Help me on the interface GIF
-
Hi everyone,
I am trying to bring 192.168.10.0/24 subnet from Japan to Australia as we need to broadcast from Australia to detect the device in Japan. (BNJ Discovery Protocol is used)
Currently I am using Windows OpenVPN TAP bridge to achieve this which is not that stable.
2 sites are already connected via VTI IPSec.I was advised that GIF could make it but I think not many people have tried this and I don't know how to configure GIF please?
Could someone help me to setup GIF.
- Parent Interface
- GIF Remote Address
- GIF tunnel local address
- GIF tunnel remote address
- GIF tunnel subnet
pfSense 2.4.5 running on ESXi
Thanks for your support in advance.
-
@JMizuno
Hi
For bridging networks at the L2 level, you can try- Configure an Openvpn tunnel between two PFSense (client + server ) in Tap Mode
or
-
Use the Netgraph network subsystem ( it is built into the PF kernel ).
To solve this problem, you will need the following modules :
ng_ether, ng_bridge, ng_ksocket .https://www.freebsd.org/cgi/man.cgi?netgraph(4)
[2.4.4-RELEASE][admin@pfSense.localdomain]/root: kldstat -v | grep ng_
547 ng_socket
532 ng_ether
531 ng_eiface
546 ng_rfc1490
545 ng_pred1
530 ng_echo
544 ng_pptpgre
543 ng_pppoe
529 ng_deflate
542 ng_ppp
522 ng_UI
541 ng_pipe
528 ng_cisco
527 ng_car
540 ng_one2many
539 ng_mppc
526 ng_bridge
538 ng_lmi
537 ng_l2tp
523 ng_async
536 ng_ksocket
525 ng_bpf
535 ng_iface
534 ng_hole
533 ng_framerelay
552 ng_vlan
551 ng_vjc
550 ng_tty
549 ng_tee
548 ng_tcpmss
- Configure an Openvpn tunnel between two PFSense (client + server ) in Tap Mode
-
@Konstanti Thanks for that, yeah currently I am using OpenVPN Tap with interface bridged as I mentioned in my post. However it is not stable. I tried Open VPN client on pfSense but ping can drop a lot so I tried OpenVPN client on Win2016 server and found that Windows client is better but still unstable.
That is the main reason why I started looking GIF tunnel option.
Since psSense to pfSense IPSec tunnel is very stable I think it is not bandwidth issue.Thanks for your advice.
Regards