Site-to-site VPN with openVPN tap
-
Objective: Build a L2 transparent site-to-site link over VPN so save $$. I need to pass VLAN tagged traffic (Cisco speak: vlan trunk) across this link. Short term tenancy at the 2nd location and I just want to extend my infrastructure. I fully realize there are other ways (possibly better) of doing this, but I want to test this way and see if it will work for us. AND I've been working on this 2 days and really just want to figure it out now.
Diagram:
VLAN 10 VLAN 10
VLAN 20 Site 1 =====pfsense====(Internet)====pfsense==== Site 2 VLAN 20
VLAN 30 VLAN 30What I've done:
I followed this guide https://forum.pfsense.org/index.php?topic=46984.0 and the VPN tunnel shows as up, so I know I did something right. But I can pass no traffic. Doing packet captures I can see traffic (from all vlans on the interface) on the "OpenVPN Client" when doing a packet capture. So I think something is working, but the bridge on the client side doesn't see to be working properly.
On the client side I setup a VPN client connection to connect to the openVPN tap on the other side.
I must be missing something. I have tried toggling the following System Tunables: net.link.bridge.pfil_bridge and net.link.bridge.pfil_member which doesn't seem to make a difference.
Any help is appreciated.
-
Turned out to be my USB network adapters, they don't appear to handle tagged traffic well (or at all). Not planning on using them in production, just for POC.