Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridging Multiple VLANS with OpenVPN Tap

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 12.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xtropx
      last edited by

      I am essentially trying to carry multiple VLANs over my OpenVPN using TAP

      If I bridge 1 VLAN interface to the openvps1() interface, layer 2 communication works excellent: I can ping the SVI's on my switches from each end of the tunnel. However, whenever I try to bridge a second VLAN the communication fails.

      Is this a limitation of OpenVPN or is there a different way I should be going about this?

      Regards,

      xtropx

      1 Reply Last reply Reply Quote 0
      • E
        esink
        last edited by

        could you just have 1 bridge to the lan interface and push routes for the other vlans? assuming they are different vlans

        1 Reply Last reply Reply Quote 0
        • X
          xtropx
          last edited by

          hi esink - My network requires me to carry multiple L2 VLANS between sites. Essentially an 802.1q trunk over an encrypted site-to-site L3 network. I am not sure if the solution you proposed would allow me to accomplish this but if there is a chance I will try it. I do not have the budget at this time for MPLS or equipment that will support L2TPv3 pseudo-wires.

          Regards,

          xtropx

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            I'm also wondering why you're not going with a routed solution here.  I'd be interested to know what you're doing that requires you to extend a layer 2 broadcast domain across a VPN vs routing the traffic over the tunnel.

            1 Reply Last reply Reply Quote 0
            • X
              xtropx
              last edited by

              Why is everyone so interested in WHAT I need this for instead of proposing a solution?  :o I suppose it is a legitimate concern as over WAN we are far more apt to choose L3 vs L2.

              So I will humor us all. I have some small servers in an office were I have some space/processing power for a lab network allocated.
              In the office, I have my dynamips server and at home I have all of my switches. I would like to carry the VLANS from my dynamips server over the WAN back to the breakout switch at home. (http://www.gns3.net/articles/ccie-routing-switching-lab/qinq-with-virtual-switch-option/)

              Also, INE's VOICE topology has the servers at SITE1 and needs 3 VLANS to terminate on a voice gateway. I have a voice gateway router (2811), but again it is at home.

              More so I just like to do/know/implement all that is possible. You never know when a complex problem may require an unorthodox solution.

              Regards,

              xtropx

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                https://forum.openwrt.org/viewtopic.php?id=33678

                Its not pfsense but it is seeming to sort of be what you want to know.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.