Hello everyone,
I am working on an L2 transparent bridge via OpenVPN, but I'm having trouble with the connectivity between the VPN client and the physical LAN.
1. Requirement and goal:
The goal is to seamlessly and transparently connect a remote location to the local network. The connection should be Layer 2 based so that the remote client behaves like a locally connected device.
2. Overview of previous tests:
Server (FreeBSD): OpenVPN runs in TAP mode. A bridge (ifbridge) connects the physical network interface to the OpenVPN tap0 interface.
Client (FreeBSD): The client is also connected via OpenVPN, with its network interfaces configured to match the bridge.
Bridge function: Analysis with tcpdump has shown that the bridge on the server is functioning correctly. Network traffic (ARP) from the LAN is forwarded correctly through the tunnel to the client.
3. Current status and issue:
Although the data packets reach the client, it is not possible to establish a L3 connection. The client cannot be reached from the LAN via ping or similar tools. It seems that the client is not responding correctly to network requests, even though it is receiving them.
Has anyone experienced similar problems with L2 bridges under FreeBSD, or does anyone know what might be causing this one-way connection?
Thank you very much for your support.
##################
# Server Configuration #
##################
# ifconfig
###############################
# OpenVPN Configuration VPN-BRIDGE #
###############################
##################
# Client Configuration #
##################
# ifconfig
##########################
# OpenVPN Client Configuration #
##########################
EDIT: Code lines added.
I am working on an L2 transparent bridge via OpenVPN, but I'm having trouble with the connectivity between the VPN client and the physical LAN.
1. Requirement and goal:
The goal is to seamlessly and transparently connect a remote location to the local network. The connection should be Layer 2 based so that the remote client behaves like a locally connected device.
2. Overview of previous tests:
Server (FreeBSD): OpenVPN runs in TAP mode. A bridge (ifbridge) connects the physical network interface to the OpenVPN tap0 interface.
Client (FreeBSD): The client is also connected via OpenVPN, with its network interfaces configured to match the bridge.
Bridge function: Analysis with tcpdump has shown that the bridge on the server is functioning correctly. Network traffic (ARP) from the LAN is forwarded correctly through the tunnel to the client.
3. Current status and issue:
Although the data packets reach the client, it is not possible to establish a L3 connection. The client cannot be reached from the LAN via ping or similar tools. It seems that the client is not responding correctly to network requests, even though it is receiving them.
Has anyone experienced similar problems with L2 bridges under FreeBSD, or does anyone know what might be causing this one-way connection?
Thank you very much for your support.
##################
# Server Configuration #
##################
# ifconfig
Code:
vmx0:
flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:13:23:02:15:01
inet XX3.XX9.XX4.XX0 netmask 0xfffffe00 broadcast XX3.XX9.XX5.XX<5
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx1 (trunc-port):
flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:13:26:03:06:00
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge0:
flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=0
ether 58:9c:fc:10:ff:e5
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member:tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 2000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
tap0:
flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4080000<LINKSTATE,MEXTPG>
ether 58:9c:fc:10:ff:fa
inet 172.16.50.240 netmask 0xfffffff0 broadcast 172.16.50.255
groups: tap
media: Ethernet 1000baseT
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 29013###############################
# OpenVPN Configuration VPN-BRIDGE #
###############################
Code:
port 1194
proto udp
dev tap0
vlan-tagging
topology subnet
mode server
tls-server
ca/usr/local/etc/openvpn/server/ca.crt
cert/usr/local/etc/openvpn/server/server.crt
key/usr/local/etc/openvpn/server/server.key
dh/usr/local/etc/openvpn/server/dh.pem
cipherAES-256-GCM
data-ciphersAES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
ifconfig 172.16.50.240 255.255.255.240
ifconfig-pool 172.16.50.241 172.16.50.254 255.255.255.240
push "dhcp-option DNS 10.168.1.251"
push "dhcp-option DNS 10.168.1.254"
keepalive 10 60
persist-key
persist-tun
client-to-client
status/usr/local/etc/openvpn/openvpn-status.log
log-append/var/log/openvpn/openvpn.log
verb 3##################
# Client Configuration #
##################
# ifconfig
Code:
vmx0:
flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1492
options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:14:26:03:09:00
inet XX1.XX3.XX7.XX1 netmask 0xffffff00 broadcast XX1.XX3.XX7.XX5
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx1 (trunc-port):
flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,HWSTATS,MEXTPG>
ether 00:14:26:03:09:01
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge0:
flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=0
ether 58:9c:fc:10:d5:64
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 2000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
tap0:
flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4080000<LINKSTATE,MEXTPG>
ether 58:9c:fc:10:ff:d3
inet 172.16.50.241 netmask 0xfffffff0 broadcast 172.16.50.255
groups: tap
media: Ethernet 1000baseT
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 88029##########################
# OpenVPN Client Configuration #
##########################
Code:
client
dev tap
proto udp
remote XX3.XX9.XX4.XX0 1194
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/client/client.crt
key /usr/local/etc/openvpn/client/client.key
remote-cert-tls server
cipherAES-256-GCM
data-ciphersAES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
persist-key
persist-tun
log /var/log/openvpn/client-openvpn.log
verb 3EDIT: Code lines added.