OPENVPN TAP



  • Seeing my other posts where unanswered I'll try again from the start.
    Got two sites where a VLAN needs to communicate with eachother but multicast needs to pass and clients need to reside within the same subnet. Seeing multicast and single subnet all I can do is use OPENVPN TAP? or GRE within IPSEC?

    Set up is like this
    VOIPVLAN100 int ip 172.18.100.33/24
    OXO on that VOIPVLAN100 with IP 172.18.100.40/24 and GW PFSENSE IP

    Other side
    VOIPVLAN100 int ip 172.18.100.97/24
    Client IP 172.18.100.98/24 which needs to connect to OXO

    Server side config:
    dev ovpns1
    verb 1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local "Outside IP of Server OPENVPN PFSENSE"
    tls-server
    server 10.10.10.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    ifconfig 10.10.10.1 255.255.255.0
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo adaptive

    client side config:
    dev ovpnc1
    verb 1
    dev-type tap
    dev-node /dev/tap1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local "Outside IP of client OPENVPN PFSENSE"
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote "Outside IP of Server OPENVPN PFSENSE" 1194
    ifconfig 10.10.10.2 255.255.255.0
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    comp-lzo adaptive
    resolv-retry infinite

    On both sides I created an interface called OPENVPNBRIDGEVOIP which has the "ovpnc1" interface and I bridged this interface with the VLANVOIP interface.

    Pings from client network to main network fail although firewall rules exist to allow all to all traffic.



  • Should I under the created bridge set a PTP selected interface?
    I've been looking into this issue quit some time now and I can't seem to find a solution.

    When I ping from one network to the other (pfsense ping) over the bridged interface I can reach other clients, but I can't reach the VLAN ip on the pfsense.
    Nor can I ping from the VLAN interface to the other VLAN interface….



  • Is there nobody who can help me out? :-[


Log in to reply