Bridge LAN from A site to B site

  • Hi everyone. This is my settings.

    Site A [Japan] pfSense2.4.5
    Site B [Australia] pfSense2.4.5

    Site to Site is happening without no problems.

    Now I need to broadcast from Australia to Japan with BNJ Discovery protocol to detect the device in Japan.
    So I have to be in the same subnet ( to do this. To solve this, I have setup OpenVPN TAP mode (Bridge) so with OpenVPN Windows client I can be on and broadcasting protocol worked.
    Now, I need to do the same for macOS, Android and iPhone but OpenVPN client for iPhone doesn't support tap mode.
    Is there any way to bring Site A's LAN to site B and bridge to unused interface port in Site B?
    I have tried making VTI interfaces with Site A's subnet and and bridged to the unused interface in site B but I think VTI operates at L3 so it didn't work.
    Any idea please!

  • @JMizuno

    So far I used "Windows network bridge" to bridge OpenVPN Tap interface and ethernet port, and connect Wifi router into that port.
    All devices (iPhone, Android, and Mac) can broadcast and detect the device within the same subnet now.


  • Rebel Alliance Developer Netgate

    You might be able to make a GIF tunnel from A to B over VTI IPsec but I don't think anyone has ever tried that. You could setup an OpenVPN tap bridge between the two as well.

    But honestly bridged VPNs are awful and should be avoided at all costs. There is probably another better way to accomplish your goal without bridging.

  • Hi @jimp thanks for the reply.
    I am very interested in gif tunnel over VTI. I could not find much info or example for the gif tunnel. Doco says "a GIF tunnel is capable of bridging layer 2 between two locations while GRE cannot." This is exactly what I want to do.
    I played around but no luck so far. Do you have example config by any chance?


  • Rebel Alliance Developer Netgate

    No, I don't know that anyone has tried it so I can't offer any advice. You'd build it between the VTI addresses on either end of the IPsec tunnel but that's the only advice I can offer.

Log in to reply