TAP bridged network connects but can't access shares

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
T4ke
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 11, 2018 10:24 am

TAP bridged network connects but can't access shares

Post by T4ke » Thu Jan 11, 2018 10:28 am

Hey guys,

I have successfully set up an OpenVPN Server in bridged mode on pfsense 2.4.2-RELEASE-p1.
Connecting from a "external" client (like macOS/Windows 10 with Viscosity) works like a charm, I can access all shares, windows recognizes the network neighbourhood, browse to internal hosted websites, etc.

Now I want my Tomato Router to be set up as the client so it can permanently distribute (extend) the servers network next to my local network.
My goal is that all devices in my local network can access the shares in the servers network without being in need of a separate client app (like Viscosity) or in detail: to have their own direct connection to the VPN.
Moreover I have several devices like Androids and iPhones that do not even support the tap interface.
Is it technically even possible what I want to achieve?

However I think I must be halfway there because the Tomato OpenVPN Client can establish a connection and I can "see" all shares in my macOS Finder (not tested in Windows yet) - but I cannot access them (connection failed).
Browsing to internal websites or resolving hostnames doesn't work therefore either.

I captured the traffic with wireshark when connecting to a share and it seems that the incoming traffic is routed the right way (otherwise I can't explain why the network shares show up) but is routed out the wrong way, because according to wireshark the connection attempt goes back to my ISPs gateaway.
Sooo I think I need a static route or iptables entry or something so the devices in my local network can find the way back into the VPN. Can that be right?

I have to admit that deeper routing, iptables and stuff is not my area of expertise so I really hope you guys can help me out.


Before the question comes up why I want a bridged network:
My configuration is more like a field test.
We have many employees with different devices etc in our company and they want to access our office shares from home.
Unfortunatly most of them don't know (or simply don't want out of comfort) to connect to a share per direct IP access.
I tested tun as well, works perfectly, but since routed networks do not forward broadcast packets (please correct me if I'm wrong), our (smb/afp)-shares don't show up in the macOS Finder/Windows Explorer.
Furthermore we have some own software in use that uses broadcast packets.
Last but not least I think it's comprehensible that I don't want to drive to everyones home, set up every Macbook, Windows Laptop, iPad, Android (apart from Android and iOS not having tap support) etc they own, only being able to connect to a network share.
They don't pay me enough for this lol.

Of course I'm open to any other solution that solves my problem. If theres a way how network shares can show up in the network neighbourhood (macOS/Windows) and broadcast packets being forwared utilizing routing mode, please lighten me up.

If you need any more information please let me know.

Thanks in advance :)

Post Reply