Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ethernet over WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 5 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Hi Guys,

      I would like to know if it's possible to bridge two ethernet ports over WAN.

      LAN A –- WAN --(Internet)--WAN --- LAN B

      I would like to join (or Bridge?) LAN B to LAN A. Pass DHCP traffic, etc...

      Is this possible with PFSense and how could you do it?

      Thanks, Jits.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        You can do that with a VPN, but they will be 2 separate network subnets on each side with a route through the VPN (OpenVPN is the best for that IMHO).
        Don't really know of a WAN bridging software. That is usually done via hardware, with a point to point connection. Like a metro fibre connection or frame relay.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          OpenVPN can only do TUN type connections in pfSense which, as stated above, is a routed layer 3 connection. You need TAP which is layer 2. Perhaps investigate PPTP or L2TP.
          http://doc.pfsense.org/index.php/L2TP_VPN_Settings

          Steve

          1 Reply Last reply Reply Quote 0
          • J
            jits
            last edited by

            Hi,

            I thought this could be done with Pfsense, just off the top of my head, but after some thinking and a bit of reading, I don't think it's possible with Pfsense.

            If I have two locations and want to join both LAN segments as one over WAN, then from what I'm reading I would require a Virtual Private LAN Service running over a MPLS network that would allow me to bridge the two locations as one. In fact, the technical foundation of VPLS allows for Point to Point LAN bridging, Point to Multipoint LAN bridging, and Multipoint to Multipoint LAN bridging.

            I think Mircotik routers have this capability and from what I'm reading Vyatta is now completing the groundwork for implementing MPLS??

            Actually, now that I think about it, I did ask about MPLS on Pfsense a few months back. VPLS wasn't a consideration at that time though, but the problem I'm having is screaming for such a solution.

            In the end, though we may just have to bit the bullet and do the microwave bridging thingy, but just out of curiosity, anyone know what kind of bounty would be required for MPLS/VPLS in PFsense?

            Jits.

            1 Reply Last reply Reply Quote 0
            • J
              jits
              last edited by

              Just found a link to MPLS in FreeBSD. I imagine a lot of you would be interested in this.

              http://freebsd.mpls.in/

              1 Reply Last reply Reply Quote 0
              • B
                blackbrayn
                last edited by

                What you're searching for to do the job is layer 2 tunneling protocol , i know how to do this on cisco , using xconnect encapsulation l2tp.
                The wan "carrier" doesn't need to be mpls aware/configured as long as the encapsulation of the packets is done with l2tp and not mpls.
                Hope this helps.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  This should work with the tap fix pkg + OpenVPN in tap mode (get the VPN connected, then assign the VPN interface, then make a bridge from LAN+VPN on both sides)

                  Also works with IPsec in transport mode + GIF tunnel  + bridge w/GIF interface+LAN.

                  Though I'd never recommend actually doing that in production… you will have far more headaches trying to maintain a common layer 2 in two locations than you'd expect (and not because of pfSense... it's just a bad idea in general)

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.