Ethernet over WAN

  • Hi Guys,

    I would like to know if it's possible to bridge two ethernet ports over WAN.

    LAN A –- WAN --(Internet)--WAN --- LAN B

    I would like to join (or Bridge?) LAN B to LAN A. Pass DHCP traffic, etc...

    Is this possible with PFSense and how could you do it?

    Thanks, Jits.

  • You can do that with a VPN, but they will be 2 separate network subnets on each side with a route through the VPN (OpenVPN is the best for that IMHO).
    Don't really know of a WAN bridging software. That is usually done via hardware, with a point to point connection. Like a metro fibre connection or frame relay.

  • Netgate Administrator

    OpenVPN can only do TUN type connections in pfSense which, as stated above, is a routed layer 3 connection. You need TAP which is layer 2. Perhaps investigate PPTP or L2TP.


  • Hi,

    I thought this could be done with Pfsense, just off the top of my head, but after some thinking and a bit of reading, I don't think it's possible with Pfsense.

    If I have two locations and want to join both LAN segments as one over WAN, then from what I'm reading I would require a Virtual Private LAN Service running over a MPLS network that would allow me to bridge the two locations as one. In fact, the technical foundation of VPLS allows for Point to Point LAN bridging, Point to Multipoint LAN bridging, and Multipoint to Multipoint LAN bridging.

    I think Mircotik routers have this capability and from what I'm reading Vyatta is now completing the groundwork for implementing MPLS??

    Actually, now that I think about it, I did ask about MPLS on Pfsense a few months back. VPLS wasn't a consideration at that time though, but the problem I'm having is screaming for such a solution.

    In the end, though we may just have to bit the bullet and do the microwave bridging thingy, but just out of curiosity, anyone know what kind of bounty would be required for MPLS/VPLS in PFsense?


  • Just found a link to MPLS in FreeBSD. I imagine a lot of you would be interested in this.

  • What you're searching for to do the job is layer 2 tunneling protocol , i know how to do this on cisco , using xconnect encapsulation l2tp.
    The wan "carrier" doesn't need to be mpls aware/configured as long as the encapsulation of the packets is done with l2tp and not mpls.
    Hope this helps.

  • Rebel Alliance Developer Netgate

    This should work with the tap fix pkg + OpenVPN in tap mode (get the VPN connected, then assign the VPN interface, then make a bridge from LAN+VPN on both sides)

    Also works with IPsec in transport mode + GIF tunnel  + bridge w/GIF interface+LAN.

    Though I'd never recommend actually doing that in production… you will have far more headaches trying to maintain a common layer 2 in two locations than you'd expect (and not because of pfSense... it's just a bad idea in general)

Log in to reply