Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic L2TP(v3) pseudowire ?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 2 Posters 776 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tlum
      last edited by

      Is there a way to create an L2TP pseudowire and bind it to a subset of VLANs?

      I need to create a VLAN Trunk over IP. I DO NOT need or want any kind of additional complexity like encrypted VPN, etc., as this traffic will never leave the local network(s). It's to be used to present a tagged VLAN trunk to a KVM host across an 802.11 link. Because the underlay is itself a VLAN I need to be sure I don't include the underlay VLAN in the overlay.

      I'm open to other protocols; i.e. VXLAN, GENEVE, but these are far more complex to implement given they're designed for far more complex fabrics, and seem less well supported by my current hardware platforms.

      -TIA

      JKnottJ T 2 Replies Last reply Reply Quote 0
      • JKnottJ
        JKnott @tlum
        last edited by

        @tlum

        Does OpenVPN TAP mode support VLANs? Also, assuming the two ends are not in the same subnets, just route the individual VLANs and put them back at the other end.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        T 1 Reply Last reply Reply Quote 0
        • T
          tlum @JKnott
          last edited by

          @jknott

          @jknott said in Basic L2TP(v3) pseudowire ?:

          just route the individual VLANs and put them back at the other end.

          I need to maintain the distinct broadcast domains. The VLANs will carry DHCP, BOOTP, etc.

          @jknott said in Basic L2TP(v3) pseudowire ?:

          Does OpenVPN TAP mode support VLANs?

          ...and that differs from L2TP over IPSEC, how exactly?

          L2TP pseudowire are native to the Linux kernel; they are defined, configured, and bridged just as easily and consistently as a VLAN trunk. No packages to add, no 3rd party drivers in the network stack, and no control protocol overhead either to establish or in operation. VXLAN is also native, but overkill at the very least.

          I believe that netgraph is the FreeBSD native way to go about it, however, that's probably incompatible with whatever L2TP VPN daemon pfSense uses?

          1 Reply Last reply Reply Quote 0
          • T
            tlum @tlum
            last edited by

            I ended up just plugging a Raspberry PI into a port on the N3K-C3172 TOR, and configured the network stack to implement the L2TP pseudowire, so it ends up being the same number of hops, but it would have been nice to implement it either in the switch or the firewall and not have to live with a single function appendage... but that's life in technology.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.