Site-to-site VPN with openVPN tap

weissej

Objective: Build a L2 transparent site-to-site link over VPN so save $$.  I need to pass VLAN tagged traffic (Cisco speak: vlan trunk) across this link.  Short term tenancy at the 2nd location and I just want to extend my infrastructure.  I fully realize there are other ways (possibly better) of doing this, but I want to test this way and see if it will work for us.  AND I've been working on this 2 days and really just want to figure it out now.

Diagram:

VLAN 10                                                                                                  VLAN 10
VLAN 20  Site 1 =====pfsense====(Internet)====pfsense==== Site 2  VLAN 20
VLAN 30                                                                                                  VLAN 30

What I've done:

I followed this guide https://forum.pfsense.org/index.php?topic=46984.0 and the VPN tunnel shows as up, so I know I did something right.  But I can pass no traffic.  Doing packet captures I can see traffic (from all vlans on the interface) on the "OpenVPN Client" when doing a packet capture.  So I think something is working, but the bridge on the client side doesn't see to be working properly.

On the client side I setup a VPN client connection to connect to the openVPN tap on the other side.

I must be missing something.  I have tried toggling the following System Tunables: net.link.bridge.pfil_bridge and net.link.bridge.pfil_member which doesn't seem to make a difference.

Any help is appreciated.

weissej

Turned out to be my USB network adapters, they don't appear to handle tagged traffic well (or at all).  Not planning on using them in production, just for POC.