pfSense

Chris, it is not how it's supposed to be.. When using tap, the "Tunnel Network" should have the option of not being filled in. Someone wrote a patch for it by modifying the php pages, but this somehow never got to the release.

There were issues in the code, but they should be OK now. Fixed in mainline, not sure if it'll get backported to 2.0.x or not.

https://github.com/bsdperimeter/pfsense/commit/74a556a3caa67adb0adac055ffb9321e264e1b71
https://github.com/bsdperimeter/pfsense/commit/1ab6bdb5ffcf052241f58af87efef9fe077b38c7

Would be really great if these changes would hit 2.0.1. Doesn't look like it would break existing installations to me (only the self-modified ones ;-)). I'm not the only one who has got this problem (look at the forums).

I agree with Chris for not formulating the problem properly, sorry for that.

Jim is making it into a package for 2.0.x users, so it can be fully vetted in all possible scenarios during the 2.1 release cycle before getting into a release, as it's a significant change with some risk of breaking other things.

Sounds like a good solution. Looking forward to it, as installing a (even beta) package instead of manually editing files is still.. well, nicer.

I committed the initial revision to the repo just now:
https://github.com/bsdperimeter/pfsense-packages/commit/dafa29e37fad8307c77d17808dae28d3eefa9da9

Needs some testing yet, but it should show in the package list in the next 10 minutes or so.

Some notes on using that:

First, read all of the text descriptions on the new fields that show up when you switch to TAP. The notes are important.

Add a new VPN instance, select tap, fill in all your other info as you want, then check the box to bridge DHCP, select the interface you will be bridging to, and (optionally) fill in the DHCP server pool.

If you fill in the DHCP server start/end it should be a range of IPs outside of your existing DHCP pool. If you leave the IPs blank, it will pass DHCP through to your LAN DHCP server.

After you save the VPN settings, go to Interfaces > (assign), assign the new VPN interface. Go to Interfaces > OPTx, enable, leave IP type as "none", save. Go to Interfaces > (assign), bridges tab, bridge the VPN interface and your LAN or whatever internal interface(s) you want.

Go to Firewall > Rules, on the VPN interface be sure to add rules there that will pass DHCP and whatever other traffic you want (or just pass any/all).

Installed it, testing.

Hmm, when trying to define the bridges' DHCP scope after selecting the to-be bridged interface (This is the second VPN server I try to make, might have something to do with it):

Fatal error: Call to undefined function is_ipaddrv4() in /usr/local/www/vpn_openvpn_server.php on line 295

Checked in a fix for that, should be up now.