Messages

Don't extend layer 2 broadcast domains across wide area links. Simply don't.

https://blog.ipspace.net/2012/03/stretched-layer-2-subnets-server.html

Lots more of fantastic content at Ivan's site.

Thanks for the link, but I'm still going to try. Perf isn't my concern at the moment.

I have not. I'm just making sure the logic is semi-sound before I attempt it.

[On the OPNsense Side - SiteA]

Hello -

I'm trying to extend a VLAN across a WG tunnel. I'm looking for a reality check from someone as I've never done this before.

In SiteA, I have an OPNsense appliance with the VLAN that I want to extend and a WG tunnel established to SiteB (which just has a linux host as my WG client / termination point).

At a high level, what I think I need to do is:

On the OPNsense Side - SiteA

• Create a bridge interface and associate the VLAN I want to extend with it
• Create a VXLAN interface with a common-to-both-sides VNI (let's say 9) with a source of  my OPNsense WG interface and a remote of SiteB's WG interface
• Create interface assignments for the VXLAN and Bridge
• Associate the VXLAN to the Bridge

On the Linux Host / WG Client Side - Site B

• Create the VLAN, VXLAN (with the same VNI and "opposite" source / destination), and Bridge
• Associate the VLAN and VXLAN to the Bridge

Am I...missing something? If it helps, I'm trying to follow a generic blog article I found here - https://www.tallwireless.com/posts/2020/03/21/tunnels-tunnels-tunnels/.

Thanks for the help all...