OPENVPN TAP
-
Seeing my other posts where unanswered I'll try again from the start.
Got two sites where a VLAN needs to communicate with eachother but multicast needs to pass and clients need to reside within the same subnet. Seeing multicast and single subnet all I can do is use OPENVPN TAP? or GRE within IPSEC?Set up is like this
VOIPVLAN100 int ip 172.18.100.33/24
OXO on that VOIPVLAN100 with IP 172.18.100.40/24 and GW PFSENSE IPOther side
VOIPVLAN100 int ip 172.18.100.97/24
Client IP 172.18.100.98/24 which needs to connect to OXOServer side config:
dev ovpns1
verb 1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local "Outside IP of Server OPENVPN PFSENSE"
tls-server
server 10.10.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
ifconfig 10.10.10.1 255.255.255.0
lport 1194
management /var/etc/openvpn/server1.sock unix
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptiveclient side config:
dev ovpnc1
verb 1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local "Outside IP of client OPENVPN PFSENSE"
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote "Outside IP of Server OPENVPN PFSENSE" 1194
ifconfig 10.10.10.2 255.255.255.0
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
tls-auth /var/etc/openvpn/client1.tls-auth 1
comp-lzo adaptive
resolv-retry infiniteOn both sides I created an interface called OPENVPNBRIDGEVOIP which has the "ovpnc1" interface and I bridged this interface with the VLANVOIP interface.
Pings from client network to main network fail although firewall rules exist to allow all to all traffic.
-
Should I under the created bridge set a PTP selected interface?
I've been looking into this issue quit some time now and I can't seem to find a solution.When I ping from one network to the other (pfsense ping) over the bridged interface I can reach other clients, but I can't reach the VLAN ip on the pfsense.
Nor can I ping from the VLAN interface to the other VLAN interface…. -
Is there nobody who can help me out? :-[