Bridging Multiple VLANS with OpenVPN Tap
-
I am essentially trying to carry multiple VLANs over my OpenVPN using TAP
If I bridge 1 VLAN interface to the openvps1() interface, layer 2 communication works excellent: I can ping the SVI's on my switches from each end of the tunnel. However, whenever I try to bridge a second VLAN the communication fails.
Is this a limitation of OpenVPN or is there a different way I should be going about this?
-
could you just have 1 bridge to the lan interface and push routes for the other vlans? assuming they are different vlans
-
hi esink - My network requires me to carry multiple L2 VLANS between sites. Essentially an 802.1q trunk over an encrypted site-to-site L3 network. I am not sure if the solution you proposed would allow me to accomplish this but if there is a chance I will try it. I do not have the budget at this time for MPLS or equipment that will support L2TPv3 pseudo-wires.
-
I'm also wondering why you're not going with a routed solution here. I'd be interested to know what you're doing that requires you to extend a layer 2 broadcast domain across a VPN vs routing the traffic over the tunnel.
-
Why is everyone so interested in WHAT I need this for instead of proposing a solution? :o I suppose it is a legitimate concern as over WAN we are far more apt to choose L3 vs L2.
So I will humor us all. I have some small servers in an office were I have some space/processing power for a lab network allocated.
In the office, I have my dynamips server and at home I have all of my switches. I would like to carry the VLANS from my dynamips server over the WAN back to the breakout switch at home. (http://www.gns3.net/articles/ccie-routing-switching-lab/qinq-with-virtual-switch-option/)Also, INE's VOICE topology has the servers at SITE1 and needs 3 VLANS to terminate on a voice gateway. I have a voice gateway router (2811), but again it is at home.
More so I just like to do/know/implement all that is possible. You never know when a complex problem may require an unorthodox solution.
-
https://forum.openwrt.org/viewtopic.php?id=33678
Its not pfsense but it is seeming to sort of be what you want to know.