I have seen several posts in the forum stating that tun or tap interfaces should not be assigned to an interface of pfSense. That any/any firewall rules are automatically created when openvpn client establishes connection. And that no traffic will flow if static routes wheren't defined on BOTH sides of the tunnel.
This supposes a problem for me. I have a centralized server infraestructure where an openvpn server is running. This server serves connections for different offices. If I have to set up static routes on the server to each of these offices, the first problem I have is that several of them are using the same network settings. In this scenario, I have to either make sure each office uses a different network or this will not work. It sounds strange not to be able to establish outbound natting on the tunnel. Not being able to establish firewall rules to control who gets access to the tunnel also sounds weird. Regards, Stefan -----Mensaje original----- De: Scott Ullrich [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 17:54 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN Tun0 is no longer used. Everything is handled automatically. See the forum where this has been hashed out quite a bit since 1.0. On 11/13/06, Stefan Tunsch <[EMAIL PROTECTED]> wrote: > > > The problem is that when I go to the assign option for interfaces the > tap0 interface does NOT appear. > > I'm trying to do this AFTER creating the OpenVPN tunnel. > > If I go to the command prompt option and type ifconfig, I do see that > there is a tun0 device. > > But I does not show up in any other place... > > Regards, Stefan > > ________________________________ > De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 > de noviembre de 2006 8:43 > Para: discussion@pfsense.com > Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN > > > I understand exactly what you are saying. The device does not exist until > the VPN has actually been created. When I went through the same process 2 > days ago I did exactly this. > > > 1. Configured/Established the OpenVPN connection 2. Went to the assign > option for interfaces 3. Created an OPENVPN interface from tap0 4. > Created an advanced outbound NAT mapping. > > > Hope this helps. > > > > On 12 Nov 2006, at 23:53, Stefan Tunsch wrote: > > > The issue is that it is NOT available after establishing the vpn. > > What can be the reason for this? > > Can it have something to do with using the Live-CD version? > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: > 12/11/2006 > > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: > 12/11/2006 > -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
