Outside IP of client OPENVPN PFSENSE"
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote "Outside IP of Server OPENVPN PFSENSE" 1194
    ifconfig 10.10.10.2 255.255.255.0
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    comp-lzo adaptive
    resolv-retry infinite

    On both sides I created an interface called OPENVPNBRIDGEVOIP which has the "ovpnc1" interface and I bridged this interface with the VLANVOIP interface.

    Pings from client network to main network fail although firewall rules exist to allow all to all traffic.

    0
  • E

    Should I under the created bridge set a PTP selected interface?
    I've been looking into this issue quit some time now and I can't seem to find a solution.

    When I ping from one network to the other (pfsense ping) over the bridged interface I can reach other clients, but I can't reach the VLAN ip on the pfsense.
    Nor can I ping from the VLAN interface to the other VLAN interface….

    0
  • E

    Is there nobody who can help me out? :-[

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy