Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Peer to peer L2 OpenVPN - is it possible?

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    3
    404
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bencfreeman
      last edited by bencfreeman

      Is it possible to set up a peer to peer L2 VPN between two pfSense boxes with OpenVPN? I'm talking about peer to peer, NOT remote access. I need to bridge 2 entire networks together (both locations using the same IP subnet), and nothing I've tried with peer to peer works. The bridge related settings in the "Tunnel" section are grayed out or are otherwise unconfigurable when you change from tun to tap. Everything I've read says to mess with these settings but they're grayed out and when I put the mouse cursor over the checkbox for Bridge DHCP it changes the mouse cursor to a red circle with a line through it just like a no smoking sign.

      I've tried creating the bridge manually and adding interfaces, and at one point I thought I was onto something because it let me create a bridge with the LAN interface and some kind of pseudo-ovpn interface, but in the end DHCP just stopped working altogether and I couldn't pass traffic even using static IPs on the client devices on both ends.

      There are many people out there attempting this, but nobody has actually made it work as far as I can tell. The suggested fix is always "oh just go L3, you don't need L2 that's just a bad idea..." Whether I should go with L2 or L3 is not my question here. If L2 is a bad idea, the tap option needs to be removed from that page. I need DHCP and broadcast traffic to traverse the tunnel, so L2 (tap) is what I'm after.

      I need to know if the settings being grayed out is a bug, or maybe those settings are being displayed on the web interface by mistake when configuring in peer to peer mode. How do I build an L2 VPN between two pfSense boxes running OpenVPN?

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @bencfreeman
        last edited by

        @bencfreeman

        You have to use TAP mode. However, I have no experience with that.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • B
          bencfreeman
          last edited by

          I'm guessing that there are limitations or bugs when trying to use a TAP interface in a peer to peer setup. Or maybe you have to add in some custom settings to make it work. Either way, I had to go with layer 3 TUN mode and use a dedicated PC client to relay DHCP and bridge the layer 2 traffic via a 2nd VPN connection using remote access. This method doesn't scale well and is a bit over complicated, but it does what I need for now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post