Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridge LAN from A site to B site

    IPsec
    2
    5
    453
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JMizuno
      last edited by

      Hi everyone. This is my settings.

      Site A [Japan] 192.168.10.254/24 pfSense2.4.5
      (VTI 10.0.0.1)
      |
      (VTI 10.0.0.2)
      Site B [Australia]192.168.20.254/24 pfSense2.4.5

      Site to Site is happening without no problems.

      Now I need to broadcast from Australia to Japan with BNJ Discovery protocol to detect the device in Japan.
      So I have to be in the same subnet (192.168.10.0/24) to do this. To solve this, I have setup OpenVPN TAP mode (Bridge) so with OpenVPN Windows client I can be on 192.168.10.0/24 and broadcasting protocol worked.
      Now, I need to do the same for macOS, Android and iPhone but OpenVPN client for iPhone doesn't support tap mode.
      Is there any way to bring Site A's LAN to site B and bridge to unused interface port in Site B?
      I have tried making VTI interfaces with Site A's subnet 192.168.10.100 and 192.168.10.101 and bridged to the unused interface in site B but I think VTI operates at L3 so it didn't work.
      Any idea please!
      Thanks

      J 1 Reply Last reply Reply Quote 0
      • J
        JMizuno @JMizuno
        last edited by

        @JMizuno

        So far I used "Windows network bridge" to bridge OpenVPN Tap interface and ethernet port, and connect Wifi router into that port.
        All devices (iPhone, Android, and Mac) can broadcast and detect the device within the same subnet now.

        41af777d-e8c6-40aa-941c-43f9eaab2906-image.png

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You might be able to make a GIF tunnel from A to B over VTI IPsec but I don't think anyone has ever tried that. You could setup an OpenVPN tap bridge between the two as well.

          But honestly bridged VPNs are awful and should be avoided at all costs. There is probably another better way to accomplish your goal without bridging.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          J 1 Reply Last reply Reply Quote 0
          • J
            JMizuno @jimp
            last edited by

            Hi @jimp thanks for the reply.
            I am very interested in gif tunnel over VTI. I could not find much info or example for the gif tunnel. Doco says "a GIF tunnel is capable of bridging layer 2 between two locations while GRE cannot." This is exactly what I want to do.
            I played around but no luck so far. Do you have example config by any chance?

            Thanks

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              No, I don't know that anyone has tried it so I can't offer any advice. You'd build it between the VTI addresses on either end of the IPsec tunnel but that's the only advice I can offer.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.