Messages

1

Virtual private networks / Re: Extend VLAN across Wireguard

« on: October 21, 2021, 10:58:32 pm »

Don't extend layer 2 broadcast domains across wide area links. Simply don't.

https://blog.ipspace.net/2012/03/stretched-layer-2-subnets-server.html

Lots more of fantastic content at Ivan's site.

Thanks for the link, but I'm still going to try. Perf isn't my concern at the moment.

2

Virtual private networks / Re: Extend VLAN across Wireguard

« on: October 21, 2021, 08:53:22 pm »

I have not. I'm just making sure the logic is semi-sound before I attempt it.

3

Virtual private networks / Extend VLAN across Wireguard

« on: October 21, 2021, 01:53:38 pm »

Hello -

I'm trying to extend a VLAN across a WG tunnel. I'm looking for a reality check from someone as I've never done this before.

In SiteA, I have an OPNsense appliance with the VLAN that I want to extend and a WG tunnel established to SiteB (which just has a linux host as my WG client / termination point).

At a high level, what I think I need to do is:

On the OPNsense Side - SiteA

• Create a bridge interface and associate the VLAN I want to extend with it
• Create a VXLAN interface with a common-to-both-sides VNI (let's say 9) with a source of  my OPNsense WG interface and a remote of SiteB's WG interface
• Create interface assignments for the VXLAN and Bridge
• Associate the VXLAN to the Bridge

On the Linux Host / WG Client Side - Site B

• Create the VLAN, VXLAN (with the same VNI and "opposite" source / destination), and Bridge
• Associate the VLAN and VXLAN to the Bridge

Am I...missing something? If it helps, I'm trying to follow a generic blog article I found here - https://www.tallwireless.com/posts/2020/03/21/tunnels-tunnels-tunnels/.

Thanks for the help all...