Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OPENVPN TAP

    OpenVPN
    1
    3
    854
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eleander last edited by

      Seeing my other posts where unanswered I'll try again from the start.
      Got two sites where a VLAN needs to communicate with eachother but multicast needs to pass and clients need to reside within the same subnet. Seeing multicast and single subnet all I can do is use OPENVPN TAP? or GRE within IPSEC?

      Set up is like this
      VOIPVLAN100 int ip 172.18.100.33/24
      OXO on that VOIPVLAN100 with IP 172.18.100.40/24 and GW PFSENSE IP

      Other side
      VOIPVLAN100 int ip 172.18.100.97/24
      Client IP 172.18.100.98/24 which needs to connect to OXO

      Server side config:
      dev ovpns1
      verb 1
      dev-type tap
      dev-node /dev/tap1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local "Outside IP of Server OPENVPN PFSENSE"
      tls-server
      server 10.10.10.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      ifconfig 10.10.10.1 255.255.255.0
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo adaptive

      client side config:
      dev ovpnc1
      verb 1
      dev-type tap
      dev-node /dev/tap1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local "Outside IP of client OPENVPN PFSENSE"
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client1.sock unix
      remote "Outside IP of Server OPENVPN PFSENSE" 1194
      ifconfig 10.10.10.2 255.255.255.0
      ca /var/etc/openvpn/client1.ca
      cert /var/etc/openvpn/client1.cert
      key /var/etc/openvpn/client1.key
      tls-auth /var/etc/openvpn/client1.tls-auth 1
      comp-lzo adaptive
      resolv-retry infinite

      On both sides I created an interface called OPENVPNBRIDGEVOIP which has the "ovpnc1" interface and I bridged this interface with the VLANVOIP interface.

      Pings from client network to main network fail although firewall rules exist to allow all to all traffic.

      1 Reply Last reply Reply Quote 0
      • E
        Eleander last edited by

        Should I under the created bridge set a PTP selected interface?
        I've been looking into this issue quit some time now and I can't seem to find a solution.

        When I ping from one network to the other (pfsense ping) over the bridged interface I can reach other clients, but I can't reach the VLAN ip on the pfsense.
        Nor can I ping from the VLAN interface to the other VLAN interface….

        1 Reply Last reply Reply Quote 0
        • E
          Eleander last edited by

          Is there nobody who can help me out? :-[

          1 Reply Last reply Reply Quote 0
          • First post
            Last post