Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
[SOLVED] OpenVPN TAP & BRIDGE (SIEMENS / PROFINET)
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] OpenVPN TAP & BRIDGE (SIEMENS / PROFINET) (Read 269 times)
brepocn
Newbie
Posts: 1
Karma: 0
[SOLVED] OpenVPN TAP & BRIDGE (SIEMENS / PROFINET)
«
on:
August 11, 2024, 11:26:33 am »
The same as in pfsense from this version
When you add bridge:
VPN_TAP + LAN
It must be possible to turn on the bridge at TAP, because if you don't turn it on you can't see MAC addresses - and that's the only point of using TAP
When you add bridge while connected to TAP - it will work, and you can see MACs
When you do a reboot of the tunnel, you have it:
2024-08-11T11:15:45 Error openvpn_client1 FreeBSD ifconfig failed: external program exited with error status: 1
* For the gateway from TAP, I manually enter the server's gateway - because all networks become available.
and routing from other IP networks, I add to the gateway manually too - to see all the networks I'm interested in.
* without manual changes, in gateway and routing also can't add bridge = same error
Where is the problem, can it be fixed quick ?
------------------------------- [SOLVED 1/2] --------------------------------
If anyone has used, < 24.7 and now has this problem then:
Change on the server:
1. Client Specific Override = disable the server's IP address assignment for the TAP client.
Change on the client:
1. make a bridge, LAN<>VPN, in the bridge set a static IP and enter the one you want the client to have (the one IP from Client Specific Override on the server)
+ Leave the gateways and routing unchanged, because it works.
1/2 of the solution, because:
after adding gateways on the client (gateway is the IP of the server) and server (gateway is the IP of the client on the TAP server), and routing on the client (enter the networks you want to see on the server) and routing on the server (enter the networks you want to see on the client) the monitoring of gateways does not work in this version (I don't know why, because the ping goes from both sides, from client to server ip and from server to client ip) - it's rather some bug of this version.
+ if you are an IT professional and are surprised that someone uses TAP like this, then: this is a specific setting for communication over PROFINET mainly for Siemens controllers, in IT you are unlikely to use TAP for this ....
------------------------------------------------------------------
If there is someone here who writes code for OpenSense, check the problem of monitoring the gates, in action it does not add anything, but at least it gives you the opportunity to see what times we have
------------------------------- [SOLVED] --------------------------------
small change, instead of address in bridge, set none.
on the server (example): set the virtual IP to VPN TAP: e.g. 10.0.8.1
on the client: set the virtual IP to VPN TAP: e.g. 10.0.8.10
on the server side:
1. set gateway 10.0.8.10 and on this gateway routing e.g. 192.168.10.0/24 (this is the client's lan)
on the client side:
1. manually enter the gateway in TAP (he is created automatically): 10.0.8.1 and monitoring 10.0.8.1
2. set routing on this gateway, e.g. 192.168.1.0/24 (server lan)
how you do, you will see all networks and works ARP and PING and you can see everything in any network.
Between clients works only if you set client to client on the server (I don't know why iptables doesn't let it go without this parameter)
this has the disadvantage that if you fly with clients over GSM, the setting will use up all the transfer .... - so far I do not know how to get past this and indicate through iptables who can and who can not / more a question to those who write the code, where the problem.
«
Last Edit: August 11, 2024, 11:11:00 pm by brepocn
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
[SOLVED] OpenVPN TAP & BRIDGE (SIEMENS / PROFINET)