Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OPENVPN TAP

    OpenVPN
    1
    3
    840
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eleander last edited by

      Seeing my other posts where unanswered I'll try again from the start.
      Got two sites where a VLAN needs to communicate with eachother but multicast needs to pass and clients need to reside within the same subnet. Seeing multicast and single subnet all I can do is use OPENVPN TAP? or GRE within IPSEC?

      Set up is like this
      VOIPVLAN100 int ip 172.18.100.33/24
      OXO on that VOIPVLAN100 with IP 172.18.100.40/24 and GW PFSENSE IP

      Other side
      VOIPVLAN100 int ip 172.18.100.97/24
      Client IP 172.18.100.98/24 which needs to connect to OXO

      Server side config:
      dev ovpns1
      verb 1
      dev-type tap
      dev-node /dev/tap1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local "Outside IP of Server OPENVPN PFSENSE"
      tls-server
      server 10.10.10.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      ifconfig 10.10.10.1 255.255.255.0
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo adaptive

      client side config:
      dev ovpnc1
      verb 1
      dev-type tap
      dev-node /dev/tap1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local "Outside IP of client OPENVPN PFSENSE"
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client1.sock unix
      remote "Outside IP of Server OPENVPN PFSENSE" 1194
      ifconfig 10.10.10.2 255.255.255.0
      ca /var/etc/openvpn/client1.ca
      cert /var/etc/openvpn/client1.cert
      key /var/etc/openvpn/client1.key
      tls-auth /var/etc/openvpn/client1.tls-auth 1
      comp-lzo adaptive
      resolv-retry infinite

      On both sides I created an interface called OPENVPNBRIDGEVOIP which has the "ovpnc1" interface and I bridged this interface with the VLANVOIP interface.

      Pings from client network to main network fail although firewall rules exist to allow all to all traffic.

      1 Reply Last reply Reply Quote 0
      • E
        Eleander last edited by

        Should I under the created bridge set a PTP selected interface?
        I've been looking into this issue quit some time now and I can't seem to find a solution.

        When I ping from one network to the other (pfsense ping) over the bridged interface I can reach other clients, but I can't reach the VLAN ip on the pfsense.
        Nor can I ping from the VLAN interface to the other VLAN interface….

        1 Reply Last reply Reply Quote 0
        • E
          Eleander last edited by

          Is there nobody who can help me out? :-[

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy